Skip to content
This repository has been archived by the owner on Feb 8, 2024. It is now read-only.

mgr/dashboard: bump @types/node from 12.12.62 to 20.6.3 in /src/pybind/mgr/dashboard/frontend #604

Closed
wants to merge 1 commit into from

mgr/dashboard: bump @types/node in /src/pybind/mgr/dashboard/frontend

f284b3b
Select commit
Loading
Failed to load commit list.
Closed

mgr/dashboard: bump @types/node from 12.12.62 to 20.6.3 in /src/pybind/mgr/dashboard/frontend #604

mgr/dashboard: bump @types/node in /src/pybind/mgr/dashboard/frontend
f284b3b
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Sep 20, 2023 in 8m 31s

Security Report

The Security Check found 24 vulnerabilities.

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2019-6446

Path to dependency file: /src/tools/cephfs/shell

Path to vulnerable library: /src/tools/cephfs/shell,/src/pybind/rgw,/src/pybind/mgr/diskprediction_local/requirements.txt,/src/pybind/rbd,/src/pybind/mgr/diskprediction_local/requirements.txt

Dependency Hierarchy:

-> ❌ numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Critical 9.8 numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: 1.16.2 #32
CVE-2022-46175

Dependency Hierarchy:

-> localize-12.2.13.tgz (Root Library)

   -> core-7.8.3.tgz

     -> ❌ json5-2.2.1.tgz (Vulnerable Library)

High 8.8 json5-2.2.1.tgz Upgrade to version: json5 - 2.2.2 #481
CVE-2022-42969

Path to dependency file: /src/pybind/cephfs

Path to vulnerable library: /src/pybind/cephfs,/monitoring/ceph-mixin/tests_dashboards/requirements.txt

Dependency Hierarchy:

-> ❌ py-1.10.0-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 py-1.10.0-py2.py3-none-any.whl #452
CVE-2022-34749

Path to dependency file: /src/pybind/cephfs

Path to vulnerable library: /src/pybind/cephfs,/src/pybind/rados,/admin/doc-requirements.txt,/src/tools/cephfs/top,/src/ceph-volume

Dependency Hierarchy:

-> ❌ mistune-0.8.4-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 mistune-0.8.4-py2.py3-none-any.whl Upgrade to version: mistune - 2.0.3 #376
CVE-2022-31129

Dependency Hierarchy:

-> ❌ moment-2.29.3.tgz (Vulnerable Library)

High 7.5 moment-2.29.3.tgz Upgrade to version: moment - 2.29.4 #359
CVE-2022-25883

Dependency Hierarchy:

-> localize-12.2.13.tgz (Root Library)

   -> core-7.8.3.tgz

     -> ❌ semver-5.7.1.tgz (Vulnerable Library)

High 7.5 semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv18.0.0 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2022-3854

Vulnerable Source Files:

❌ /src/rgw/rgw_common.cc

 Medium 6.5 cephv17.2.5 Upgrade to version: v18.0.0 #487
CVE-2022-48345

Dependency Hierarchy:

-> swagger-ui-4.12.0.tgz (Root Library)

   -> ❌ sanitize-url-6.0.0.tgz (Vulnerable Library)

Medium 6.1 sanitize-url-6.0.0.tgz Upgrade to version: @braintree/sanitize-url - 6.0.1 #507
CVE-2020-7656

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jquery - 1.9.0 #40
CVE-2020-11023

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 #35
CVE-2020-11022

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jQuery - 3.5.0 #36
CVE-2019-11358

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jquery - 3.4.0 #249
CVE-2015-9251

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jQuery - 3.0.0 #38
CVE-2012-6708

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jQuery - v1.9.0 #33
CVE-2021-34141

Path to dependency file: /src/tools/cephfs/shell

Path to vulnerable library: /src/tools/cephfs/shell,/src/pybind/rgw,/src/pybind/mgr/diskprediction_local/requirements.txt,/src/pybind/rbd,/src/pybind/mgr/diskprediction_local/requirements.txt

Dependency Hierarchy:

-> ❌ numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: numpy - 1.22.0 #49
CVE-2021-34141

Path to dependency file: /src/pybind/mgr/requirements.txt

Path to vulnerable library: /src/pybind/mgr/requirements.txt

Dependency Hierarchy:

-> scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (Root Library)

   -> ❌ numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl Upgrade to version: numpy - 1.22.0 #49
CVE-2021-33430

Path to dependency file: /src/tools/cephfs/shell

Path to vulnerable library: /src/tools/cephfs/shell,/src/pybind/rgw,/src/pybind/mgr/diskprediction_local/requirements.txt,/src/pybind/rbd,/src/pybind/mgr/diskprediction_local/requirements.txt

Dependency Hierarchy:

-> ❌ numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: numpy - 1.21.0 #48

Total libraries scanned: 368
Scan token: e8384ca7dc054d00a04f6a2de627e6ce
View more details on Mend for GitHub.com