This repository has been archived by the owner on Dec 21, 2023. It is now read-only.
Update dependency husky to v5 (master) #72
Appcues WSS / WhiteSource Security Check
failed
Sep 22, 2023 in 4m 11s
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /node_modules/semver/package.json Dependency Hierarchy: -> analytics.js-integration-facebook-pixel-2.11.4.tgz (Root Library) -> dateformat-1.0.12.tgz -> meow-3.7.0.tgz -> normalize-package-data-2.5.0.tgz -> ❌ semver-5.7.0.tgz (Vulnerable Library) |
 High |
7.5 | semver-5.7.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2020-23064Path to dependency file: /package.json Path to vulnerable library: /node_modules/jquery/package.json Dependency Hierarchy: -> @segment/analytics.js-integration-uservoice-2.0.1.tgz (Root Library) -> ❌ jquery-2.2.4.tgz (Vulnerable Library) |
 Medium |
6.1 | jquery-2.2.4.tgz | Upgrade to version: jquery - 3.5.0 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| WS-2021-0638 | mocha-2.5.3.tgz |
| CVE-2017-20165 | debug-2.2.0.tgz |
| CVE-2021-37712 | tar-6.1.0.tgz |
| CVE-2019-10744 | lodash-4.17.11.tgz |
| WS-2019-0425 | mocha-2.5.3.tgz |
| WS-2021-0638 | mocha-6.1.4.tgz |
| CVE-2022-24773 | node-forge-0.10.0.tgz |
| CVE-2022-37601 | loader-utils-1.4.0.tgz |
| CVE-2021-23386 | dns-packet-1.3.1.tgz |
| CVE-2022-2218 | parse-url-5.0.1.tgz |
| CVE-2022-0235 | node-fetch-2.6.0.tgz |
| CVE-2020-7608 | yargs-parser-7.0.0.tgz |
| CVE-2018-3721 | lodash-3.10.1.tgz |
| CVE-2021-32804 | tar-6.1.0.tgz |
| CVE-2021-37713 | tar-4.4.10.tgz |
| CVE-2020-15366 | ajv-4.11.8.tgz |
| CVE-2022-24772 | node-forge-0.10.0.tgz |
| CVE-2021-23383 | handlebars-4.1.2.tgz |
| CVE-2022-48285 | jszip-3.2.1.tgz |
| CVE-2022-24771 | node-forge-0.10.0.tgz |
| CVE-2021-23413 | jszip-3.2.1.tgz |
| CVE-2021-42581 | ramda-0.21.0.tgz |
| CVE-2020-28500 | lodash-4.17.20.tgz |
| CVE-2021-3807 | ansi-regex-4.1.0.tgz |
| CVE-2021-37701 | tar-4.4.10.tgz |
| CVE-2022-2217 | parse-url-5.0.1.tgz |
| CVE-2022-0437 | karma-1.3.0.tgz |
| WS-2018-0347 | eslint-2.13.1.tgz |
| CVE-2022-0691 | url-parse-1.4.7.tgz |
| CVE-2016-10542 | ws-1.0.1.tgz |
| CVE-2021-3664 | url-parse-1.4.7.tgz |
| CVE-2021-32804 | tar-4.4.10.tgz |
| WS-2022-0239 | parse-url-5.0.1.tgz |
| CVE-2016-10539 | negotiator-0.4.9.tgz |
| CVE-2022-0512 | url-parse-1.4.7.tgz |
| CVE-2019-10744 | lodash.template-4.4.0.tgz |
| WS-2018-0625 | xmlbuilder-8.2.2.tgz |
| WS-2017-0421 | ws-1.0.1.tgz |
| CVE-2020-36049 | socket.io-parser-2.2.2.tgz |
| CVE-2017-16113 | parsejson-0.0.1.tgz |
| CVE-2022-0624 | parse-path-4.0.1.tgz |
