Skip to content

chore: update web-components storybook packages to 8.4.5 (#18289)

IBM Mend app / Mend Security Check failed Jan 2, 2025 in 42m 31s

Security Report

The Security Check found 38 vulnerabilities.

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2021-3918

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/json-schema-npm-0.2.3-018ee3dfc9-2f98d28db7.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> rollup-2.79.1.tgz

     -> fsevents-2.3.3.tgz

       -> node-gyp-7.1.2.tgz

         -> request-2.88.2.tgz

           -> http-signature-1.2.0.tgz

             -> jsprim-1.4.1.tgz

               -> ❌ json-schema-0.2.3.tgz (Vulnerable Library)

Critical 9.8 json-schema-0.2.3.tgz Upgrade to version: json-schema - 0.4.0 None
CVE-2021-25949

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/set-getter-npm-0.1.0-9664f89372-00b9cd529b.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> markdown-toc-1.2.0.tgz

     -> lazy-cache-2.0.2.tgz

       -> ❌ set-getter-0.1.0.tgz (Vulnerable Library)

Critical 9.8 set-getter-0.1.0.tgz Upgrade to version: set-getter - 0.1.1 None
WS-2023-0439

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/axios-npm-0.21.1-d192f6b3b3-271afc6138.zip

Dependency Hierarchy:

-> jest-config-carbon-1.17.0.tgz (Root Library)

   -> accessibility-checker-3.1.78.tgz

     -> chromedriver-91.0.1.tgz

       -> ❌ axios-0.21.1.tgz (Vulnerable Library)

High 7.5 axios-0.21.1.tgz Upgrade to version: axios - 0.29.0,1.6.3 None
CVE-2024-51479

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/next-npm-14.2.5-ce63d89d89-c107b45ffe.zip

Dependency Hierarchy:

-> www-0.82.0.tgz (Root Library)

   -> ❌ next-14.2.5.tgz (Vulnerable Library)

High 7.5 next-14.2.5.tgz Upgrade to version: next - 14.2.15 None
CVE-2024-51479

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/next-npm-14.1.1-3cf80ddccd-33524d993a.zip

Dependency Hierarchy:

-> examples-nextjs-0.73.0.tgz (Root Library)

   -> ❌ next-14.1.1.tgz (Vulnerable Library)

High 7.5 next-14.1.1.tgz Upgrade to version: next - 14.2.15 None
CVE-2024-46982

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/next-npm-14.2.5-ce63d89d89-c107b45ffe.zip

Dependency Hierarchy:

-> www-0.82.0.tgz (Root Library)

   -> ❌ next-14.2.5.tgz (Vulnerable Library)

High 7.5 next-14.2.5.tgz Upgrade to version: next - 13.5.7,14.2.10 None
CVE-2024-46982

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/next-npm-14.1.1-3cf80ddccd-33524d993a.zip

Dependency Hierarchy:

-> examples-nextjs-0.73.0.tgz (Root Library)

   -> ❌ next-14.1.1.tgz (Vulnerable Library)

High 7.5 next-14.1.1.tgz Upgrade to version: next - 13.5.7,14.2.10 None
CVE-2024-37890

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/ws-npm-8.5.0-8e99728c84-f0ee700970.zip

Dependency Hierarchy:

-> jest-config-carbon-1.17.0.tgz (Root Library)

   -> accessibility-checker-3.1.78.tgz

     -> puppeteer-13.7.0.tgz

       -> ❌ ws-8.5.0.tgz (Vulnerable Library)

High 7.5 ws-8.5.0.tgz Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 None
CVE-2024-21538

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/cross-spawn-npm-4.0.2-3c23494e5b-7a384580d0.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> child-process-promise-2.2.1.tgz

     -> ❌ cross-spawn-4.0.2.tgz (Vulnerable Library)

High 7.5 cross-spawn-4.0.2.tgz Upgrade to version: cross-spawn - 7.0.5 None
CVE-2024-21538

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/cross-spawn-npm-6.0.5-2deab6c280-f07e643b48.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> clipboardy-2.1.0.tgz

