Skip to content
This repository has been archived by the owner on Feb 8, 2024. It is now read-only.

mgr/dashboard: bump @angular/cli from 12.2.13 to 16.1.6 in /src/pybind/mgr/dashboard/frontend #574

Closed
wants to merge 1 commit into from

mgr/dashboard: bump @angular/cli in /src/pybind/mgr/dashboard/frontend

be544ab
Select commit
Loading
Failed to load commit list.
Closed

mgr/dashboard: bump @angular/cli from 12.2.13 to 16.1.6 in /src/pybind/mgr/dashboard/frontend #574

mgr/dashboard: bump @angular/cli in /src/pybind/mgr/dashboard/frontend
be544ab
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Jul 27, 2023 in 10m 9s

Security Report

You have successfully remediated 5 vulnerabilities, but introduced 10 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2022-25883

Path to dependency file: /src/pybind/mgr/dashboard/frontend/package.json

Path to vulnerable library: /src/pybind/mgr/dashboard/frontend/node_modules/semver/package.json

Dependency Hierarchy:

-> localize-12.2.13.tgz (Root Library)

   -> core-7.8.3.tgz

     -> ❌ semver-5.7.1.tgz (Vulnerable Library)

High 7.5 semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2018-1128

Vulnerable Source Files:

❌ null

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ null

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ null

 High 7.5 cephv18.0.0 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ null

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ null

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ null

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2020-7656

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jquery - 1.9.0 #40
CVE-2020-11023

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 #35
CVE-2019-11358

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jquery - 3.4.0 #249

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2023-23934 Werkzeug-2.2.2-py3-none-any.whl
CVE-2023-25577 Werkzeug-2.2.2-py3-none-any.whl
CVE-2022-23491 certifi-2022.9.24-py3-none-any.whl
CVE-2023-23931 cryptography-38.0.3-cp36-abi3-manylinux_2_24_x86_64.whl
CVE-2023-0286 cryptography-38.0.3-cp36-abi3-manylinux_2_24_x86_64.whl

Base branch total remaining vulnerabilities: 29
Base branch commit: 705a9272436ea94efa4e150f8aa37571f66296fb


Total libraries scanned: 367

Scan token: 554efb7b4d9f47548cdb50b9d75eaf31

View more details on Mend for GitHub.com