[Snyk] Upgrade @azure/storage-blob from 12.2.1 to 12.14.0 #620
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2023-2976Path to dependency file: /packages/playwright-core/src/server/android/driver/app/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/28.1-jre/b0e91dcb6a44ffb6221b5027e12a5cb34b841145/guava-28.1-jre.jar Dependency Hierarchy: -> lint-gradle-27.1.0.jar (Root Library) -> zipflinger-4.1.0.jar -> common-27.1.0.jar -> ❌ guava-28.1-jre.jar (Vulnerable Library) |
 High |
7.1 | guava-28.1-jre.jar | Upgrade to version: com.google.guava:guava:32.0.1-jre,com.google.guava:guava:32.0.1-android | None |
CVE-2023-33201Path to dependency file: /packages/playwright-core/src/server/android/driver/app/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.64/513f78dc2971d73eec9716788948ec02704899aa/bcprov-jdk15on-1.64.pom Dependency Hierarchy: -> ❌ bcprov-jdk15on-1.64.jar (Vulnerable Library) |
 Medium |
6.5 | bcprov-jdk15on-1.64.jar | Upgrade to version: org.bouncycastle:bcprov-ext-jdk18on:1.74, org.bouncycastle:bcprov-jdk18on:1.74, org.bouncycastle:bcprov-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-jdk15to18:1.74, org.bouncycastle:bcprov-jdk15to18:1.74, org.bouncycastle:bcprov-debug-jdk14:1.74, org.bouncycastle:bcprov-debug-jdk15to18:1.74, org.bouncycastle:bcprov-ext-debug-jdk14:1.74, org.bouncycastle:bcprov-ext-debug-jdk15to18:1.74, org.bouncycastle:bcprov-jdk14:1.74 | None |
CVE-2023-33201Path to dependency file: /packages/playwright-core/src/server/android/driver/app/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.56/a153c6f9744a3e9dd6feab5e210e1c9861362ec7/bcprov-jdk15on-1.56.jar Dependency Hierarchy: -> lint-gradle-27.1.0.jar (Root Library) -> builder-4.1.0.jar -> ❌ bcprov-jdk15on-1.56.jar (Vulnerable Library) |
Medium |
6.5 | bcprov-jdk15on-1.56.jar | Upgrade to version: org.bouncycastle:bcprov-ext-jdk18on:1.74, org.bouncycastle:bcprov-jdk18on:1.74, org.bouncycastle:bcprov-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-jdk15to18:1.74, org.bouncycastle:bcprov-jdk15to18:1.74, org.bouncycastle:bcprov-debug-jdk14:1.74, org.bouncycastle:bcprov-debug-jdk15to18:1.74, org.bouncycastle:bcprov-ext-debug-jdk14:1.74, org.bouncycastle:bcprov-ext-debug-jdk15to18:1.74, org.bouncycastle:bcprov-jdk14:1.74 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /node_modules/semver/package.json,/tests/playwright-test/stable-test-runner/node_modules/semver/package.json Dependency Hierarchy: -> test-1.19.0-alpha-1643749494000.tgz (Root Library) -> core-7.16.12.tgz -> ❌ semver-6.3.0.tgz (Vulnerable Library) |
Medium |
5.3 | semver-6.3.0.tgz | Upgrade to version: semver - 7.5.2 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2022-33987 | got-9.6.0.tgz |
| CVE-2023-0842 | xml2js-0.4.23.tgz |
| CVE-2022-25881 | http-cache-semantics-4.1.0.tgz |
| CVE-2022-37601 | loader-utils-1.4.0.tgz |
| CVE-2022-29247 | electron-12.2.1.tgz |
| CVE-2022-46175 | json5-1.0.1.tgz |
| CVE-2022-37599 | loader-utils-2.0.0.tgz |
| CVE-2022-37603 | loader-utils-2.0.0.tgz |
| CVE-2021-33502 | normalize-url-4.5.0.tgz |
| CVE-2022-37601 | loader-utils-2.0.0.tgz |
| CVE-2023-28154 | webpack-5.68.0.tgz |
| CVE-2022-36077 | electron-12.2.1.tgz |
| CVE-2022-29257 | electron-12.2.1.tgz |
| CVE-2022-25858 | terser-5.10.0.tgz |
| CVE-2022-24999 | qs-6.9.3.tgz |
| CVE-2022-21718 | electron-12.2.1.tgz |
Base branch total remaining vulnerabilities: 43
Base branch commit: 75b1b367dd4a1fb86cc96f5a7a44e354f1ca3a39
Total libraries scanned: 356
Scan token: ee37412b0cdc431ba8d2163d18795b4e