Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade react-router-dom from 4.2.2 to 6.0.0 #249

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: amundsen_application/static/package.json & amundsen_application/…

9be9815
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade react-router-dom from 4.2.2 to 6.0.0 #249

fix: amundsen_application/static/package.json & amundsen_application/…
9be9815
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Sep 11, 2024 in 12m 24s

Security Report

You have successfully remediated 158 vulnerabilities, but introduced 5 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-46136

Path to dependency file: /tmp/ws-scm/amundsenfrontendlibrary

Path to vulnerable library: /tmp/ws-scm/amundsenfrontendlibrary,/requirements.txt

Dependency Hierarchy:

-> Flask-1.0.2-py2.py3-none-any.whl (Root Library)

   -> ❌ Werkzeug-2.2.3-py3-none-any.whl (Vulnerable Library)

High 8.0 Werkzeug-2.2.3-py3-none-any.whl Upgrade to version: werkzeug - 2.3.8,3.0.1 #161
CVE-2024-34069

Path to dependency file: /tmp/ws-scm/amundsenfrontendlibrary

Path to vulnerable library: /tmp/ws-scm/amundsenfrontendlibrary,/requirements.txt

Dependency Hierarchy:

-> Flask-1.0.2-py2.py3-none-any.whl (Root Library)

   -> ❌ Werkzeug-2.2.3-py3-none-any.whl (Vulnerable Library)

High 7.5 Werkzeug-2.2.3-py3-none-any.whl Upgrade to version: Werkzeug - 3.0.3 #216
CVE-2024-6345

Path to dependency file: /tmp/ws-scm/amundsenfrontendlibrary

Path to vulnerable library: /tmp/ws-scm/amundsenfrontendlibrary,/requirements.txt

Dependency Hierarchy:

-> pytest-3.5.1-py2.py3-none-any.whl (Root Library)

   -> ❌ setuptools-68.0.0-py3-none-any.whl (Vulnerable Library)

High 7.0 setuptools-68.0.0-py3-none-any.whl Upgrade to version: setuptools - 70.0.0 #235
CVE-2022-42969

Path to dependency file: /tmp/ws-scm/amundsenfrontendlibrary

Path to vulnerable library: /tmp/ws-scm/amundsenfrontendlibrary,/requirements.txt

Dependency Hierarchy:

-> pytest-3.5.1-py2.py3-none-any.whl (Root Library)

   -> ❌ py-1.11.0-py2.py3-none-any.whl (Vulnerable Library)

Medium 5.3 py-1.11.0-py2.py3-none-any.whl #127
CVE-2024-5569

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/tmp/ws-scm/amundsenfrontendlibrary

Dependency Hierarchy:

-> Flask-1.0.2-py2.py3-none-any.whl (Root Library)

   -> click-8.1.7-py3-none-any.whl

     -> importlib_metadata-6.7.0-py3-none-any.whl

       -> ❌ zipp-3.15.0-py3-none-any.whl (Vulnerable Library)