     -> execa-1.0.0.tgz

       -> ❌ cross-spawn-6.0.5.tgz (Vulnerable Library)

High 7.5 cross-spawn-6.0.5.tgz Upgrade to version: cross-spawn - 7.0.5 None
CVE-2022-37620

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/html-minifier-npm-3.5.21-5367304f07-8341f38d2c.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> sassdoc-2.7.3.tgz

     -> sassdoc-theme-default-2.8.3.tgz

       -> ❌ html-minifier-3.5.21.tgz (Vulnerable Library)

High 7.5 html-minifier-3.5.21.tgz None
CVE-2022-21681

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/marked-npm-0.6.3-1ee699f13e-aeefb8ed59.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> sassdoc-2.7.3.tgz

     -> sassdoc-theme-default-2.8.3.tgz

       -> sassdoc-extras-2.5.1.tgz

         -> ❌ marked-0.6.3.tgz (Vulnerable Library)

High 7.5 marked-0.6.3.tgz Upgrade to version: marked - 4.0.10 None
CVE-2022-21680

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/marked-npm-0.6.3-1ee699f13e-aeefb8ed59.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> sassdoc-2.7.3.tgz

     -> sassdoc-theme-default-2.8.3.tgz

       -> sassdoc-extras-2.5.1.tgz

         -> ❌ marked-0.6.3.tgz (Vulnerable Library)

High 7.5 marked-0.6.3.tgz Upgrade to version: marked - 4.0.10 None
CVE-2021-3807

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/ansi-regex-npm-4.1.0-4a7d8413fe-97aa465953.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> inquirer-6.5.2.tgz

     -> strip-ansi-5.2.0.tgz

       -> ❌ ansi-regex-4.1.0.tgz (Vulnerable Library)

High 7.5 ansi-regex-4.1.0.tgz Upgrade to version: ansi-regex - 5.0.1,6.0.1 None
CVE-2021-3807

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/ansi-regex-npm-3.0.0-be0b845911-2ad11c416f.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> inquirer-6.5.2.tgz

     -> string-width-2.1.1.tgz

       -> strip-ansi-4.0.0.tgz

         -> ❌ ansi-regex-3.0.0.tgz (Vulnerable Library)

High 7.5 ansi-regex-3.0.0.tgz Upgrade to version: ansi-regex - 5.0.1,6.0.1 None
CVE-2021-3795

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/semver-regex-npm-1.0.0-95aa99f4f8-17411400ee.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> sassdoc-2.7.3.tgz

     -> sass-convert-0.5.2.tgz

       -> ❌ semver-regex-1.0.0.tgz (Vulnerable Library)

High 7.5 semver-regex-1.0.0.tgz Upgrade to version: semver-regex - 3.1.3,4.0.1 None
CVE-2021-3749

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/axios-npm-0.21.1-d192f6b3b3-271afc6138.zip

Dependency Hierarchy:

-> jest-config-carbon-1.17.0.tgz (Root Library)

   -> accessibility-checker-3.1.78.tgz

     -> chromedriver-91.0.1.tgz

       -> ❌ axios-0.21.1.tgz (Vulnerable Library)

High 7.5 axios-0.21.1.tgz Upgrade to version: axios - 0.21.2 None
CVE-2021-33502

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/normalize-url-npm-4.5.0-14a0c5430f-c70ee89880.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> sassdoc-2.7.3.tgz

     -> update-notifier-4.1.3.tgz

       -> latest-version-5.1.0.tgz

         -> package-json-6.5.0.tgz

           -> got-9.6.0.tgz

             -> cacheable-request-6.1.0.tgz

               -> ❌ normalize-url-4.5.0.tgz (Vulnerable Library)

High 7.5 normalize-url-4.5.0.tgz Upgrade to version: normalize-url - 4.5.1,5.3.1,6.0.1 None
CVE-2020-7753

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/trim-npm-0.0.1-d138075543-2b4646dff9.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> remark-10.0.1.tgz

     -> remark-parse-6.0.3.tgz

       -> ❌ trim-0.0.1.tgz (Vulnerable Library)