| WS-2022-0008 | node-forge-0.10.0.tgz |
| CVE-2021-44906 | minimist-0.0.10.tgz |
| CVE-2020-7608 | yargs-parser-13.0.0.tgz |
| CVE-2022-0639 | url-parse-1.4.7.tgz |
| CVE-2021-32803 | tar-4.4.10.tgz |
| CVE-2022-21704 | log4js-4.3.1.tgz |
| CVE-2020-28481 | socket.io-1.4.7.tgz |
| CVE-2022-37603 | loader-utils-1.4.0.tgz |
| CVE-2021-37712 | tar-4.4.10.tgz |
| CVE-2020-36049 | socket.io-parser-2.2.6.tgz |
| CVE-2022-1650 | eventsource-1.0.7.tgz |
| CVE-2022-0536 | follow-redirects-1.7.0.tgz |
| CVE-2021-3918 | json-schema-0.2.3.tgz |
| CVE-2020-28481 | socket.io-2.1.1.tgz |
| CVE-2021-23364 | browserslist-4.16.3.tgz |
| CVE-2022-2216 | parse-url-5.0.1.tgz |
| CVE-2022-24999 | qs-6.5.2.tgz |
| CVE-2021-43307 | semver-regex-3.1.2.tgz |
| CVE-2021-37701 | tar-6.1.0.tgz |
| CVE-2020-7774 | y18n-4.0.0.tgz |
| CVE-2021-23495 | karma-4.1.0.tgz |
| CVE-2021-43138 | async-2.6.3.tgz |
| CVE-2020-28500 | lodash-3.10.1.tgz |
| CVE-2022-3517 | minimatch-0.3.0.tgz |
| CVE-2021-23424 | ansi-html-0.0.7.tgz |
| CVE-2022-33987 | got-6.7.1.tgz |
| CVE-2020-7608 | yargs-parser-11.1.1.tgz |
| CVE-2021-23337 | lodash-4.17.11.tgz |
| CVE-2022-29078 | ejs-2.7.4.tgz |
| CVE-2022-25858 | terser-5.5.1.tgz |
| CVE-2020-36049 | socket.io-parser-3.2.0.tgz |
| CVE-2020-7608 | yargs-parser-8.1.0.tgz |
| CVE-2022-37598 | uglify-js-3.6.0.tgz |
| CVE-2022-3224 | parse-url-5.0.1.tgz |
| CVE-2020-36632 | flat-4.1.0.tgz |
| CVE-2020-7598 | minimist-0.0.10.tgz |
| CVE-2020-28469 | glob-parent-2.0.0.tgz |
| CVE-2022-0155 | follow-redirects-1.7.0.tgz |
| CVE-2021-42581 | ramda-0.26.1.tgz |
| CVE-2020-8203 | lodash-4.17.11.tgz |
| CVE-2022-24999 | qs-6.7.0.tgz |
| CVE-2022-0235 | node-fetch-2.6.1.tgz |
| CVE-2019-10744 | lodash-3.10.1.tgz |
| CVE-2021-44906 | minimist-1.2.5.tgz |
| CVE-2022-21704 | log4js-0.6.38.tgz |
| CVE-2021-23369 | handlebars-4.7.6.tgz |
| CVE-2021-23807 | jsonpointer-4.1.0.tgz |
| CVE-2023-0842 | xml2js-0.4.19.tgz |
| CVE-2021-31597 | xmlhttprequest-ssl-1.5.1.tgz |
| CVE-2019-1010266 | lodash-3.10.1.tgz |
| WS-2018-0590 | diff-1.4.0.tgz |
| CVE-2021-23369 | handlebars-4.1.2.tgz |
| WS-2020-0042 | acorn-6.1.1.tgz |
| CVE-2022-46175 | json5-1.0.1.tgz |
| CVE-2020-28500 | lodash-4.17.11.tgz |
| CVE-2019-20920 | handlebars-4.1.2.tgz |
| CVE-2022-0686 | url-parse-1.4.7.tgz |
| CVE-2017-16137 | debug-2.2.0.tgz |
| CVE-2022-46175 | json5-2.2.0.tgz |
| CVE-2021-23337 | lodash-3.10.1.tgz |
| CVE-2022-24066 | simple-git-1.113.0.tgz |
| CVE-2019-20922 | handlebars-4.1.2.tgz |
| CVE-2022-41940 | engine.io-1.6.10.tgz |
| WS-2020-0450 | handlebars-4.1.2.tgz |
