Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency canvas to v2.8.0 #51

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency canvas to v2.8.0

6a873c9
Select commit
Loading
Failed to load commit list.
Open

Update dependency canvas to v2.8.0 #51

Update dependency canvas to v2.8.0
6a873c9
Select commit
Loading
Failed to load commit list.
This check has been archived and is scheduled for deletion. Learn more about checks retention
Mend for GitHub.com / Mend Security Check failed Oct 14, 2023 in 1m 6s

Security Report

You have successfully remediated 9 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2022-25883

Dependency Hierarchy:

-> canvas-2.8.0.tgz (Root Library)

   -> node-pre-gyp-1.0.11.tgz

     -> make-dir-3.1.0.tgz

       -> ❌ semver-6.3.0.tgz (Vulnerable Library)

High 7.5 semver-6.3.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2021-44906 minimist-1.2.5.tgz
CVE-2021-37701 tar-4.4.13.tgz
CVE-2021-37712 tar-4.4.13.tgz
CVE-2021-32803 tar-4.4.13.tgz
CVE-2020-7788 ini-1.3.5.tgz
CVE-2022-0355 simple-get-3.1.0.tgz
CVE-2022-25883 semver-5.7.1.tgz
CVE-2021-37713 tar-4.4.13.tgz
CVE-2021-32804 tar-4.4.13.tgz

Base branch total remaining vulnerabilities: 19
Base branch commit: 4eda76fb92a97cfa3afae73f99b2e0117f5d1f56


Total libraries scanned: 167

Scan token: d65913359eaa4fb59c67e306368e87f8

View more details on Mend for GitHub.com