Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 2.x] Poll for results from frontend for async search #8514

Merged
merged 1 commit into from
Oct 7, 2024

Poll for results from frontend for async search (#8481)

7fa8891
Select commit
Loading
Failed to load commit list.
Merged

[Backport 2.x] Poll for results from frontend for async search #8514

Poll for results from frontend for async search (#8481)
7fa8891
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Oct 7, 2024 in 7m 54s

Security Report

You have successfully remediated 2 vulnerabilities, but introduced 4 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
WS-2017-3772

Vulnerable Source Files:

❌ /packages/osd-ui-framework/node_modules/underscore.string/unescapeHTML.js

 High 7.5 juice-shopjuice-shop-14.5.1_node16_darwin_x64 Upgrade to version: underscore.string - 3.3.5 #4734
CVE-2024-39338

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/chromedriver/node_modules/axios/package.json

Dependency Hierarchy:

-> chromedriver-107.0.3.tgz (Root Library)

   -> ❌ axios-1.7.2.tgz (Vulnerable Library)

High 7.5 axios-1.7.2.tgz Upgrade to version: axios - 1.7.4 #7682
CVE-2023-26156

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/chromedriver/package.json

Dependency Hierarchy:

-> ❌ chromedriver-107.0.3.tgz (Vulnerable Library)

Medium 5.6 chromedriver-107.0.3.tgz Upgrade to version: chromedriver - 119.0.1 None
CVE-2024-47764

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/cookie/package.json

Dependency Hierarchy:

-> elastic-apm-node-3.43.0.tgz (Root Library)

   -> ❌ cookie-0.5.0.tgz (Vulnerable Library)

Medium 5.5 cookie-0.5.0.tgz Upgrade to version: cookie - 0.7.0 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2023-28155 request-2.88.12.tgz
WS-2017-3772 juice-shop-juice-shop-15.3.0_node20_win32_x64

Base branch total remaining vulnerabilities: 15
Base branch commit: 58e16454ca91d5c73b08ff73ed45d4f1f0cd96e5


Total libraries scanned: 2454

Scan token: 821b12dc238d492a83c2698960be60f2

View more details on Mend for GitHub.com