chore(deps): update cartservice to 1.8.1 #174
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2023-46136Path to dependency file: /src/loadgenerator/requirements.txt Path to vulnerable library: /src/loadgenerator/requirements.txt Dependency Hierarchy: -> ❌ werkzeug-2.3.7-py3-none-any.whl (Vulnerable Library) |
 High |
8.0 | werkzeug-2.3.7-py3-none-any.whl | Upgrade to version: werkzeug - 2.3.8,3.0.1 | None |
CVE-2024-47764Path to dependency file: /src/frontend/package.json Path to vulnerable library: /src/frontend/package.json Dependency Hierarchy: -> cookies-next-2.1.2.tgz (Root Library) -> ❌ cookie-0.4.2.tgz (Vulnerable Library) |
 Medium |
5.3 | cookie-0.4.2.tgz | Upgrade to version: cookie - 0.7.0 | None |
CVE-2024-37891Path to dependency file: /src/loadgenerator/requirements.txt Path to vulnerable library: /src/loadgenerator/requirements.txt Dependency Hierarchy: -> ❌ urllib3-2.0.7-py3-none-any.whl (Vulnerable Library) |
Medium |
4.4 | urllib3-2.0.7-py3-none-any.whl | Upgrade to version: urllib3 - 1.26.19,2.2.2 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2023-41419 | gevent-22.10.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2024-32028 | opentelemetry.instrumentation.http.1.5.1-beta.1.nupkg |
| CVE-2024-32028 | opentelemetry.instrumentation.aspnetcore.1.5.1-beta.1.nupkg |
| CVE-2024-5569 | zipp-3.15.0-py3-none-any.whl |
| CVE-2023-46136 | Werkzeug-2.2.3-py3-none-any.whl |
| CVE-2024-6345 | setuptools-68.0.0-py3-none-any.whl |
| CVE-2024-34069 | Werkzeug-2.2.3-py3-none-any.whl |
Base branch total remaining vulnerabilities: 30
Base branch commit: 651312c9c82b789d7867420ec64c43adf2e24321
Total libraries scanned: 988
Scan token: 4851dd8d628a44479940b5b724c66999