Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Update angular patternfly to 4.18.7 #9204

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Update angular patternfly to 4.18.7

5ef5c55
Select commit
Loading
Failed to load commit list.
Open

[WIP] Update angular patternfly to 4.18.7 #9204

Update angular patternfly to 4.18.7
5ef5c55
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Jun 11, 2024 in 26m 16s

Security Report

You have successfully remediated 17 vulnerabilities, but introduced 3 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2022-31129

Path to dependency file: /package.json

Path to vulnerable library: /home/wss-scanner/.yarn/berry/cache/moment-npm-2.19.4-570ae9deeb-10.zip

Dependency Hierarchy:

-> angular-patternfly-4.18.7.tgz (Root Library)

   -> ❌ moment-2.19.4.tgz (Vulnerable Library)

High 7.5 moment-2.19.4.tgz Upgrade to version: moment - 2.29.4 #8352
CVE-2022-24785

Path to dependency file: /package.json

Path to vulnerable library: /home/wss-scanner/.yarn/berry/cache/moment-npm-2.19.4-570ae9deeb-10.zip

Dependency Hierarchy:

-> angular-patternfly-4.18.7.tgz (Root Library)

   -> ❌ moment-2.19.4.tgz (Vulnerable Library)

High 7.5 moment-2.19.4.tgz Upgrade to version: moment - 2.29.2 #8224
CVE-2019-20921

Path to dependency file: /package.json

Path to vulnerable library: /home/wss-scanner/.yarn/berry/cache/bootstrap-select-npm-1.12.4-0f8c034d6e-10.zip

Dependency Hierarchy:

-> angular-patternfly-4.18.7.tgz (Root Library)

   -> ❌ bootstrap-select-1.12.4.tgz (Vulnerable Library)

Medium 6.1 bootstrap-select-1.12.4.tgz Upgrade to version: bootstrap-select - 1.13.6 #8030

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2019-10744 lodash-3.10.1.tgz
CVE-2019-10768 angular-1.6.10.tgz
WS-2016-0075 moment-2.14.1.tgz
CVE-2024-21490 angular-1.6.10.tgz
CVE-2019-1010266 lodash-3.10.1.tgz
CVE-2018-3721 lodash-3.10.1.tgz
CVE-2022-25869 angular-1.6.10.tgz
CVE-2021-23337 lodash-3.10.1.tgz
CVE-2020-7676 angular-1.6.10.tgz
CVE-2017-18214 moment-2.14.1.tgz
CVE-2022-24785 moment-2.14.1.tgz
CVE-2020-28500 lodash-3.10.1.tgz
CVE-2018-16487 lodash-3.10.1.tgz
CVE-2020-8203 lodash-3.10.1.tgz
CVE-2023-26118 angular-1.6.10.tgz
CVE-2023-26117 angular-1.6.10.tgz
CVE-2023-26116 angular-1.6.10.tgz

Base branch total remaining vulnerabilities: 50
Base branch commit: d1edba31f2235826f7caa55a6f3b7b537b723640


Total libraries scanned: 422

Scan token: dfe1638bbe834a77919d5755a41c3f49

View more details on Mend Bolt for GitHub