Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency kramdown to v2.3.1 #113

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

chore(deps): update dependency kramdown to v2.3.1

8478dc2
Select commit
Loading
Failed to load commit list.
Open

chore(deps): update dependency kramdown to v2.3.1 #113

chore(deps): update dependency kramdown to v2.3.1
8478dc2
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Dec 15, 2024 in 3m 24s

Security Report

You have successfully remediated 94 vulnerabilities, but introduced 47 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2022-2421

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-parser/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> ❌ socket.io-parser-2.2.4.tgz (Vulnerable Library)

Critical 10.0 socket.io-parser-2.2.4.tgz Upgrade to version: socket.io-parser - 3.3.3,3.4.2,4.0.5,4.2.1;org.webjars.npm:socket.io-parser:4.0.5,4.2.1 #95
CVE-2022-2421

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-adapter/node_modules/socket.io-parser/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-adapter-0.3.1.tgz

     -> ❌ socket.io-parser-2.2.2.tgz (Vulnerable Library)

Critical 10.0 socket.io-parser-2.2.2.tgz Upgrade to version: socket.io-parser - 3.3.3,3.4.2,4.0.5,4.2.1;org.webjars.npm:socket.io-parser:4.0.5,4.2.1 #95
CVE-2019-10744

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-cli-0.1.13.tgz (Root Library)

   -> findup-sync-0.1.3.tgz

     -> ❌ lodash-2.4.2.tgz (Vulnerable Library)

Critical 9.1 lodash-2.4.2.tgz Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 #8
WS-2020-0443

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io/package.json

Dependency Hierarchy:

-> ❌ socket.io-1.3.7.tgz (Vulnerable Library)

High 8.1 socket.io-1.3.7.tgz Upgrade to version: socket.io - 2.4.0 #59
CVE-2020-28502

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/xmlhttprequest/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> engine.io-client-1.5.4.tgz

       -> ❌ xmlhttprequest-1.5.0.tgz (Vulnerable Library)

High 8.1 xmlhttprequest-1.5.0.tgz Upgrade to version: xmlhttprequest - 1.7.0,xmlhttprequest-ssl - 1.6.2 #50
WS-2017-0421

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/ws/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> engine.io-client-1.5.4.tgz

       -> ❌ ws-0.8.0.tgz (Vulnerable Library)

High 7.5 ws-0.8.0.tgz Upgrade to version: ws - 1.1.5,3.3.1 #112
CVE-2022-24999

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/qs/package.json

Dependency Hierarchy:

-> express-4.13.4.tgz (Root Library)

   -> ❌ qs-4.0.0.tgz (Vulnerable Library)

High 7.5 qs-4.0.0.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #76
CVE-2020-36049

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-parser/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> ❌ socket.io-parser-2.2.4.tgz (Vulnerable Library)

High 7.5 socket.io-parser-2.2.4.tgz Upgrade to version: socket.io-parser - 3.3.2,3.4.1 #53
CVE-2020-36049

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-adapter/node_modules/socket.io-parser/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-adapter-0.3.1.tgz

     -> ❌ socket.io-parser-2.2.2.tgz (Vulnerable Library)

High 7.5 socket.io-parser-2.2.2.tgz Upgrade to version: socket.io-parser - 3.3.2,3.4.1 #53
CVE-2020-36048

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/engine.io/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> ❌ engine.io-1.5.4.tgz (Vulnerable Library)

High 7.5 engine.io-1.5.4.tgz Upgrade to version: engine.io - 4.0.0 #52
CVE-2017-16113

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/parsejson/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> engine.io-client-1.5.4.tgz

       -> ❌ parsejson-0.0.1.tgz (Vulnerable Library)

High 7.5 parsejson-0.0.1.tgz #14
CVE-2017-1000048

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/qs/package.json

Dependency Hierarchy:

-> express-4.13.4.tgz (Root Library)

   -> ❌ qs-4.0.0.tgz (Vulnerable Library)

High 7.5 qs-4.0.0.tgz Upgrade to version: qs - 6.0.4,6.1.2,6.2.3,6.3.2 #10
CVE-2016-10542

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/ws/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> engine.io-client-1.5.4.tgz

