Update dependency mocha to v9 - autoclosed #101
Security Report
You have successfully remediated 2 vulnerabilities, but introduced 2 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
WS-2021-0638Path to dependency file: /package.json Path to vulnerable library: /node_modules/mocha/package.json Dependency Hierarchy: -> ❌ mocha-9.2.0.tgz (Vulnerable Library) |
High | 7.5 | mocha-9.2.0.tgz | Upgrade to version: mocha - 10.1.0 | None |
CVE-2017-20162Path to dependency file: /package.json Path to vulnerable library: /node_modules/npm/node_modules/node-gyp/node_modules/path-array/node_modules/array-index/node_modules/debug/node_modules/ms/package.json,/node_modules/nyc/node_modules/ms/package.json Dependency Hierarchy: -> grunt-npm-install-0.3.1.tgz (Root Library) -> npm-3.10.10.tgz -> node-gyp-3.4.0.tgz -> path-array-1.0.1.tgz -> array-index-1.0.0.tgz -> debug-2.2.0.tgz -> ❌ ms-0.7.1.tgz (Vulnerable Library) |
Medium | 5.3 | ms-0.7.1.tgz | Upgrade to version: ms - 2.0.0 | #109 |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
WS-2021-0638 | mocha-8.3.2.tgz |
CVE-2021-23566 | nanoid-3.1.20.tgz |
Base branch total remaining vulnerabilities: 125
Base branch commit: b048946ae42446c0ab583ee08f8d27d6b90499e5
Total libraries scanned: 1105
Scan token: befd7f31b35148b3965cf613d52967c8