[Snyk] Security upgrade serialize-javascript from 1.9.1 to 2.1.1 #28
Mend Bolt for GitHub / WhiteSource Security Check
failed
Nov 15, 2023 in 5m 38s
Security Report
You have successfully remediated 159 vulnerabilities, but introduced 1 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2020-7660Path to dependency file: /packages/vue-server-renderer/package.json Path to vulnerable library: /packages/vue-server-renderer/node_modules/serialize-javascript/package.json Dependency Hierarchy: -> ❌ serialize-javascript-2.1.2.tgz (Vulnerable Library) |
High | 8.1 | serialize-javascript-2.1.2.tgz | Upgrade to version: serialize-javascript - 3.1.0 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2017-20165 | debug-2.2.0.tgz |
CVE-2020-7660 | serialize-javascript-1.4.0.tgz |
CVE-2020-8203 | lodash-4.16.2.tgz |
CVE-2020-7608 | yargs-parser-7.0.0.tgz |
CVE-2021-23358 | underscore-1.7.0.tgz |
CVE-2018-3721 | lodash-3.10.1.tgz |
CVE-2023-28155 | request-2.83.0.tgz |
CVE-2020-28500 | lodash-4.17.2.tgz |
CVE-2020-15366 | ajv-4.11.8.tgz |
CVE-2021-33623 | trim-newlines-2.0.0.tgz |
CVE-2019-10744 | lodash-4.16.2.tgz |
CVE-2017-20162 | ms-0.7.1.tgz |
CVE-2020-15366 | ajv-6.2.1.tgz |
CVE-2019-10775 | ecstatic-3.2.0.tgz |
WS-2017-3757 | content-type-parser-1.0.2.tgz |
CVE-2021-23495 | karma-2.0.0.tgz |
CVE-2018-21270 | stringstream-0.0.5.tgz |
CVE-2019-1010266 | lodash-4.16.2.tgz |
CVE-2020-8244 | bl-1.2.1.tgz |
WS-2020-0450 | handlebars-4.0.11.tgz |
CVE-2022-0654 | requestretry-1.13.0.tgz |
WS-2019-0427 | elliptic-6.4.0.tgz |
CVE-2019-10744 | lodash.template-4.4.0.tgz |
CVE-2018-16487 | lodash-4.17.5.tgz |
CVE-2022-37601 | loader-utils-1.1.0.tgz |
CVE-2019-19919 | handlebars-4.0.11.tgz |
CVE-2020-7788 | ini-1.3.5.tgz |
CVE-2021-3749 | axios-0.15.3.tgz |
CVE-2023-28155 | request-2.79.0.tgz |
CVE-2018-3721 | lodash-4.17.2.tgz |
CVE-2022-24999 | qs-6.5.1.tgz |
CVE-2020-28481 | socket.io-2.0.4.tgz |
WS-2017-3772 | underscore.string-3.3.4.tgz |
CVE-2021-43138 | async-2.1.5.tgz |
CVE-2021-23518 | cached-path-relative-1.0.1.tgz |
CVE-2020-13822 | elliptic-6.4.0.tgz |
WS-2019-0064 | handlebars-4.0.11.tgz |
CVE-2019-10746 | mixin-deep-1.3.1.tgz |
CVE-2023-26156 | chromedriver-2.36.0.tgz |
CVE-2021-37713 | tar-2.2.1.tgz |
WS-2020-0042 | acorn-5.5.1.tgz |
CVE-2023-28155 | request-2.75.0.tgz |
CVE-2019-16769 | serialize-javascript-1.4.0.tgz |
CVE-2018-1002204 | adm-zip-0.4.7.tgz |
CVE-2018-3739 | https-proxy-agent-1.0.0.tgz |
CVE-2019-10747 | set-value-2.0.0.tgz |
CVE-2020-28498 | elliptic-6.4.0.tgz |
WS-2019-0424 | elliptic-6.4.0.tgz |
CVE-2020-28500 | lodash-3.10.1.tgz |
CVE-2022-24999 | qs-6.2.3.tgz |
CVE-2018-1000620 | cryptiles-2.0.5.tgz |
CVE-2022-21704 | log4js-2.5.3.tgz |
CVE-2021-23337 | lodash-4.17.2.tgz |
CVE-2019-13173 | fstream-1.0.11.tgz |
CVE-2021-29469 | redis-2.8.0.tgz |
CVE-2022-29167 | hawk-6.0.2.tgz |
CVE-2021-43138 | async-2.0.1.tgz |
CVE-2020-8203 | lodash-4.17.5.tgz |
CVE-2019-20920 | handlebars-4.0.11.tgz |
CVE-2018-20834 | tar-2.2.1.tgz |
CVE-2018-16492 | extend-3.0.1.tgz |
WS-2019-0310 | https-proxy-agent-1.0.0.tgz |
CVE-2020-28499 | merge-1.2.0.tgz |
CVE-2020-28469 | glob-parent-2.0.0.tgz |
CVE-2022-3517 | minimatch-3.0.3.tgz |
CVE-2020-28168 | axios-0.15.3.tgz |
CVE-2021-32804 | tar-2.2.1.tgz |
CVE-2021-23383 | handlebars-4.0.11.tgz |
CVE-2022-29167 | hawk-3.1.3.tgz |
CVE-2021-23369 | handlebars-4.0.11.tgz |
CVE-2022-24999 | qs-2.3.3.tgz |
CVE-2022-0155 | follow-redirects-1.0.0.tgz |