       -> ❌ ws-0.8.0.tgz (Vulnerable Library)

High 7.5 ws-0.8.0.tgz Upgrade to version: v2.4.24 None
CVE-2016-10539

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/negotiator/package.json

Dependency Hierarchy:

-> express-4.13.4.tgz (Root Library)

   -> accepts-1.2.13.tgz

     -> ❌ negotiator-0.5.3.tgz (Vulnerable Library)

High 7.5 negotiator-0.5.3.tgz Upgrade to version: 0.6.1 None
CVE-2016-10518

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/ws/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> engine.io-client-1.5.4.tgz

       -> ❌ ws-0.8.0.tgz (Vulnerable Library)

High 7.5 ws-0.8.0.tgz Upgrade to version: 1.0.0 None
CVE-2015-8315

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/engine.io/node_modules/ms/package.json,/assets/wmt/reveal/plugin/multiplex/node_modules/engine.io-client/node_modules/ms/package.json,/assets/wmt/reveal/plugin/multiplex/node_modules/socket.io/node_modules/ms/package.json,/assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-adapter/node_modules/ms/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> engine.io-client-1.5.4.tgz

       -> debug-1.0.4.tgz

         -> ❌ ms-0.6.2.tgz (Vulnerable Library)

High 7.5 ms-0.6.2.tgz Upgrade to version: 0.7.1 None
WS-2017-0107

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/ws/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> engine.io-client-1.5.4.tgz

       -> ❌ ws-0.8.0.tgz (Vulnerable Library)

High 7.4 ws-0.8.0.tgz Upgrade to version: 2.0.0-beta.0 None
CVE-2020-8203

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-cli-0.1.13.tgz (Root Library)

   -> findup-sync-0.1.3.tgz

     -> ❌ lodash-2.4.2.tgz (Vulnerable Library)

High 7.4 lodash-2.4.2.tgz Upgrade to version: lodash - 4.17.19 #19
CVE-2021-23337

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-cli-0.1.13.tgz (Root Library)

   -> findup-sync-0.1.3.tgz

     -> ❌ lodash-2.4.2.tgz (Vulnerable Library)

High 7.2 lodash-2.4.2.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 #42
CVE-2022-41940

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/engine.io/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> ❌ engine.io-1.5.4.tgz (Vulnerable Library)

High 7.1 engine.io-1.5.4.tgz Upgrade to version: engine.io - 3.6.1,6.2.1 #75
CVE-2019-1010266

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-cli-0.1.13.tgz (Root Library)

   -> findup-sync-0.1.3.tgz

     -> ❌ lodash-2.4.2.tgz (Vulnerable Library)

Medium 6.5 lodash-2.4.2.tgz Upgrade to version: lodash-4.17.11 #25
CVE-2018-3721

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-cli-0.1.13.tgz (Root Library)

   -> findup-sync-0.1.3.tgz

     -> ❌ lodash-2.4.2.tgz (Vulnerable Library)

Medium 6.5 lodash-2.4.2.tgz Upgrade to version: lodash 4.17.5 #38
CVE-2024-29041

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.13.4.tgz (Vulnerable Library)

Medium 6.1 express-4.13.4.tgz Upgrade to version: express - 4.19.0 #98
CVE-2024-43398

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rexml-3.2.9.gem

Dependency Hierarchy:

-> kramdown-2.3.2.gem (Root Library)

   -> ❌ rexml-3.2.9.gem (Vulnerable Library)

Medium 5.9 rexml-3.2.9.gem Upgrade to version: rexml - 3.3.6 #107
CVE-2016-10536

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/engine.io-client/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> ❌ engine.io-client-1.5.4.tgz (Vulnerable Library)

Medium 5.9 engine.io-client-1.5.4.tgz Upgrade to version: JetBrains.Rider.Frontend5 - 213.0.20211008.154703-eap03;engine.io-client - 1.6.9 None
CVE-2018-16487

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-cli-0.1.13.tgz (Root Library)

   -> findup-sync-0.1.3.tgz

     -> ❌ lodash-2.4.2.tgz (Vulnerable Library)

Medium 5.6 lodash-2.4.2.tgz Upgrade to version: lodash 4.17.11 #24
CVE-2024-47764

