Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency axios to ^0.20.0 #484

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

chore(deps): update dependency axios to ^0.20.0

8ff529f
Select commit
Loading
Failed to load commit list.
Open

chore(deps): update dependency axios to ^0.20.0 #484

chore(deps): update dependency axios to ^0.20.0
8ff529f
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Sep 8, 2024 in 24m 23s

Security Report

You have successfully remediated 10 vulnerabilities, but introduced 3 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2018-20676

Path to dependency file: /core/jazz-web/index.html

Path to vulnerable library: /core/jazz-web/js/bootstrap.min.js,/templates/static-website-template/app/js/bootstrap.min.js,/core/jazz-web/js/bootstrap.min.js,/templates/static-website-template/app/js/bootstrap.min.js

Dependency Hierarchy:

-> ❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Medium 6.1 bootstrap-3.3.5.min.js Upgrade to version: bootstrap - 3.4.0 #427
CVE-2016-10735

Path to dependency file: /core/jazz-web/index.html

Path to vulnerable library: /core/jazz-web/js/bootstrap.min.js,/templates/static-website-template/app/js/bootstrap.min.js,/core/jazz-web/js/bootstrap.min.js,/templates/static-website-template/app/js/bootstrap.min.js

Dependency Hierarchy:

-> ❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Medium 6.1 bootstrap-3.3.5.min.js Upgrade to version: bootstrap - 3.4.0, 4.0.0-beta.2 #451
CVE-2020-28168

Path to dependency file: /builds/jazz_azure-create-service/package.json

Path to vulnerable library: /builds/jazz_azure-create-service/node_modules/axios/package.json

Dependency Hierarchy:

-> ❌ axios-0.20.0.tgz (Vulnerable Library)

Medium 5.9 axios-0.20.0.tgz Upgrade to version: axios - 0.21.1 #383

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2024-42459 elliptic-6.5.5.tgz
CVE-2024-42461 elliptic-6.5.5.tgz
CVE-2023-45857 axios-0.18.1.tgz
CVE-2022-0536 follow-redirects-1.5.10.tgz
CVE-2022-0155 follow-redirects-1.5.10.tgz
CVE-2024-28849 follow-redirects-1.5.10.tgz
CVE-2024-42460 elliptic-6.5.5.tgz
CVE-2020-28168 axios-0.18.1.tgz
CVE-2024-39689 certifi-2024.6.2-py3-none-any.whl
CVE-2023-26159 follow-redirects-1.5.10.tgz

Base branch total remaining vulnerabilities: 121
Base branch commit: 712665b267203375ee4b15e1f8d1ebe08abc1547


Total libraries scanned: 1640

Scan token: 7a0ade2fe7904bc79baab6f68a4ee53a

View more details on Mend for GitHub.com