High 7.5 trim-0.0.1.tgz Upgrade to version: trim - 0.0.3 None
CVE-2022-46175

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/json5-npm-1.0.1-647fc8794b-ecb5ab4e23.zip

Dependency Hierarchy:

-> eslint-config-carbon-3.18.0.tgz (Root Library)

   -> eslint-plugin-import-2.27.5.tgz

     -> tsconfig-paths-3.14.1.tgz

       -> ❌ json5-1.0.1.tgz (Vulnerable Library)

High 7.1 json5-1.0.1.tgz Upgrade to version: json5 - 2.2.2 None
CVE-2024-28863

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/tar-npm-6.1.15-44c3e71720-4848b92da8.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> rollup-2.79.1.tgz

     -> fsevents-2.3.3.tgz

       -> node-gyp-7.1.2.tgz

         -> ❌ tar-6.1.15.tgz (Vulnerable Library)

Medium 6.5 tar-6.1.15.tgz Upgrade to version: tar - 6.2.1 None
CVE-2023-45857

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/axios-npm-0.21.1-d192f6b3b3-271afc6138.zip

Dependency Hierarchy:

-> jest-config-carbon-1.17.0.tgz (Root Library)

   -> accessibility-checker-3.1.78.tgz

     -> chromedriver-91.0.1.tgz

       -> ❌ axios-0.21.1.tgz (Vulnerable Library)

Medium 6.5 axios-0.21.1.tgz Upgrade to version: axios - 1.6.0 None
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/tough-cookie-npm-2.5.0-79a2fe43fe-024cb13a4d.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> rollup-2.79.1.tgz

     -> fsevents-2.3.3.tgz

       -> node-gyp-7.1.2.tgz

         -> request-2.88.2.tgz

           -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library)

Medium 6.5 tough-cookie-2.5.0.tgz Upgrade to version: tough-cookie - 4.1.3 None
WS-2017-3770

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/autolinker-npm-0.28.1-dbe1de77b4-da915195b2.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> markdown-toc-1.2.0.tgz

     -> remarkable-1.7.4.tgz

       -> ❌ autolinker-0.28.1.tgz (Vulnerable Library)

Medium 6.1 autolinker-0.28.1.tgz Upgrade to version: autolinker - 3.14.0 None
CVE-2024-47068

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/rollup-npm-2.79.1-94e707a9a3-df087b7013.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> ❌ rollup-2.79.1.tgz (Vulnerable Library)

Medium 6.1 rollup-2.79.1.tgz Upgrade to version: rollup - 3.29.5,4.22.4 None
CVE-2023-28155

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/request-npm-2.88.2-f4a57c72c4-005b8b237b.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> rollup-2.79.1.tgz

     -> fsevents-2.3.3.tgz

       -> node-gyp-7.1.2.tgz

         -> ❌ request-2.88.2.tgz (Vulnerable Library)

Medium 6.1 request-2.88.2.tgz Upgrade to version: @cypress/request - 3.0.0 None
WS-2020-0163

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/marked-npm-0.6.3-1ee699f13e-aeefb8ed59.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> sassdoc-2.7.3.tgz

     -> sassdoc-theme-default-2.8.3.tgz

       -> sassdoc-extras-2.5.1.tgz

         -> ❌ marked-0.6.3.tgz (Vulnerable Library)

Medium 5.9 marked-0.6.3.tgz Upgrade to version: marked - 1.1.1 None
CVE-2024-47831

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/next-npm-14.2.5-ce63d89d89-c107b45ffe.zip

Dependency Hierarchy:

-> www-0.82.0.tgz (Root Library)

   -> ❌ next-14.2.5.tgz (Vulnerable Library)

Medium 5.9 next-14.2.5.tgz Upgrade to version: next - 14.2.7 None
CVE-2024-47831

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/next-npm-14.1.1-3cf80ddccd-33524d993a.zip

Dependency Hierarchy:

-> examples-nextjs-0.73.0.tgz (Root Library)

   -> ❌ next-14.1.1.tgz (Vulnerable Library)