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/cookie/package.json

Dependency Hierarchy:

-> express-4.13.4.tgz (Root Library)

   -> ❌ cookie-0.1.5.tgz (Vulnerable Library)

Medium 5.3 cookie-0.1.5.tgz Upgrade to version: cookie - 0.7.0 #110
CVE-2024-41946

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rexml-3.2.9.gem

Dependency Hierarchy:

-> kramdown-2.3.2.gem (Root Library)

   -> ❌ rexml-3.2.9.gem (Vulnerable Library)

Medium 5.3 rexml-3.2.9.gem Upgrade to version: rexml - 3.3.3 #105
CVE-2024-41123

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rexml-3.2.9.gem

Dependency Hierarchy:

-> kramdown-2.3.2.gem (Root Library)

   -> ❌ rexml-3.2.9.gem (Vulnerable Library)

Medium 5.3 rexml-3.2.9.gem Upgrade to version: rexml - 3.3.3 #106
CVE-2020-28500

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-cli-0.1.13.tgz (Root Library)

   -> findup-sync-0.1.3.tgz

     -> ❌ lodash-2.4.2.tgz (Vulnerable Library)

Medium 5.3 lodash-2.4.2.tgz Upgrade to version: lodash - 4.17.21 #49
CVE-2020-28481

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io/package.json

Dependency Hierarchy:

-> ❌ socket.io-1.3.7.tgz (Vulnerable Library)

Medium 5.3 socket.io-1.3.7.tgz Upgrade to version: 2.4.0 #40
CVE-2024-43800

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/serve-static/package.json

Dependency Hierarchy:

-> express-4.13.4.tgz (Root Library)

   -> ❌ serve-static-1.10.3.tgz (Vulnerable Library)

Medium 5.0 serve-static-1.10.3.tgz Upgrade to version: serve-static - 1.16.0,2.1.0 None
CVE-2024-43799

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/send/package.json

Dependency Hierarchy:

-> express-4.13.4.tgz (Root Library)

   -> ❌ send-0.13.1.tgz (Vulnerable Library)

Medium 5.0 send-0.13.1.tgz Upgrade to version: send - 0.19.0 None
CVE-2024-43799

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/serve-static/node_modules/send/package.json

Dependency Hierarchy:

-> express-4.13.4.tgz (Root Library)

   -> serve-static-1.10.3.tgz

     -> ❌ send-0.13.2.tgz (Vulnerable Library)

Medium 5.0 send-0.13.2.tgz Upgrade to version: send - 0.19.0 None
CVE-2024-43796

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.13.4.tgz (Vulnerable Library)

Medium 5.0 express-4.13.4.tgz Upgrade to version: express - 4.20.0,5.0.0 None
CVE-2024-39908

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rexml-3.2.9.gem

Dependency Hierarchy:

-> kramdown-2.3.2.gem (Root Library)

   -> ❌ rexml-3.2.9.gem (Vulnerable Library)

Medium 4.3 rexml-3.2.9.gem Upgrade to version: rexml - 3.3.2 #104
CVE-2017-20162

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/engine.io/node_modules/ms/package.json,/assets/wmt/reveal/plugin/multiplex/node_modules/engine.io-client/node_modules/ms/package.json,/assets/wmt/reveal/plugin/multiplex/node_modules/socket.io/node_modules/ms/package.json,/assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-adapter/node_modules/ms/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> engine.io-client-1.5.4.tgz

       -> debug-1.0.4.tgz

         -> ❌ ms-0.6.2.tgz (Vulnerable Library)

Medium 4.3 ms-0.6.2.tgz Upgrade to version: ms - 2.0.0 #78
CVE-2017-16137

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-client/node_modules/debug/package.json,/assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-parser/node_modules/debug/package.json,/assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-adapter/node_modules/socket.io-parser/node_modules/debug/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> ❌ debug-0.7.4.tgz (Vulnerable Library)

Low 3.7 debug-0.7.4.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 #16
CVE-2017-16137

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io/node_modules/debug/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> ❌ debug-2.1.0.tgz (Vulnerable Library)

Low 3.7 debug-2.1.0.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 #16
CVE-2017-16137

