chore(deps): update mend: high confidence minor and patch dependency updates #19
Security Report
You have successfully remediated 1 vulnerabilities, but introduced 1 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue | Reachability |
---|---|---|---|---|---|---|
CVE-2024-28122Path to dependency file: /tests/components/application-connector/go.mod Path to vulnerable library: /go/pkg/mod/cache/download/github.com/lestrrat-go/jwx/@v/v1.2.28.mod Dependency Hierarchy: -> github.com/kyma-incubator/compass/components/director-v0.0.0-20240311095305-43ec866d6b0c (Root Library) -> github.com/kyma-incubator/compass/components/hydrator-v0.0.0-20240228074947-02a81b1e3bf8 -> ❌ github.com/Lestrrat-go/jwx-v1.2.28 (Vulnerable Library) |
Medium | 6.8 | github.com/Lestrrat-go/jwx-v1.2.28 | Upgrade to version: lestrrat-go/jwx-v1.2.29,v2.0.21 | #113 |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2024-24786 | google.golang.org/protobuf-v1.28.1 |
Base branch total remaining vulnerabilities: 7
Base branch commit: 4d90437f8c56049480ff7bd0813a8cb04282979b
Total libraries scanned: 150
Scan token: ab8a47437dd94a2d90dd8491db975d13