Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency react-scripts to v5 (main) #102

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency react-scripts to v5

f0101fd
Select commit
Loading
Failed to load commit list.
Open

Update dependency react-scripts to v5 (main) #102

Update dependency react-scripts to v5
f0101fd
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Aug 29, 2024 in 3m 14s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

general

https://vonagecc.jfrog.io/artifactory
Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided unsupported host type gradle, skipped

You have successfully remediated 88 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:
CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue Reachability
CVE-2023-44270

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/resolve-url-loader/node_modules/postcss/package.json

Dependency Hierarchy:

-> react-scripts-5.0.1.tgz (Root Library)

   -> resolve-url-loader-4.0.0.tgz

     -> ❌ postcss-7.0.39.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% postcss-7.0.39.tgz Upgrade to version: postcss - 8.4.31 #82

Unreachable

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2021-37712 tar-6.1.0.tgz
CVE-2022-24773 node-forge-0.10.0.tgz
CVE-2022-37601 loader-utils-1.4.0.tgz
CVE-2024-29415 ip-1.1.5.tgz
CVE-2021-23386 dns-packet-1.3.1.tgz
CVE-2021-32804 tar-6.1.0.tgz
CVE-2022-24772 node-forge-0.10.0.tgz
CVE-2022-24771 node-forge-0.10.0.tgz
CVE-2022-37603 loader-utils-2.0.0.tgz
CVE-2021-3807 ansi-regex-4.1.0.tgz
CVE-2024-29180 webpack-dev-middleware-3.7.3.tgz
CVE-2022-25883 semver-7.3.4.tgz
WS-2022-0008 node-forge-0.10.0.tgz
CVE-2022-37603 loader-utils-1.4.0.tgz
CVE-2022-1650 eventsource-1.0.7.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2022-0686 url-parse-1.5.1.tgz
CVE-2021-23364 browserslist-4.16.3.tgz
CVE-2022-24999 qs-6.5.2.tgz
CVE-2021-37701 tar-6.1.0.tgz
CVE-2021-23382 postcss-7.0.21.tgz
CVE-2021-43138 async-2.6.3.tgz
CVE-2021-23424 ansi-html-0.0.7.tgz
CVE-2022-0512 url-parse-1.5.1.tgz
CVE-2021-23566 nanoid-3.1.22.tgz
CVE-2024-42460 elliptic-6.5.4.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2022-29078 ejs-2.7.4.tgz
CVE-2022-37601 loader-utils-2.0.0.tgz
CVE-2023-44270 postcss-7.0.21.tgz
CVE-2024-28863 tar-6.1.0.tgz
CVE-2022-25883 semver-7.0.0.tgz
CVE-2021-3777 tmpl-1.0.4.tgz
CVE-2024-37890 ws-6.2.1.tgz
CVE-2021-28092 is-svg-3.0.0.tgz
CVE-2021-23368 postcss-7.0.21.tgz
CVE-2023-44270 postcss-8.2.8.tgz
CVE-2024-4068 braces-2.3.2.tgz
CVE-2024-42459 elliptic-6.5.4.tgz
CVE-2021-23362 hosted-git-info-2.8.4.tgz
CVE-2022-46175 json5-1.0.1.tgz
CVE-2022-46175 json5-2.2.0.tgz
CVE-2021-23382 postcss-8.2.8.tgz
CVE-2021-23368 postcss-8.2.8.tgz
CVE-2024-42461 elliptic-6.5.4.tgz
CVE-2024-43788 webpack-4.44.2.tgz
CVE-2021-23436 immer-8.0.1.tgz
CVE-2021-3664 url-parse-1.5.1.tgz
CVE-2023-44270 postcss-7.0.35.tgz
CVE-2023-46234 browserify-sign-4.2.1.tgz
CVE-2023-26115 word-wrap-1.2.3.tgz
CVE-2021-27290 ssri-6.0.1.tgz
CVE-2021-23364 browserslist-4.14.2.tgz
CVE-2022-37603 loader-utils-1.2.3.tgz
CVE-2024-33883 ejs-2.7.4.tgz
CVE-2022-38900 decode-uri-component-0.2.0.tgz
CVE-2024-37890 ws-7.4.4.tgz
CVE-2021-3757 immer-8.0.1.tgz
CVE-2022-25883 semver-6.3.0.tgz
CVE-2023-26136 tough-cookie-2.5.0.tgz
CVE-2021-32640 ws-6.2.1.tgz
CVE-2021-29059 is-svg-3.0.0.tgz
CVE-2021-32803 tar-6.1.0.tgz
CVE-2021-3807 ansi-regex-5.0.0.tgz
CVE-2021-23382 postcss-7.0.35.tgz
CVE-2020-28469 glob-parent-3.1.0.tgz
CVE-2022-0691 url-parse-1.5.1.tgz
WS-2021-0153 ejs-2.7.4.tgz
CVE-2024-4067 micromatch-4.0.2.tgz
CVE-2022-37599 loader-utils-2.0.0.tgz
CVE-2022-25883 semver-7.3.2.tgz
CVE-2024-27088 es5-ext-0.10.53.tgz
CVE-2022-0122 node-forge-0.10.0.tgz
CVE-2022-37601 loader-utils-1.2.3.tgz
CVE-2021-37713 tar-6.1.0.tgz
CVE-2023-45133 traverse-7.13.0.tgz
CVE-2024-4067 micromatch-3.1.10.tgz
CVE-2021-42740 shell-quote-1.7.2.tgz
CVE-2021-23368 postcss-7.0.35.tgz
CVE-2022-0639 url-parse-1.5.1.tgz
CVE-2024-4068 braces-3.0.2.tgz
CVE-2023-26136 tough-cookie-4.0.0.tgz
CVE-2022-25858 terser-5.6.0.tgz
CVE-2021-32640 ws-7.4.4.tgz
CVE-2023-42282 ip-1.1.5.tgz
CVE-2022-3517 minimatch-3.0.4.tgz
CVE-2023-28155 request-2.88.2.tgz
CVE-2022-25858 terser-4.8.0.tgz

Base branch total remaining vulnerabilities: 107
Base branch commit: 9d3b76067c37e52c3e773952172de1acb8fca763


Total libraries scanned: 1352

Scan token: b0b996e0fb774d7fa7ee223bcc18a95f

View more details on Mend for GitHub.com