CVE-2021-37712 | tar-2.2.1.tgz |
WS-2018-0589 | nwmatcher-1.4.3.tgz |
WS-2019-0063 | js-yaml-3.11.0.tgz |
CVE-2019-10744 | lodash-4.17.2.tgz |
CVE-2021-23337 | lodash-4.16.2.tgz |
CVE-2019-20922 | handlebars-4.0.11.tgz |
CVE-2019-10744 | lodash-3.10.1.tgz |
CVE-2019-10742 | axios-0.15.3.tgz |
CVE-2018-3721 | lodash-4.16.2.tgz |
CVE-2022-0144 | shelljs-0.7.6.tgz |
CVE-2017-16115 | timespan-2.3.0.tgz |
CVE-2019-1010266 | lodash-3.10.1.tgz |
CVE-2018-16472 | cached-path-relative-1.0.1.tgz |
CVE-2022-0437 | karma-2.0.0.tgz |
WS-2018-0590 | diff-1.4.0.tgz |
CVE-2018-3750 | deep-extend-0.4.2.tgz |
CVE-2021-23400 | nodemailer-2.7.2.tgz |
CVE-2023-45857 | axios-0.15.3.tgz |
CVE-2022-41940 | engine.io-3.1.5.tgz |
CVE-2020-7598 | minimist-1.2.0.tgz |
CVE-2018-3745 | atob-2.0.3.tgz |
CVE-2017-16137 | debug-2.2.0.tgz |
WS-2018-0076 | tunnel-agent-0.4.3.tgz |
CVE-2022-46175 | json5-0.5.1.tgz |
WS-2019-0181 | lodash.defaultsdeep-4.3.2.tgz |
CVE-2021-23337 | lodash-3.10.1.tgz |
CVE-2021-32803 | tar-2.2.1.tgz |
CVE-2018-16487 | lodash-4.17.2.tgz |
WS-2019-0066 | ecstatic-3.2.0.tgz |
CVE-2019-10747 | set-value-0.4.3.tgz |
CVE-2021-23337 | lodash-4.17.5.tgz |
CVE-2019-10744 | lodash-4.17.5.tgz |
CVE-2021-42740 | shell-quote-1.6.1.tgz |
CVE-2019-1010266 | lodash-4.17.5.tgz |
CVE-2022-38900 | decode-uri-component-0.2.0.tgz |
CVE-2022-0144 | shelljs-0.8.1.tgz |
CVE-2020-7769 | nodemailer-2.7.2.tgz |
CVE-2023-28155 | request-2.81.0.tgz |
CVE-2020-28502 | xmlhttprequest-ssl-1.5.5.tgz |
WS-2019-0032 | js-yaml-3.11.0.tgz |
CVE-2019-10196 | http-proxy-agent-1.0.0.tgz |
CVE-2021-23440 | set-value-0.4.3.tgz |
CVE-2021-43138 | async-2.6.0.tgz |
WS-2021-0153 | ejs-2.5.7.tgz |
CVE-2020-28500 | lodash-4.16.2.tgz |
WS-2020-0443 | socket.io-2.0.4.tgz |
CVE-2021-23362 | hosted-git-info-2.5.0.tgz |
CVE-2020-7598 | minimist-0.0.8.tgz |
CVE-2017-16042 | growl-1.9.2.tgz |
CVE-2020-8244 | bl-1.1.2.tgz |
CVE-2019-1010266 | lodash-4.17.2.tgz |
CVE-2021-23440 | set-value-2.0.0.tgz |
CVE-2021-25949 | set-getter-0.1.0.tgz |
CVE-2021-31597 | xmlhttprequest-ssl-1.5.5.tgz |
CVE-2020-8116 | dot-prop-3.0.0.tgz |
CVE-2020-28469 | glob-parent-3.1.0.tgz |
CVE-2020-7774 | y18n-3.2.1.tgz |
CVE-2020-36049 | socket.io-parser-3.1.3.tgz |
CVE-2020-36048 | engine.io-3.1.5.tgz |
WS-2019-0307 | mem-1.1.0.tgz |
CVE-2018-16469 | merge-1.2.0.tgz |
CVE-2022-0536 | follow-redirects-1.0.0.tgz |
CVE-2021-3807 | ansi-regex-3.0.0.tgz |
WS-2019-0180 | lodash.mergewith-4.6.1.tgz |
CVE-2021-23343 | path-parse-1.0.5.tgz |
CVE-2019-10744 | lodash.defaultsdeep-4.3.2.tgz |
WS-2019-0103 | handlebars-4.0.11.tgz |
CVE-2020-15366 | ajv-5.5.2.tgz |
CVE-2018-16487 | lodash-3.10.1.tgz |
CVE-2017-1000048 | qs-2.3.3.tgz |
CVE-2020-28500 | lodash-4.17.5.tgz |
CVE-2020-8203 | lodash-4.17.2.tgz |
WS-2018-0650 | useragent-2.3.0.tgz |
WS-2020-0091 | http-proxy-1.16.2.tgz |
WS-2018-0103 | stringstream-0.0.5.tgz |
CVE-2020-8203 | lodash-3.10.1.tgz |
CVE-2018-3728 | hoek-2.16.3.tgz |
CVE-2018-3745 | atob-1.1.3.tgz |
CVE-2019-20149 | kind-of-6.0.2.tgz |
CVE-2019-10744 | lodash.mergewith-4.6.1.tgz |
CVE-2021-37701 | tar-2.2.1.tgz |
CVE-2018-16487 | lodash-4.16.2.tgz |
CVE-2022-24999 | qs-6.4.0.tgz |
CVE-2022-37603 | loader-utils-1.1.0.tgz |
CVE-2022-3517 | minimatch-3.0.4.tgz |
CVE-2021-23425 | trim-off-newlines-1.0.1.tgz |
CVE-2022-29078 | ejs-2.5.7.tgz |
Base branch total remaining vulnerabilities: 160
Base branch commit: null
Total libraries scanned: 40
Scan token: f32df3fb62e645c592522b8a8648c431
Loading