⬆️ Updates conventional-changelog-cli to v5 #938
Security Report
You have successfully remediated 63 vulnerabilities, but introduced 2 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2023-44270Path to dependency file: /tilt_modules/tilt_inspector/package.json Path to vulnerable library: /tilt_modules/tilt_inspector/node_modules/postcss/package.json Dependency Hierarchy: -> tilt-inspector-0.1.6.tgz (Root Library) -> next-10.2.3.tgz -> ❌ postcss-8.2.13.tgz (Vulnerable Library) |
Medium | 5.3 | postcss-8.2.13.tgz | Upgrade to version: postcss - 8.4.31 | None |
CVE-2021-32640Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> puppeteer-core-7.0.4.tgz (Root Library) -> ❌ ws-7.4.3.tgz (Vulnerable Library) |
Medium | 5.3 | ws-7.4.3.tgz | Upgrade to version: 5.2.3,6.2.2,7.4.6 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2018-16487 | lodash-2.4.2.tgz |
CVE-2021-44906 | minimist-1.2.5.tgz |
CVE-2022-25851 | jpeg-js-0.4.3.tgz |
CVE-2022-25881 | http-cache-semantics-4.1.0.tgz |
CVE-2022-0144 | shelljs-0.8.4.tgz |
CVE-2021-3795 | semver-regex-1.0.0.tgz |
CVE-2015-9251 | jquery-1.9.1.js |
CVE-2020-11022 | jquery-1.9.1.js |
CVE-2020-28500 | lodash-2.4.2.tgz |
CVE-2023-26159 | follow-redirects-1.14.2.tgz |
CVE-2022-46175 | json5-1.0.1.tgz |
CVE-2024-28176 | jose-2.0.5.tgz |
CVE-2021-23566 | nanoid-3.1.25.tgz |
CVE-2023-48795 | ssh2-0.8.9.tgz |
CVE-2022-46175 | json5-2.2.0.tgz |
CVE-2022-0155 | follow-redirects-1.14.2.tgz |
CVE-2022-33987 | got-11.8.2.tgz |
CVE-2023-25166 | formula-3.0.0.tgz |
CVE-2021-43308 | markdown-link-extractor-1.3.0.tgz |
CVE-2021-3807 | ansi-regex-4.1.0.tgz |
CVE-2019-11358 | jquery-1.9.1.js |
CVE-2022-25883 | semver-7.3.5.tgz |
CVE-2024-28863 | tar-6.1.11.tgz |
CVE-2023-46234 | browserify-sign-4.2.1.tgz |
CVE-2023-26115 | word-wrap-1.2.3.tgz |
CVE-2021-23358 | underscore-1.6.0.tgz |
CVE-2021-3749 | axios-0.21.1.tgz |
CVE-2012-6708 | jquery-1.8.1.min.js |
CVE-2020-7656 | jquery-1.8.1.min.js |
CVE-2020-8203 | lodash-2.4.2.tgz |
CVE-2021-43307 | semver-regex-1.0.0.tgz |
CVE-2022-25883 | semver-6.3.0.tgz |
CVE-2023-45133 | traverse-7.15.0.tgz |
CVE-2021-23337 | lodash-2.4.2.tgz |
CVE-2021-3807 | ansi-regex-5.0.0.tgz |
CVE-2020-7753 | trim-0.0.1.tgz |
CVE-2022-33987 | got-9.6.0.tgz |
CVE-2021-3795 | semver-regex-3.1.2.tgz |
CVE-2023-45857 | axios-0.21.1.tgz |
CVE-2021-3918 | json-schema-0.2.3.tgz |
CVE-2022-24999 | qs-6.5.2.tgz |
CVE-2021-3807 | ansi-regex-3.0.0.tgz |
CVE-2022-31051 | semantic-release-17.4.7.tgz |
CVE-2021-43307 | semver-regex-3.1.2.tgz |
CVE-2022-36083 | jose-2.0.5.tgz |
CVE-2022-25883 | semver-5.7.1.tgz |
CVE-2024-28849 | follow-redirects-1.14.2.tgz |
CVE-2020-26301 | ssh2-0.8.9.tgz |
CVE-2020-11023 | jquery-1.8.1.min.js |
CVE-2019-1010266 | lodash-2.4.2.tgz |
CVE-2021-43138 | async-3.2.1.tgz |
CVE-2020-11023 | jquery-1.9.1.js |
CVE-2018-3721 | lodash-2.4.2.tgz |
CVE-2021-3777 | tmpl-1.0.4.tgz |
CVE-2021-43616 | npm-7.21.1.tgz |
CVE-2023-26136 | tough-cookie-4.0.0.tgz |
CVE-2015-9251 | jquery-1.8.1.min.js |
CVE-2022-29244 | npm-7.21.1.tgz |
CVE-2023-42282 | ip-1.1.5.tgz |
CVE-2020-11022 | jquery-1.8.1.min.js |
CVE-2021-23425 | trim-off-newlines-1.0.1.tgz |
CVE-2019-10744 | lodash-2.4.2.tgz |
CVE-2022-0536 | follow-redirects-1.14.2.tgz |
Base branch total remaining vulnerabilities: 73
Base branch commit: null
Total libraries scanned: 531
Scan token: fbab2bfb78f643c3a4fd22f92fbd004d