Medium 5.9 next-14.1.1.tgz Upgrade to version: next - 14.2.7 None
CVE-2021-43307

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/semver-regex-npm-1.0.0-95aa99f4f8-17411400ee.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> sassdoc-2.7.3.tgz

     -> sass-convert-0.5.2.tgz

       -> ❌ semver-regex-1.0.0.tgz (Vulnerable Library)

Medium 5.9 semver-regex-1.0.0.tgz Upgrade to version: semver-regex - 3.1.4,4.0.3 None
CVE-2023-26156

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/chromedriver-npm-91.0.1-5d85da17b8-600e1fafe2.zip

Dependency Hierarchy:

-> jest-config-carbon-1.17.0.tgz (Root Library)

   -> accessibility-checker-3.1.78.tgz

     -> ❌ chromedriver-91.0.1.tgz (Vulnerable Library)

Medium 5.6 chromedriver-91.0.1.tgz Upgrade to version: chromedriver - 119.0.1 None
WS-2019-0209

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/marked-npm-0.6.3-1ee699f13e-aeefb8ed59.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> sassdoc-2.7.3.tgz

     -> sassdoc-theme-default-2.8.3.tgz

       -> sassdoc-extras-2.5.1.tgz

         -> ❌ marked-0.6.3.tgz (Vulnerable Library)

Medium 5.5 marked-0.6.3.tgz Upgrade to version: 0.7.0 None
WS-2019-0540

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/autolinker-npm-0.28.1-dbe1de77b4-da915195b2.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> markdown-toc-1.2.0.tgz

     -> remarkable-1.7.4.tgz

       -> ❌ autolinker-0.28.1.tgz (Vulnerable Library)

Medium 5.3 autolinker-0.28.1.tgz Upgrade to version: autolinker - 3.0.0 None
CVE-2022-33987

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/got-npm-9.6.0-80edc15fd0-fae3273b44.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> sassdoc-2.7.3.tgz

     -> update-notifier-4.1.3.tgz

       -> latest-version-5.1.0.tgz

         -> package-json-6.5.0.tgz

           -> ❌ got-9.6.0.tgz (Vulnerable Library)

Medium 5.3 got-9.6.0.tgz Upgrade to version: got - 11.8.5,12.1.0 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/semver-npm-5.7.1-40bcea106b-fbc71cf007.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> sassdoc-2.7.3.tgz

     -> sass-convert-0.5.2.tgz

       -> ❌ semver-5.7.1.tgz (Vulnerable Library)

Medium 5.3 semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2020-28469

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/glob-parent-npm-3.1.0-31416ad085-653d559237.zip

Dependency Hierarchy:

-> cli-11.23.0.tgz (Root Library)

   -> sassdoc-2.7.3.tgz

     -> vinyl-fs-3.0.3.tgz

       -> glob-stream-6.1.0.tgz

         -> ❌ glob-parent-3.1.0.tgz (Vulnerable Library)

Medium 5.3 glob-parent-3.1.0.tgz Upgrade to version: glob-parent - 5.1.2 None
CVE-2024-55565

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/nanoid-npm-3.3.7-98824ba130-ac1eb60f61.zip

Dependency Hierarchy:

-> stylelint-config-carbon-1.20.0.tgz (Root Library)

   -> stylelint-order-6.0.4.tgz

     -> postcss-8.4.47.tgz

       -> ❌ nanoid-3.3.7.tgz (Vulnerable Library)

Medium 4.3 nanoid-3.3.7.tgz Upgrade to version: nanoid - 3.3.8,5.0.9 None
CVE-2017-16137

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/debug-npm-4.1.0-87184f7b48-41be7dbe92.zip

Dependency Hierarchy:

-> jest-config-carbon-1.17.0.tgz (Root Library)

   -> accessibility-checker-3.1.78.tgz

     -> chromedriver-91.0.1.tgz

       -> tcp-port-used-1.0.1.tgz

         -> ❌ debug-4.1.0.tgz (Vulnerable Library)

Low 3.7 debug-4.1.0.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 None

Total libraries scanned: 1464
Scan token: 7bc4239be5ef4e4989d1f32fe3cfd253
View more details on IBM Mend app