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/engine.io/node_modules/debug/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> engine.io-1.5.4.tgz

     -> ❌ debug-1.0.3.tgz (Vulnerable Library)

Low 3.7 debug-1.0.3.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 #16
CVE-2017-16137

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-adapter/node_modules/debug/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-adapter-0.3.1.tgz

     -> ❌ debug-1.0.2.tgz (Vulnerable Library)

Low 3.7 debug-1.0.2.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 #16
CVE-2017-16137

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/engine.io-client/node_modules/debug/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> engine.io-client-1.5.4.tgz

       -> ❌ debug-1.0.4.tgz (Vulnerable Library)

Low 3.7 debug-1.0.4.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 #16
CVE-2017-20165

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-client/node_modules/debug/package.json,/assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-parser/node_modules/debug/package.json,/assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-adapter/node_modules/socket.io-parser/node_modules/debug/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> ❌ debug-0.7.4.tgz (Vulnerable Library)

Low 3.5 debug-0.7.4.tgz Upgrade to version: debug - 2.6.9,3.1.0 #88
CVE-2017-20165

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io/node_modules/debug/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> ❌ debug-2.1.0.tgz (Vulnerable Library)

Low 3.5 debug-2.1.0.tgz Upgrade to version: debug - 2.6.9,3.1.0 #88
CVE-2017-20165

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/engine.io/node_modules/debug/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> engine.io-1.5.4.tgz

     -> ❌ debug-1.0.3.tgz (Vulnerable Library)

Low 3.5 debug-1.0.3.tgz Upgrade to version: debug - 2.6.9,3.1.0 #88
CVE-2017-20165

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/socket.io-adapter/node_modules/debug/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-adapter-0.3.1.tgz

     -> ❌ debug-1.0.2.tgz (Vulnerable Library)

Low 3.5 debug-1.0.2.tgz Upgrade to version: debug - 2.6.9,3.1.0 #88
CVE-2017-20165

Path to dependency file: /assets/wmt/reveal/plugin/multiplex/package.json

Path to vulnerable library: /assets/wmt/reveal/plugin/multiplex/node_modules/engine.io-client/node_modules/debug/package.json

Dependency Hierarchy:

-> socket.io-1.3.7.tgz (Root Library)

   -> socket.io-client-1.3.7.tgz

     -> engine.io-client-1.5.4.tgz

       -> ❌ debug-1.0.4.tgz (Vulnerable Library)