| CVE-2022-0437 | karma-4.1.0.tgz |
| CVE-2021-42740 | shell-quote-1.6.1.tgz |
| WS-2020-0443 | socket.io-1.4.7.tgz |
| CVE-2020-7707 | property-expr-1.5.1.tgz |
| CVE-2016-10540 | minimatch-0.3.0.tgz |
| CVE-2020-28502 | xmlhttprequest-ssl-1.5.5.tgz |
| CVE-2020-8116 | dot-prop-4.2.0.tgz |
| CVE-2022-24433 | simple-git-1.113.0.tgz |
| CVE-2019-19919 | handlebars-4.1.2.tgz |
| CVE-2020-15366 | ajv-6.10.0.tgz |
| WS-2020-0443 | socket.io-2.1.1.tgz |
| WS-2019-0310 | https-proxy-agent-2.2.1.tgz |
| CVE-2021-32640 | ws-6.2.1.tgz |
| CVE-2021-32803 | tar-6.1.0.tgz |
| CVE-2020-7598 | minimist-0.0.8.tgz |
| CVE-2017-16042 | growl-1.9.2.tgz |
| CVE-2020-7608 | yargs-parser-13.1.1.tgz |
| CVE-2021-3795 | semver-regex-3.1.2.tgz |
| CVE-2021-31597 | xmlhttprequest-ssl-1.5.5.tgz |
| CVE-2020-8116 | dot-prop-3.0.0.tgz |
| CVE-2022-0722 | parse-url-5.0.1.tgz |
| CVE-2020-28469 | glob-parent-3.1.0.tgz |
| CVE-2021-43138 | async-2.6.2.tgz |
| WS-2021-0153 | ejs-2.7.4.tgz |
| CVE-2021-3807 | ansi-regex-3.0.0.tgz |
| CVE-2022-25912 | simple-git-1.113.0.tgz |
| WS-2022-0238 | parse-url-5.0.1.tgz |
| CVE-2021-23358 | underscore-1.12.0.tgz |
| CVE-2021-23495 | karma-1.3.0.tgz |
| CVE-2021-23518 | cached-path-relative-1.0.2.tgz |
| CVE-2021-23337 | lodash-4.17.20.tgz |
| WS-2020-0091 | http-proxy-1.17.0.tgz |
| CVE-2019-15657 | eslint-utils-1.3.1.tgz |
| CVE-2021-27515 | url-parse-1.4.7.tgz |
| CVE-2020-15366 | ajv-5.5.2.tgz |
| CVE-2020-36048 | engine.io-3.2.1.tgz |
| CVE-2022-25881 | http-cache-semantics-3.8.1.tgz |
| CVE-2018-16487 | lodash-3.10.1.tgz |
| CVE-2020-28469 | glob-parent-5.1.1.tgz |
| CVE-2020-15168 | node-fetch-2.6.0.tgz |
| CVE-2023-28155 | request-2.88.0.tgz |
| WS-2018-0650 | useragent-2.3.0.tgz |
| CVE-2020-28502 | xmlhttprequest-ssl-1.5.1.tgz |
| CVE-2022-0122 | node-forge-0.10.0.tgz |
| CVE-2021-37713 | tar-6.1.0.tgz |
| CVE-2020-8203 | lodash-3.10.1.tgz |
| WS-2020-0042 | acorn-5.7.3.tgz |
| CVE-2022-2900 | parse-url-5.0.1.tgz |
| CVE-2019-20149 | kind-of-6.0.2.tgz |
| WS-2017-0107 | ws-1.0.1.tgz |
| CVE-2022-0144 | shelljs-0.6.1.tgz |
| WS-2022-0237 | parse-url-5.0.1.tgz |
| CVE-2021-44906 | minimist-0.0.8.tgz |
| CVE-2020-36048 | engine.io-1.6.10.tgz |
| CVE-2022-3517 | minimatch-3.0.4.tgz |
| CVE-2022-25858 | terser-4.8.0.tgz |
| CVE-2021-23425 | trim-off-newlines-1.0.1.tgz |
| CVE-2021-23383 | handlebars-4.7.6.tgz |
| CVE-2022-41940 | engine.io-3.2.1.tgz |
Base branch total remaining vulnerabilities: 183
Base branch commit: null
Total libraries scanned: 366
Scan token: 13ec221c95a149a9a73c3a3b5e5dcec7
Loading