Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency grunt-contrib-compress to v2 (develop) #866

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Update dependency grunt-contrib-compress to v2

6e244f6
Select commit
Loading
Failed to load commit list.
Open

Update dependency grunt-contrib-compress to v2 (develop) #866

Update dependency grunt-contrib-compress to v2
6e244f6
Select commit
Loading
Failed to load commit list.
Mend for github.com / WhiteSource Security Check failed Apr 30, 2024 in 25m 26s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

general

https://vonagecc.jfrog.io/artifactory

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

https://vonagecc.jfrog.io/artifactory/maven

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

The Security Check found 49 vulnerabilities.

CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue Reachability
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/tough-cookie/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> request-2.88.2.tgz

     -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.1% tough-cookie-2.5.0.tgz Upgrade to version: tough-cookie - 4.1.3 #794

Reachable
CVE-2021-3918

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/json-schema/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> request-2.88.2.tgz

     -> http-signature-1.2.0.tgz

       -> jsprim-1.4.1.tgz

         -> ❌ json-schema-0.2.3.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.4% json-schema-0.2.3.tgz Upgrade to version: json-schema - 0.4.0 #794

Reachable
CVE-2022-23539

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

High 8.1 Not Defined 0.1% jsonwebtoken-8.5.1.tgz Upgrade to version: jsonwebtoken - 9.0.0 #794

Reachable
CVE-2022-23540

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

High 7.6 Not Defined 0.1% jsonwebtoken-8.5.1.tgz Upgrade to version: jsonwebtoken - 9.0.0 #794

Reachable
CVE-2022-3517

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimatch/package.json

Dependency Hierarchy:

-> grunt-1.3.0.tgz (Root Library)

   -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% minimatch-3.0.4.tgz Upgrade to version: minimatch - 3.0.5 #788

Reachable
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/semver/package.json

Dependency Hierarchy:

-> grunt-html-build-0.7.1.tgz (Root Library)

   -> js-beautify-1.13.0.tgz

     -> editorconfig-0.15.3.tgz

       -> ❌ semver-5.7.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.1% semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 #795

Reachable
CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/qs/package.json

Dependency Hierarchy:

-> ❌ qs-6.9.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.9% qs-6.9.4.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #829

Reachable
CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/body-parser/node_modules/qs/package.json,/node_modules/express/node_modules/qs/package.json

Dependency Hierarchy:

-> express-4.17.1.tgz (Root Library)

   -> ❌ qs-6.7.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.9% qs-6.7.0.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #828

Reachable
CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/node_modules/qs/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> request-2.88.2.tgz

     -> ❌ qs-6.5.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.9% qs-6.5.2.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #794

Reachable
CVE-2022-24772

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #787

Reachable
CVE-2022-24771

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #787

Reachable
CVE-2022-24434

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/dicer/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> multer-1.4.2.tgz

     -> busboy-0.2.14.tgz

       -> ❌ dicer-0.2.5.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% dicer-0.2.5.tgz #786

Reachable
WS-2018-0590

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/diff/package.json

Dependency Hierarchy:

-> grunt-autoprefixer-3.0.4.tgz (Root Library)

   -> ❌ diff-1.3.2.tgz (Vulnerable Library)

High 7.1 Not Defined diff-1.3.2.tgz Upgrade to version: 3.5.0 #789

Reachable
WS-2022-0008

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 6.6 Not Defined node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.0.0 #787

Reachable
CVE-2024-28849

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.0% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - 1.15.6 #786

Reachable
CVE-2022-0155

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.1% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - v1.14.7 #786

Reachable
CVE-2022-23541

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

Medium 6.3 Not Defined 0.1% jsonwebtoken-8.5.1.tgz Upgrade to version: jsonwebtoken - 9.0.0 #794

Reachable
CVE-2024-29041

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.17.1.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.0% express-4.17.1.tgz Upgrade to version: express - 4.19.0 #828

Reachable
CVE-2023-28155

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ request-2.88.2.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% request-2.88.2.tgz Upgrade to version: @cypress/request - 3.0.0 #794

Reachable
CVE-2023-26159

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - 1.15.4 #786

Reachable
CVE-2022-0235

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-fetch/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gaxios-4.0.1.tgz

     -> ❌ node-fetch-2.6.1.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.4% node-fetch-2.6.1.tgz Upgrade to version: node-fetch - 2.6.7,3.1.1 #787

Reachable
CVE-2022-0122

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.0.0 #787

Reachable
CVE-2022-0536

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 5.9 Not Defined 0.1% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - 1.14.8 #786

Reachable
CVE-2023-0842

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/xml2js/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ xml2js-0.4.23.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% xml2js-0.4.23.tgz Upgrade to version: xml2js - 0.5.0 #786

Reachable
CVE-2022-24773

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #787

Reachable
WS-2021-0153

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ejs/package.json

Dependency Hierarchy:

-> ❌ ejs-3.1.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined ejs-3.1.5.tgz Upgrade to version: ejs - 3.1.6 #797

Unreachable
CVE-2022-37602

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-karma/package.json

Dependency Hierarchy:

-> ❌ grunt-karma-4.0.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.2% grunt-karma-4.0.0.tgz #817

Unreachable
CVE-2022-29078

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ejs/package.json

Dependency Hierarchy:

-> ❌ ejs-3.1.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined 42.5% ejs-3.1.5.tgz Upgrade to version: ejs - v3.1.7 #797

Unreachable
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimist/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> multer-1.4.2.tgz