Low 3.5 debug-1.0.4.tgz Upgrade to version: debug - 2.6.9,3.1.0 #88

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2021-23413 jszip-2.5.0.tgz
CVE-2016-10540 minimatch-2.0.10.tgz
CVE-2018-3721 lodash-3.10.1.tgz
CVE-2022-2421 socket.io-parser-2.3.1.tgz
CVE-2024-41123 rexml-3.2.4.gem
WS-2018-0590 diff-1.3.2.tgz
CVE-2019-10744 lodash-3.7.0.tgz
CVE-2019-1010266 lodash-3.7.0.tgz
CVE-2024-49761 rexml-3.2.4.gem
CVE-2020-28500 lodash-4.17.20.tgz
CVE-2016-1000232 tough-cookie-2.2.2.tgz
CVE-2020-36049 socket.io-parser-2.3.1.tgz
CVE-2017-16026 request-2.67.0.tgz
CVE-2022-3517 minimatch-2.0.10.tgz
CVE-2022-24999 qs-5.1.0.tgz
CVE-2024-43398 rexml-3.2.4.gem
CVE-2015-9251 jquery-1.7.2.min.js
CVE-2020-36048 engine.io-1.8.5.tgz
CVE-2022-24999 qs-6.5.2.tgz
CVE-2019-11358 jquery-1.7.2.min.js
CVE-2021-28965 rexml-3.2.4.gem
CVE-2020-28500 lodash-3.10.1.tgz
CVE-2021-43138 async-2.6.3.tgz
WS-2019-0425 mocha-1.21.5.js
CVE-2022-25883 semver-5.7.1.tgz
CVE-2018-1000620 cryptiles-2.0.5.tgz
CVE-2020-8244 bl-1.0.3.tgz
CVE-2021-33623 trim-newlines-1.0.0.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2017-1000048 qs-5.2.1.tgz
CVE-2024-41946 rexml-3.2.4.gem
CVE-2020-28500 lodash-3.7.0.tgz
CVE-2022-24999 qs-5.2.0.tgz
CVE-2024-29041 express-4.14.1.tgz
WS-2020-0443 socket.io-1.7.4.tgz
CVE-2018-3721 lodash-3.7.0.tgz
CVE-2020-28282 getobject-0.1.0.tgz
CVE-2024-47764 cookie-0.3.1.tgz
CVE-2022-29167 hawk-3.1.3.tgz
WS-2019-0017 clean-css-3.4.28.tgz
CVE-2023-28155 request-2.67.0.tgz
CVE-2019-10744 lodash-3.10.1.tgz
CVE-2021-44906 minimist-1.2.5.tgz
CVE-2021-23807 jsonpointer-4.1.0.tgz
CVE-2020-28502 xmlhttprequest-ssl-1.5.3.tgz
CVE-2012-6708 jquery-1.7.2.min.js
CVE-2023-44270 postcss-4.1.16.tgz
CVE-2019-1010266 lodash-3.10.1.tgz
CVE-2022-41940 engine.io-1.8.5.tgz
CVE-2017-1000048 qs-6.2.0.tgz
WS-2018-0076 tunnel-agent-0.4.3.tgz
CVE-2022-0436 grunt-1.0.4.tgz
CVE-2021-23337 lodash-3.10.1.tgz
CVE-2016-10538 cli-0.6.6.tgz
CVE-2020-8203 lodash-3.7.0.tgz
CVE-2021-23382 postcss-4.1.16.tgz
CVE-2020-11022 jquery-1.7.2.min.js
WS-2016-0036 cli-0.6.6.tgz
CVE-2017-20162 ms-0.7.2.tgz
CVE-2017-1000048 qs-5.1.0.tgz
CVE-2022-1537 grunt-1.0.4.tgz
CVE-2022-24999 qs-6.2.0.tgz
CVE-2023-26136 tough-cookie-2.5.0.tgz
CVE-2017-16137 debug-2.3.3.tgz
WS-2017-3772 underscore.string-3.3.5.tgz
CVE-2021-28834 kramdown-2.3.0.gem
CVE-2021-23362 hosted-git-info-2.8.8.tgz
CVE-2020-7729 grunt-1.0.4.tgz
CVE-2024-38355 socket.io-1.7.4.tgz
WS-2017-0421 ws-1.1.5.tgz
CVE-2017-20165 debug-2.3.3.tgz
CVE-2021-23337 lodash-4.17.20.tgz
CVE-2023-26136 tough-cookie-2.2.2.tgz
CVE-2017-1000048 qs-5.2.0.tgz
CVE-2017-16113 parsejson-0.0.3.tgz
CVE-2018-16487 lodash-3.10.1.tgz
CVE-2021-23358 underscore-1.8.3.tgz
CVE-2020-7656 jquery-1.7.2.min.js
CVE-2021-23337 lodash-3.7.0.tgz
CVE-2024-39908 rexml-3.2.4.gem
CVE-2024-35176 rexml-3.2.4.gem
CVE-2024-45590 body-parser-1.14.2.tgz
CVE-2018-3728 hoek-2.16.3.tgz
CVE-2020-8203 lodash-3.10.1.tgz
CVE-2021-31597 xmlhttprequest-ssl-1.5.3.tgz
CVE-2018-16487 lodash-3.7.0.tgz
CVE-2017-15010 tough-cookie-2.2.2.tgz
CVE-2020-11023 jquery-1.7.2.min.js
CVE-2022-0144 shelljs-0.3.0.tgz
CVE-2020-28481 socket.io-1.7.4.tgz
CVE-2022-48285 jszip-2.5.0.tgz
CVE-2022-3517 minimatch-3.0.4.tgz
CVE-2023-28155 request-2.88.2.tgz
CVE-2022-24999 qs-5.2.1.tgz

Base branch total remaining vulnerabilities: 124
Base branch commit: null


Total libraries scanned: 146

Scan token: 1bfc31e06d804535902732e6bc90ea1a

View more details on Mend for GitHub.com