Low 3.3 zipp-3.15.0-py3-none-any.whl Upgrade to version: zipp - 3.19.1 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2021-32640 ws-5.2.2.tgz
CVE-2021-23362 hosted-git-info-2.6.0.tgz
CVE-2019-6284 node-sass-v4.13.1
CVE-2021-32803 tar-2.2.2.tgz
CVE-2022-21222 css-what-2.1.2.tgz
CVE-2021-3807 ansi-regex-4.1.0.tgz
CVE-2018-19797 node-sass-v4.13.1
CVE-2019-6283 node-sass-v4.13.1
CVE-2018-11696 node-sass-4.13.1.tgz
CVE-2022-37601 loader-utils-1.1.0.tgz
CVE-2023-45133 traverse-7.7.2.tgz
CVE-2018-20190 node-sass-v4.13.1
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2021-27290 ssri-7.1.0.tgz
CVE-2022-24999 qs-6.5.2.tgz
CVE-2020-7774 y18n-4.0.0.tgz
CVE-2024-28863 tar-4.4.13.tgz
CVE-2023-50782 cryptography-3.3.2-cp27-cp27mu-manylinux2010_x86_64.whl
CVE-2018-19838 node-sass-4.13.1.tgz
CVE-2022-25883 semver-5.7.1.tgz
CVE-2023-3446 cryptography-3.3.2-cp27-cp27mu-manylinux2010_x86_64.whl
CVE-2024-28863 tar-2.2.2.tgz
CVE-2021-33623 trim-newlines-1.0.0.tgz
CVE-2018-20821 node-sass-4.13.1.tgz
CVE-2021-23368 postcss-7.0.23.tgz
CVE-2024-42461 elliptic-6.5.2.tgz
CVE-2018-11694 node-sass-4.13.1.tgz
CVE-2020-7608 yargs-parser-10.1.0.tgz
CVE-2024-22195 Jinja2-2.11.3-py2.py3-none-any.whl
CVE-2021-32803 tar-4.4.13.tgz
CVE-2021-3777 tmpl-1.0.4.tgz
CVE-2022-29217 PyJWT-1.7.1-py2.py3-none-any.whl
CVE-2018-19837 node-sass-4.13.1.tgz
CVE-2021-37701 tar-2.2.2.tgz
CVE-2021-37713 tar-4.4.13.tgz
CVE-2022-25858 terser-4.4.2.tgz
WS-2020-0450 handlebars-4.5.3.tgz
CVE-2024-37890 ws-5.2.2.tgz
CVE-2020-13822 elliptic-6.5.2.tgz
WS-2019-0605 CSS::Sass-v3.6.0
CVE-2021-37701 tar-4.4.8.tgz
CVE-2022-24785 moment-2.20.1.js
CVE-2022-46175 json5-2.1.1.tgz
CVE-2022-46175 json5-1.0.1.tgz
CVE-2022-46175 json5-0.5.1.tgz
CVE-2018-20190 node-sass-4.13.1.tgz
CVE-2021-27290 ssri-6.0.1.tgz
CVE-2019-11358 jquery-2.1.4.min.js
CVE-2022-38900 decode-uri-component-0.2.0.tgz
CVE-2022-23491 certifi-2020.12.5-py2.py3-none-any.whl
CVE-2023-44270 postcss-7.0.23.tgz
CVE-2019-18797 node-sass-4.13.1.tgz
CVE-2023-23931 cryptography-3.3.2-cp27-cp27mu-manylinux2010_x86_64.whl
CVE-2018-20822 node-sass-v4.13.1
CVE-2018-19839 node-sass-4.13.1.tgz
CVE-2022-25883 semver-6.3.0.tgz
CVE-2019-6286 node-sass-4.13.1.tgz
CVE-2020-7774 y18n-3.2.1.tgz
CVE-2021-23382 postcss-7.0.23.tgz
CVE-2022-25858 terser-4.6.2.tgz
CVE-2024-4067 micromatch-4.0.2.tgz
CVE-2017-16137 debug-4.1.1.tgz
CVE-2020-24025 node-sass-4.13.1.tgz
CVE-2019-6284 node-sass-4.13.1.tgz
CVE-2019-6286 node-sass-v4.13.1
CVE-2019-20149 kind-of-6.0.2.tgz
WS-2020-0042 acorn-6.3.0.tgz
CVE-2024-4068 braces-3.0.2.tgz
CVE-2021-23368 postcss-7.0.6.tgz
CVE-2024-34069 Werkzeug-1.0.1-py2.py3-none-any.whl
CVE-2021-23383 handlebars-4.5.3.tgz
CVE-2021-23369 handlebars-4.5.3.tgz
CVE-2022-37603 loader-utils-1.1.0.tgz
CVE-2018-19827 node-sass-4.13.1.tgz
CVE-2019-6283 node-sass-4.13.1.tgz
CVE-2020-7789 node-notifier-5.4.3.tgz
CVE-2017-16137 debug-3.2.6.tgz
CVE-2021-23364 browserslist-4.8.3.tgz
CVE-2023-46136 Werkzeug-1.0.1-py2.py3-none-any.whl
CVE-2022-26592 node-sass-v4.13.1
WS-2019-0424 elliptic-6.5.2.tgz
CVE-2020-28498 elliptic-6.5.2.tgz
