Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade axios from 0.27.2 to 1.6.0 #291

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+16 −10

fix: package.json & yarn.lock to reduce vulnerabilities

2dca10e
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade axios from 0.27.2 to 1.6.0 #291

fix: package.json & yarn.lock to reduce vulnerabilities
2dca10e
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Oct 27, 2023 in 8m 1s

Security Report

2 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-34104

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> client-appsync-3.288.0.tgz (Root Library)

   -> client-sts-3.288.0.tgz

     -> ❌ fast-xml-parser-4.1.2.tgz (Vulnerable Library)

High 7.5 fast-xml-parser-4.1.2.tgz Upgrade to version: fast-xml-parser - 4.2.4 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jsonwebtoken-9.0.0.tgz (Root Library)

   -> ❌ semver-7.3.8.tgz (Vulnerable Library)

High 7.5 semver-7.3.8.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None

Base branch total remaining vulnerabilities: 0
Base branch commit: c0515229e7784f07e4918c02da07626b06542e7a


Total libraries scanned: 115

Scan token: 11e335391e6a46a28cd26d0e3ee16c5c

View more details on Mend Bolt for GitHub