Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 2.x] [Fix] Inactive State on 'Discover' Tab in Side Navigation Menu #5606

Merged
merged 1 commit into from
Dec 13, 2023

[Fix] Inactive State on 'Discover' Tab in Side Navigation Menu (#5432)

30d675f
Select commit
Loading
Failed to load commit list.
Merged

[Backport 2.x] [Fix] Inactive State on 'Discover' Tab in Side Navigation Menu #5606

[Fix] Inactive State on 'Discover' Tab in Side Navigation Menu (#5432)
30d675f
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Dec 13, 2023 in 9m 50s

Security Report

You have successfully remediated 5 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
WS-2017-3772

Vulnerable Source Files:

❌ /packages/osd-ui-framework/node_modules/underscore.string/unescapeHTML.js

 High 7.5 juice-shopjuice-shop-14.0.0_node14_darwin_x64 Upgrade to version: underscore.string - 3.3.5 #4734
CVE-2023-26156

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/chromedriver/package.json

Dependency Hierarchy:

-> ❌ chromedriver-107.0.3.tgz (Vulnerable Library)

High 7.5 chromedriver-107.0.3.tgz Upgrade to version: chromedriver - 119.0.1 None
CVE-2022-43358

Vulnerable Source Files:

❌ /node_modules/node-sass/src/libsass/src/ast_selectors.cpp

 High 7.5 sassv0.4.7 #4877
CVE-2022-43357

Vulnerable Source Files:

❌ /node_modules/node-sass/src/libsass/src/ast_selectors.cpp

 High 7.5 sassv0.4.7 #4812
CVE-2023-45857

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/chromedriver/node_modules/axios/package.json

Dependency Hierarchy:

-> chromedriver-107.0.3.tgz (Root Library)

   -> ❌ axios-1.2.0.tgz (Vulnerable Library)

Medium 6.5 axios-1.2.0.tgz Upgrade to version: axios - 1.6.0 #5474
CVE-2023-45857

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/axios/package.json

Dependency Hierarchy:

-> @osd/ui-shared-deps-1.0.0.tgz (Root Library)

   -> ❌ axios-0.27.2.tgz (Vulnerable Library)

Medium 6.5 axios-0.27.2.tgz Upgrade to version: axios - 1.6.0 #5474

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2015-9251 jquery-1.11.1.js
CVE-2019-11358 jquery-1.11.1.js
WS-2017-3772 juice-shop-juice-shop-14.5.1_node16_darwin_x64
CVE-2020-11022 jquery-1.11.1.js
CVE-2020-11023 jquery-1.11.1.js

Base branch total remaining vulnerabilities: 23
Base branch commit: 478176ab553045e7e8e7b515f6c55b46e2bff2d4


Total libraries scanned: 2507

Scan token: c0d6c6200e6746679bfb2d54dba9b5f1

View more details on Mend for GitHub.com