     -> mkdirp-0.5.5.tgz

       -> ❌ minimist-1.2.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined 1.2% minimist-1.2.5.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #786

Unreachable
CVE-2020-28282

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/getobject/package.json

Dependency Hierarchy:

-> grunt-1.3.0.tgz (Root Library)

   -> grunt-legacy-util-2.0.0.tgz

     -> ❌ getobject-0.1.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.70000005% getobject-0.1.0.tgz Upgrade to version: getobject - 1.0.0 #788

Unreachable
CVE-2019-10744

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Critical 9.1 Not Defined 1.5% lodash-0.10.0.tgz Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 #796

Unreachable
CVE-2021-43138

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-contrib-connect/node_modules/async/package.json

Dependency Hierarchy:

-> grunt-contrib-connect-3.0.0.tgz (Root Library)

   -> ❌ async-3.2.0.tgz (Vulnerable Library)

High 7.8 Not Defined 0.1% async-3.2.0.tgz Upgrade to version: async - 2.6.4,3.2.2 #799

Unreachable
CVE-2021-43138

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/package.json,/node_modules/grunt-contrib-less/node_modules/async/package.json,/node_modules/grunt-contrib-watch/node_modules/async/package.json,/node_modules/grunt-contrib-clean/node_modules/async/package.json,/node_modules/geoip-lite/node_modules/async/package.json,/node_modules/portscanner/node_modules/async/package.json

Dependency Hierarchy:

-> geoip-lite-1.4.2.tgz (Root Library)

   -> ❌ async-2.6.3.tgz (Vulnerable Library)

High 7.8 Not Defined 0.1% async-2.6.3.tgz Upgrade to version: async - 2.6.4,3.2.2 #812

Unreachable
CVE-2022-38900

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/decode-uri-component/package.json

Dependency Hierarchy:

-> grunt-cli-1.3.2.tgz (Root Library)

   -> liftoff-2.5.0.tgz

     -> findup-sync-2.0.0.tgz

       -> micromatch-3.1.10.tgz

         -> snapdragon-0.8.2.tgz

           -> source-map-resolve-0.5.3.tgz

             -> ❌ decode-uri-component-0.2.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% decode-uri-component-0.2.0.tgz Upgrade to version: decode-uri-component - 0.2.1 #798

Unreachable
CVE-2022-25858

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/terser/package.json

Dependency Hierarchy:

-> grunt-terser-1.0.0.tgz (Root Library)

   -> ❌ terser-4.8.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% terser-4.8.0.tgz Upgrade to version: terser - 4.8.1,5.14.2 #813

Unreachable
CVE-2021-23382

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/postcss/package.json

Dependency Hierarchy:

-> grunt-autoprefixer-3.0.4.tgz (Root Library)

   -> ❌ postcss-4.1.16.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% postcss-4.1.16.tgz Upgrade to version: postcss - 8.2.13 #789

Unreachable
CVE-2017-20165

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-rest-client/node_modules/debug/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ debug-2.2.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.6% debug-2.2.0.tgz Upgrade to version: debug - 2.6.9,3.1.0 #786

Unreachable
CVE-2020-8203

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

High 7.4 Not Defined 1.0% lodash-0.10.0.tgz Upgrade to version: lodash - 4.17.19 #796

Unreachable
CVE-2021-23337

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> async-2.6.3.tgz

     -> ❌ lodash-4.17.20.tgz (Vulnerable Library)

High 7.2 Not Defined 0.6% lodash-4.17.20.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 #796

Unreachable
CVE-2021-23337

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

High 7.2 Not Defined 0.6% lodash-0.10.0.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 #796

Unreachable
CVE-2022-1537

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt/package.json

Dependency Hierarchy:

-> ❌ grunt-1.3.0.tgz (Vulnerable Library)

High 7.0 Not Defined 0.0% grunt-1.3.0.tgz Upgrade to version: grunt - v1.5.3 #788

Unreachable
CVE-2019-1010266

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.3% lodash-0.10.0.tgz Upgrade to version: lodash-4.17.11 #796

Unreachable
CVE-2018-3721

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.1% lodash-0.10.0.tgz Upgrade to version: lodash 4.17.5 #796

Unreachable
CVE-2018-16487

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.1% lodash-0.10.0.tgz Upgrade to version: lodash 4.17.11 #796

Unreachable
CVE-2022-0436

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt/package.json

Dependency Hierarchy:

-> ❌ grunt-1.3.0.tgz (Vulnerable Library)

Medium 5.5 Not Defined 0.0% grunt-1.3.0.tgz Upgrade to version: grunt - 1.5.1 #788

Unreachable
CVE-2017-20162

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-rest-client/node_modules/ms/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> debug-2.2.0.tgz

       -> ❌ ms-0.7.1.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% ms-0.7.1.tgz Upgrade to version: ms - 2.0.0 #786

Unreachable
CVE-2017-16137

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-rest-client/node_modules/debug/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ debug-2.2.0.tgz (Vulnerable Library)

Low 3.7 Not Defined 0.3% debug-2.2.0.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 #786

Unreachable
CVE-2020-28500

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.2% lodash-0.10.0.tgz Upgrade to version: lodash - 4.17.21 #796
CVE-2020-28500

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> async-2.6.3.tgz

     -> ❌ lodash-4.17.20.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.2% lodash-4.17.20.tgz Upgrade to version: lodash - 4.17.21 #796

Total libraries scanned: 562
Scan token: 3008dcdda4564278b4fbd1dcc13b4754
View more details on Mend for github.com