WS-2020-0042 acorn-5.5.3.tgz
MSC-2023-16609 fsevents-1.2.9.tgz
CVE-2022-31129 moment-2.20.1.js
CVE-2019-18797 node-sass-v4.13.1
CVE-2022-40897 setuptools-44.1.1-py2.py3-none-any.whl
CVE-2020-7788 ini-1.3.5.tgz
WS-2020-0042 acorn-6.4.0.tgz
CVE-2023-49083 cryptography-3.3.2-cp27-cp27mu-manylinux2010_x86_64.whl
CVE-2021-37712 tar-4.4.8.tgz
CVE-2023-45311 fsevents-1.2.9.tgz
CVE-2022-37601 loader-utils-0.2.17.tgz
CVE-2023-0286 cryptography-3.3.2-cp27-cp27mu-manylinux2010_x86_64.whl
CVE-2018-19838 node-sass-v4.13.1
CVE-2022-37598 uglify-js-3.6.9.tgz
CVE-2023-45133 traverse-7.7.4.tgz
CVE-2018-11499 node-sass-4.13.1.tgz
CVE-2023-45133 babel-traverse-6.26.0.tgz
CVE-2024-42459 elliptic-6.5.2.tgz
CVE-2015-9251 jquery-2.1.4.min.js
CVE-2024-43788 webpack-4.41.3.tgz
CVE-2022-25758 scss-tokenizer-0.2.3.tgz
CVE-2022-25883 semver-7.0.0.tgz
CVE-2021-23382 postcss-7.0.6.tgz
WS-2019-0425 mocha-1.6.0.js
CVE-2022-25883 semver-5.3.0.tgz
CVE-2024-42460 elliptic-6.5.2.tgz
CVE-2018-20821 node-sass-v4.13.1
CVE-2021-3803 nth-check-1.0.2.tgz
CVE-2024-4068 braces-2.3.2.tgz
CVE-2023-37920 certifi-2020.12.5-py2.py3-none-any.whl
CVE-2021-37701 tar-4.4.13.tgz
CVE-2023-26136 tough-cookie-2.4.3.tgz
CVE-2022-37598 uglify-js-3.4.9.tgz
CVE-2023-2650 cryptography-3.3.2-cp27-cp27mu-manylinux2010_x86_64.whl
CVE-2023-25577 Werkzeug-1.0.1-py2.py3-none-any.whl
CVE-2020-15366 ajv-6.10.2.tgz
CVE-2021-37713 tar-4.4.8.tgz
CVE-2020-7598 minimist-1.2.0.tgz
CVE-2020-7608 yargs-parser-5.0.0.tgz
CVE-2021-32804 tar-4.4.13.tgz
CVE-2022-21191 global-modules-path-2.3.0.tgz
CVE-2022-25883 semver-5.5.0.tgz
CVE-2022-37603 loader-utils-1.2.3.tgz
CVE-2024-28863 tar-4.4.8.tgz
CVE-2024-6345 setuptools-44.1.1-py2.py3-none-any.whl
CVE-2023-38325 cryptography-3.3.2-cp27-cp27mu-manylinux2010_x86_64.whl
CVE-2018-19797 node-sass-4.13.1.tgz
CVE-2020-7660 serialize-javascript-2.1.2.tgz
WS-2019-0425 mocha-2.2.5.js
CVE-2020-7608 yargs-parser-13.1.1.tgz
CVE-2021-32804 tar-4.4.8.tgz
CVE-2020-28469 glob-parent-3.1.0.tgz
CVE-2021-44906 minimist-1.2.0.tgz
CVE-2023-46234 browserify-sign-4.0.4.tgz
CVE-2021-37712 tar-2.2.2.tgz
CVE-2021-3807 ansi-regex-3.0.0.tgz
CVE-2020-14422 ipaddress-1.0.23-py2.py3-none-any.whl
CVE-2018-11697 node-sass-4.13.1.tgz
CVE-2021-37713 tar-2.2.2.tgz
CVE-2020-15366 ajv-5.5.2.tgz
CVE-2022-25883 semver-5.7.0.tgz
CVE-2022-37620 html-minifier-3.5.21.tgz
CVE-2021-32803 tar-4.4.8.tgz
CVE-2020-15366 ajv-6.4.0.tgz
CVE-2023-28155 request-2.88.0.tgz
CVE-2023-23934 Werkzeug-1.0.1-py2.py3-none-any.whl
CVE-2022-42969 py-1.10.0-py2.py3-none-any.whl
CVE-2021-32804 tar-2.2.2.tgz
CVE-2022-37601 loader-utils-1.2.3.tgz
CVE-2023-44270 postcss-7.0.6.tgz
CVE-2024-4067 micromatch-3.1.10.tgz
CVE-2021-37712 tar-4.4.13.tgz
CVE-2024-34064 Jinja2-2.11.3-py2.py3-none-any.whl
CVE-2020-11022 jquery-2.1.4.min.js
CVE-2023-4807 cryptography-3.3.2-cp27-cp27mu-manylinux2010_x86_64.whl
CVE-2022-3517 minimatch-3.0.4.tgz

Base branch total remaining vulnerabilities: 209
Base branch commit: null


Total libraries scanned: 265

Scan token: f5d49f5177044c6c8ea5876b2e41222c

View more details on Mend for GitHub.com