[OSCI][CLEAN] Audit unused dependencies in OUI (#1135) (#1247)
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/braces/package.json Dependency Hierarchy: -> fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library) -> chokidar-3.5.3.tgz -> ❌ braces-3.0.2.tgz (Vulnerable Library) |
 High |
7.5 | braces-3.0.2.tgz | Upgrade to version: braces - 3.0.3 | None |
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/node_modules/braces/package.json,/node_modules/@babel/cli/node_modules/braces/package.json,/node_modules/babel-plugin-add-module-exports/node_modules/braces/package.json Dependency Hierarchy: -> jest-cli-24.9.0.tgz (Root Library) -> core-24.9.0.tgz -> micromatch-3.1.10.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library) |
High |
7.5 | braces-2.3.2.tgz | Upgrade to version: braces - 3.0.3 | #630 |
CVE-2024-37890Path to dependency file: /package.json Path to vulnerable library: /node_modules/ws/package.json Dependency Hierarchy: -> webpack-dev-server-3.11.3.tgz (Root Library) -> ❌ ws-6.2.2.tgz (Vulnerable Library) |
High |
7.5 | ws-6.2.2.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | #389 |
CVE-2024-37890Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsdom/node_modules/ws/package.json Dependency Hierarchy: -> jest-cli-24.9.0.tgz (Root Library) -> jest-config-24.9.0.tgz -> jest-environment-jsdom-24.9.0.tgz -> jsdom-11.12.0.tgz -> ❌ ws-5.2.3.tgz (Vulnerable Library) |
High |
7.5 | ws-5.2.3.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | #630 |
CVE-2024-37890Path to dependency file: /package.json Path to vulnerable library: /node_modules/puppeteer-core/node_modules/ws/package.json Dependency Hierarchy: -> puppeteer-19.11.1.tgz (Root Library) -> puppeteer-core-19.11.1.tgz -> ❌ ws-8.13.0.tgz (Vulnerable Library) |
High |
7.5 | ws-8.13.0.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | None |
CVE-2024-39249Path to dependency file: /package.json Path to vulnerable library: /node_modules/portfinder/node_modules/async/package.json Dependency Hierarchy: -> webpack-dev-server-3.11.3.tgz (Root Library) -> portfinder-1.0.28.tgz -> ❌ async-2.6.4.tgz (Vulnerable Library) |
 Medium |
6.5 | async-2.6.4.tgz | #389 | |
CVE-2024-39249Path to dependency file: /package.json Path to vulnerable library: /node_modules/async/package.json Dependency Hierarchy: -> yo-4.3.1.tgz (Root Library) -> ❌ async-3.2.4.tgz (Vulnerable Library) |
Medium |
6.5 | async-3.2.4.tgz | #750 | |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/package.json Dependency Hierarchy: -> jest-cli-24.9.0.tgz (Root Library) -> jest-config-24.9.0.tgz -> ❌ micromatch-3.1.10.tgz (Vulnerable Library) |
Medium |
5.3 | micromatch-3.1.10.tgz | Upgrade to version: micromatch - 4.0.6 | #630 |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/postcss-cli/node_modules/micromatch/package.json,/node_modules/find-yarn-workspace-root2/node_modules/micromatch/package.json Dependency Hierarchy: -> yo-4.3.1.tgz (Root Library) -> yeoman-environment-3.10.0.tgz -> preferred-pm-3.0.3.tgz -> find-yarn-workspace-root2-1.2.16.tgz -> ❌ micromatch-4.0.2.tgz (Vulnerable Library) |
Medium |
5.3 | micromatch-4.0.2.tgz | Upgrade to version: micromatch - 4.0.6 | #750 |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/fast-glob/node_modules/micromatch/package.json Dependency Hierarchy: -> parser-5.62.0.tgz (Root Library) -> typescript-estree-5.62.0.tgz -> globby-11.1.0.tgz -> fast-glob-3.2.11.tgz -> ❌ micromatch-4.0.5.tgz (Vulnerable Library) |
Medium |
5.3 | micromatch-4.0.5.tgz | Upgrade to version: micromatch - 4.0.6 | None |
Base branch total remaining vulnerabilities: 5
Base branch commit: 6778930e8e3bf7b757d4c3dac33702b19637dcfc
Total libraries scanned: 2305
Scan token: 097f1e6944bb40659bd3f5450c3f7f86