Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade serialize-javascript from 1.9.1 to 2.1.1 #28

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from

fix: packages/vue-server-renderer/package.json to reduce vulnerabilities

2a3d30b
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade serialize-javascript from 1.9.1 to 2.1.1 #28

fix: packages/vue-server-renderer/package.json to reduce vulnerabilities
2a3d30b
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Nov 15, 2023 in 5m 38s

Security Report

You have successfully remediated 159 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2020-7660

Path to dependency file: /packages/vue-server-renderer/package.json

Path to vulnerable library: /packages/vue-server-renderer/node_modules/serialize-javascript/package.json

Dependency Hierarchy:

-> ❌ serialize-javascript-2.1.2.tgz (Vulnerable Library)

High 8.1 serialize-javascript-2.1.2.tgz Upgrade to version: serialize-javascript - 3.1.0 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2017-20165 debug-2.2.0.tgz
CVE-2020-7660 serialize-javascript-1.4.0.tgz
CVE-2020-8203 lodash-4.16.2.tgz
CVE-2020-7608 yargs-parser-7.0.0.tgz
CVE-2021-23358 underscore-1.7.0.tgz
CVE-2018-3721 lodash-3.10.1.tgz
CVE-2023-28155 request-2.83.0.tgz
CVE-2020-28500 lodash-4.17.2.tgz
CVE-2020-15366 ajv-4.11.8.tgz
CVE-2021-33623 trim-newlines-2.0.0.tgz
CVE-2019-10744 lodash-4.16.2.tgz
CVE-2017-20162 ms-0.7.1.tgz
CVE-2020-15366 ajv-6.2.1.tgz
CVE-2019-10775 ecstatic-3.2.0.tgz
WS-2017-3757 content-type-parser-1.0.2.tgz
CVE-2021-23495 karma-2.0.0.tgz
CVE-2018-21270 stringstream-0.0.5.tgz
CVE-2019-1010266 lodash-4.16.2.tgz
CVE-2020-8244 bl-1.2.1.tgz
WS-2020-0450 handlebars-4.0.11.tgz
CVE-2022-0654 requestretry-1.13.0.tgz
WS-2019-0427 elliptic-6.4.0.tgz
CVE-2019-10744 lodash.template-4.4.0.tgz
CVE-2018-16487 lodash-4.17.5.tgz
CVE-2022-37601 loader-utils-1.1.0.tgz
CVE-2019-19919 handlebars-4.0.11.tgz
CVE-2020-7788 ini-1.3.5.tgz
CVE-2021-3749 axios-0.15.3.tgz
CVE-2023-28155 request-2.79.0.tgz
CVE-2018-3721 lodash-4.17.2.tgz
CVE-2022-24999 qs-6.5.1.tgz
CVE-2020-28481 socket.io-2.0.4.tgz
WS-2017-3772 underscore.string-3.3.4.tgz
CVE-2021-43138 async-2.1.5.tgz
CVE-2021-23518 cached-path-relative-1.0.1.tgz
CVE-2020-13822 elliptic-6.4.0.tgz
WS-2019-0064 handlebars-4.0.11.tgz
CVE-2019-10746 mixin-deep-1.3.1.tgz
CVE-2023-26156 chromedriver-2.36.0.tgz
CVE-2021-37713 tar-2.2.1.tgz
WS-2020-0042 acorn-5.5.1.tgz
CVE-2023-28155 request-2.75.0.tgz
CVE-2019-16769 serialize-javascript-1.4.0.tgz
CVE-2018-1002204 adm-zip-0.4.7.tgz
CVE-2018-3739 https-proxy-agent-1.0.0.tgz
CVE-2019-10747 set-value-2.0.0.tgz
CVE-2020-28498 elliptic-6.4.0.tgz
WS-2019-0424 elliptic-6.4.0.tgz
CVE-2020-28500 lodash-3.10.1.tgz
CVE-2022-24999 qs-6.2.3.tgz
CVE-2018-1000620 cryptiles-2.0.5.tgz
CVE-2022-21704 log4js-2.5.3.tgz
CVE-2021-23337 lodash-4.17.2.tgz
CVE-2019-13173 fstream-1.0.11.tgz
CVE-2021-29469 redis-2.8.0.tgz
CVE-2022-29167 hawk-6.0.2.tgz
CVE-2021-43138 async-2.0.1.tgz
CVE-2020-8203 lodash-4.17.5.tgz
CVE-2019-20920 handlebars-4.0.11.tgz
CVE-2018-20834 tar-2.2.1.tgz
CVE-2018-16492 extend-3.0.1.tgz
WS-2019-0310 https-proxy-agent-1.0.0.tgz
CVE-2020-28499 merge-1.2.0.tgz
CVE-2020-28469 glob-parent-2.0.0.tgz
CVE-2022-3517 minimatch-3.0.3.tgz
CVE-2020-28168 axios-0.15.3.tgz
CVE-2021-32804 tar-2.2.1.tgz
