[Backport 2.x] [CVE-2024-45801] Bump dompurify
from 2.4.7 to 2.5.6
#445
Mend for GitHub.com / WhiteSource Security Check
failed
Sep 25, 2024 in 4m 55s
Security Report
You have successfully remediated 1 vulnerabilities, but introduced 2 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2024-45801Path to dependency file: /package.json Path to vulnerable library: /node_modules/dompurify/package.json Dependency Hierarchy: -> ❌ dompurify-3.1.2.tgz (Vulnerable Library) |
High | 7.3 | dompurify-3.1.2.tgz | Upgrade to version: domPurify - 2.5.4,3.1.3 | None |
CVE-2024-1899Path to dependency file: /package.json Path to vulnerable library: /node_modules/showdown/package.json Dependency Hierarchy: -> ❌ showdown-1.9.1.tgz (Vulnerable Library) |
Medium | 5.3 | showdown-1.9.1.tgz | #323 |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2024-1899 | showdown-2.1.0.tgz |
Base branch total remaining vulnerabilities: 2
Base branch commit: eec1dfd7a2f4f45c8368ab8f7b32e203056511af
Total libraries scanned: 425
Scan token: 40e52c242a184aa7b2979af19d46d5ee
Loading