Update dependency express-ws to v5 #46
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-37168Path to dependency file: /cloud-translation/JavaScript/sms-translation/package.json Path to vulnerable library: /cloud-translation/JavaScript/sms-translation/node_modules/@grpc/grpc-js/package.json,/natural-language/JavaScript/sms-sentiment/node_modules/@grpc/grpc-js/package.json Dependency Hierarchy: -> language-3.8.0.tgz (Root Library) -> google-gax-1.15.4.tgz -> ❌ grpc-js-1.3.8.tgz (Vulnerable Library) |
 Medium |
5.3 | grpc-js-1.3.8.tgz | Upgrade to version: @grpc/grpc-js - 1.8.22,1.9.15,1.10.9 | #29 |
CVE-2024-37168Path to dependency file: /speech-to-text/JavaScript/voice-transcription/package.json Path to vulnerable library: /speech-to-text/JavaScript/voice-transcription/node_modules/@grpc/grpc-js/package.json Dependency Hierarchy: -> speech-2.3.1.tgz (Root Library) -> google-gax-0.25.6.tgz -> ❌ grpc-js-0.3.6.tgz (Vulnerable Library) |
Medium |
5.3 | grpc-js-0.3.6.tgz | Upgrade to version: @grpc/grpc-js - 1.8.22,1.9.15,1.10.9 | #25 |
CVE-2024-37168Path to dependency file: /firebase/JavaScript/functions/package.json Path to vulnerable library: /firebase/JavaScript/functions/package.json Dependency Hierarchy: -> dialogflow-2.0.0.tgz (Root Library) -> google-gax-2.3.1.tgz -> ❌ grpc-js-1.0.3.tgz (Vulnerable Library) |
Medium |
5.3 | grpc-js-1.0.3.tgz | Upgrade to version: @grpc/grpc-js - 1.8.22,1.9.15,1.10.9 | #22 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2024-29041 | express-4.18.2.tgz |
| CVE-2024-37890 | ws-5.2.3.tgz |
| CVE-2024-28863 | tar-6.1.11.tgz |
| CVE-2023-36665 | protobufjs-6.11.3.tgz |
| CVE-2022-25883 | semver-7.3.8.tgz |
Base branch total remaining vulnerabilities: 56
Base branch commit: null
Total libraries scanned: 498
Scan token: 9d3e8569f5194b7abbbe7a1fb98574d9