CVE-2021-23383 handlebars-4.0.11.tgz
CVE-2022-29167 hawk-3.1.3.tgz
CVE-2021-23369 handlebars-4.0.11.tgz
CVE-2022-24999 qs-2.3.3.tgz
CVE-2022-0155 follow-redirects-1.0.0.tgz
CVE-2021-37712 tar-2.2.1.tgz
WS-2018-0589 nwmatcher-1.4.3.tgz
WS-2019-0063 js-yaml-3.11.0.tgz
CVE-2019-10744 lodash-4.17.2.tgz
CVE-2021-23337 lodash-4.16.2.tgz
CVE-2019-20922 handlebars-4.0.11.tgz
CVE-2019-10744 lodash-3.10.1.tgz
CVE-2019-10742 axios-0.15.3.tgz
CVE-2018-3721 lodash-4.16.2.tgz
CVE-2022-0144 shelljs-0.7.6.tgz
CVE-2017-16115 timespan-2.3.0.tgz
CVE-2019-1010266 lodash-3.10.1.tgz
CVE-2018-16472 cached-path-relative-1.0.1.tgz
CVE-2022-0437 karma-2.0.0.tgz
WS-2018-0590 diff-1.4.0.tgz
CVE-2018-3750 deep-extend-0.4.2.tgz
CVE-2021-23400 nodemailer-2.7.2.tgz
CVE-2023-45857 axios-0.15.3.tgz
CVE-2022-41940 engine.io-3.1.5.tgz
CVE-2020-7598 minimist-1.2.0.tgz
CVE-2018-3745 atob-2.0.3.tgz
CVE-2017-16137 debug-2.2.0.tgz
WS-2018-0076 tunnel-agent-0.4.3.tgz
CVE-2022-46175 json5-0.5.1.tgz
WS-2019-0181 lodash.defaultsdeep-4.3.2.tgz
CVE-2021-23337 lodash-3.10.1.tgz
CVE-2021-32803 tar-2.2.1.tgz
CVE-2018-16487 lodash-4.17.2.tgz
WS-2019-0066 ecstatic-3.2.0.tgz
CVE-2019-10747 set-value-0.4.3.tgz
CVE-2021-23337 lodash-4.17.5.tgz
CVE-2019-10744 lodash-4.17.5.tgz
CVE-2021-42740 shell-quote-1.6.1.tgz
CVE-2019-1010266 lodash-4.17.5.tgz
CVE-2022-38900 decode-uri-component-0.2.0.tgz
CVE-2022-0144 shelljs-0.8.1.tgz
CVE-2020-7769 nodemailer-2.7.2.tgz
CVE-2023-28155 request-2.81.0.tgz
CVE-2020-28502 xmlhttprequest-ssl-1.5.5.tgz
WS-2019-0032 js-yaml-3.11.0.tgz
CVE-2019-10196 http-proxy-agent-1.0.0.tgz
CVE-2021-23440 set-value-0.4.3.tgz
CVE-2021-43138 async-2.6.0.tgz
WS-2021-0153 ejs-2.5.7.tgz
CVE-2020-28500 lodash-4.16.2.tgz
WS-2020-0443 socket.io-2.0.4.tgz
CVE-2021-23362 hosted-git-info-2.5.0.tgz
CVE-2020-7598 minimist-0.0.8.tgz
CVE-2017-16042 growl-1.9.2.tgz
CVE-2020-8244 bl-1.1.2.tgz
CVE-2019-1010266 lodash-4.17.2.tgz
CVE-2021-23440 set-value-2.0.0.tgz
CVE-2021-25949 set-getter-0.1.0.tgz
CVE-2021-31597 xmlhttprequest-ssl-1.5.5.tgz
CVE-2020-8116 dot-prop-3.0.0.tgz
CVE-2020-28469 glob-parent-3.1.0.tgz
CVE-2020-7774 y18n-3.2.1.tgz
CVE-2020-36049 socket.io-parser-3.1.3.tgz
CVE-2020-36048 engine.io-3.1.5.tgz
WS-2019-0307 mem-1.1.0.tgz
CVE-2018-16469 merge-1.2.0.tgz
CVE-2022-0536 follow-redirects-1.0.0.tgz
CVE-2021-3807 ansi-regex-3.0.0.tgz
WS-2019-0180 lodash.mergewith-4.6.1.tgz
CVE-2021-23343 path-parse-1.0.5.tgz
CVE-2019-10744 lodash.defaultsdeep-4.3.2.tgz
WS-2019-0103 handlebars-4.0.11.tgz
CVE-2020-15366 ajv-5.5.2.tgz
CVE-2018-16487 lodash-3.10.1.tgz
CVE-2017-1000048 qs-2.3.3.tgz
CVE-2020-28500 lodash-4.17.5.tgz
CVE-2020-8203 lodash-4.17.2.tgz
WS-2018-0650 useragent-2.3.0.tgz
WS-2020-0091 http-proxy-1.16.2.tgz
WS-2018-0103 stringstream-0.0.5.tgz
CVE-2020-8203 lodash-3.10.1.tgz
CVE-2018-3728 hoek-2.16.3.tgz
CVE-2018-3745 atob-1.1.3.tgz
CVE-2019-20149 kind-of-6.0.2.tgz
CVE-2019-10744 lodash.mergewith-4.6.1.tgz
CVE-2021-37701 tar-2.2.1.tgz
CVE-2018-16487 lodash-4.16.2.tgz
CVE-2022-24999 qs-6.4.0.tgz
CVE-2022-37603 loader-utils-1.1.0.tgz
CVE-2022-3517 minimatch-3.0.4.tgz
CVE-2021-23425 trim-off-newlines-1.0.1.tgz
CVE-2022-29078 ejs-2.5.7.tgz

Base branch total remaining vulnerabilities: 160
Base branch commit: null


Total libraries scanned: 40

Scan token: f32df3fb62e645c592522b8a8648c431

View more details on Mend Bolt for GitHub