[Snyk] Security upgrade axios from 0.27.2 to 1.6.0 #291
+16
−10
Mend Bolt for GitHub / WhiteSource Security Check
failed
Oct 27, 2023 in 8m 1s
Security Report
2 new vulnerabilities were introduced in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2023-34104Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> client-appsync-3.288.0.tgz (Root Library) -> client-sts-3.288.0.tgz -> ❌ fast-xml-parser-4.1.2.tgz (Vulnerable Library) |
High | 7.5 | fast-xml-parser-4.1.2.tgz | Upgrade to version: fast-xml-parser - 4.2.4 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> jsonwebtoken-9.0.0.tgz (Root Library) -> ❌ semver-7.3.8.tgz (Vulnerable Library) |
High | 7.5 | semver-7.3.8.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
Base branch total remaining vulnerabilities: 0
Base branch commit: c0515229e7784f07e4918c02da07626b06542e7a
Total libraries scanned: 115
Scan token: 11e335391e6a46a28cd26d0e3ee16c5c
Loading