Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @azure/storage-blob from 12.2.1 to 12.14.0 #615

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

fix: upgrade @azure/storage-blob from 12.2.1 to 12.14.0

e60958d
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Upgrade @azure/storage-blob from 12.2.1 to 12.14.0 #615

fix: upgrade @azure/storage-blob from 12.2.1 to 12.14.0
e60958d
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Jul 12, 2023 in 3m 4s

Security Report

You have successfully remediated 17 vulnerabilities, but introduced 3 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-2976

Path to dependency file: /packages/playwright-core/src/server/android/driver/app/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/28.1-jre/b0e91dcb6a44ffb6221b5027e12a5cb34b841145/guava-28.1-jre.jar

Dependency Hierarchy:

-> lint-gradle-27.1.0.jar (Root Library)

   -> builder-4.1.0.jar

     -> apkzlib-4.1.0.jar

       -> ❌ guava-28.1-jre.jar (Vulnerable Library)

High 7.1 guava-28.1-jre.jar Upgrade to version: com.google.guava:guava:32.0.1-jre,com.google.guava:guava:32.0.1-android None
CVE-2023-33201

Path to dependency file: /packages/playwright-core/src/server/android/driver/app/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.56/a153c6f9744a3e9dd6feab5e210e1c9861362ec7/bcprov-jdk15on-1.56.jar

Dependency Hierarchy:

-> lint-gradle-27.1.0.jar (Root Library)

   -> builder-4.1.0.jar

     -> ❌ bcprov-jdk15on-1.56.jar (Vulnerable Library)

Medium 6.5 bcprov-jdk15on-1.56.jar Upgrade to version: org.bouncycastle:bcprov-ext-jdk18on:1.74, org.bouncycastle:bcprov-jdk18on:1.74, org.bouncycastle:bcprov-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-jdk15to18:1.74, org.bouncycastle:bcprov-jdk15to18:1.74, org.bouncycastle:bcprov-debug-jdk14:1.74, org.bouncycastle:bcprov-debug-jdk15to18:1.74, org.bouncycastle:bcprov-ext-debug-jdk14:1.74, org.bouncycastle:bcprov-ext-debug-jdk15to18:1.74, org.bouncycastle:bcprov-jdk14:1.74 None
CVE-2022-25883

Dependency Hierarchy:

-> test-1.19.0-alpha-1643749494000.tgz (Root Library)

   -> core-7.16.12.tgz

     -> ❌ semver-6.3.0.tgz (Vulnerable Library)

Medium 5.3 semver-6.3.0.tgz Upgrade to version: semver - 7.5.2 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2022-33987 got-9.6.0.tgz
CVE-2023-0842 xml2js-0.4.23.tgz
CVE-2022-25881 http-cache-semantics-4.1.0.tgz
CVE-2022-37601 loader-utils-1.4.0.tgz
CVE-2022-29247 electron-12.2.1.tgz
CVE-2022-46175 json5-1.0.1.tgz
CVE-2022-37599 loader-utils-2.0.0.tgz
CVE-2022-37603 loader-utils-2.0.0.tgz
CVE-2021-33502 normalize-url-4.5.0.tgz
CVE-2022-37601 loader-utils-2.0.0.tgz
CVE-2023-28154 webpack-5.68.0.tgz
CVE-2020-15522 bcprov-jdk15on-1.64.jar
CVE-2022-36077 electron-12.2.1.tgz
CVE-2022-29257 electron-12.2.1.tgz
CVE-2022-25858 terser-5.10.0.tgz
CVE-2022-24999 qs-6.9.3.tgz
CVE-2022-21718 electron-12.2.1.tgz

Base branch total remaining vulnerabilities: 43
Base branch commit: 75b1b367dd4a1fb86cc96f5a7a44e354f1ca3a39


Total libraries scanned: 356

Scan token: 6bc9cd4871d444afbe2f6c43379e668b

View more details on Mend Bolt for GitHub