Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade puppeteer from 1.11.0 to 21.3.7 #318

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

fix: scripts/release/package.json & scripts/release/yarn.lock to redu…

9783dad
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade puppeteer from 1.11.0 to 21.3.7 #318

fix: scripts/release/package.json & scripts/release/yarn.lock to redu…
9783dad
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Dec 19, 2023 in 10m 5s

Security Report

You have successfully remediated 140 vulnerabilities, but introduced 30 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2021-4279

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> addons-linter-1.26.0.tgz

       -> ajv-merge-patch-4.1.0.tgz

         -> ❌ fast-json-patch-2.2.1.tgz (Vulnerable Library)

Critical 9.8 fast-json-patch-2.2.1.tgz Upgrade to version: fast-json-patch - 3.1.1 None
CVE-2021-23518

Path to dependency file: /fixtures/packaging/browserify/prod/package.json

Path to vulnerable library: /fixtures/packaging/browserify/prod/package.json,/fixtures/packaging/browserify/dev/package.json

Dependency Hierarchy:

-> browserify-13.3.0.tgz (Root Library)

   -> ❌ cached-path-relative-1.0.1.tgz (Vulnerable Library)

Critical 9.8 cached-path-relative-1.0.1.tgz Upgrade to version: cached-path-relative - 1.1.0 None
CVE-2020-7677

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> mz-2.7.0.tgz

       -> thenify-all-1.6.0.tgz

         -> ❌ thenify-3.3.0.tgz (Vulnerable Library)

Critical 9.8 thenify-3.3.0.tgz Upgrade to version: thenify - 3.3.1;org.webjars.npm:thenify:3.3.1 None
CVE-2023-45133

Path to dependency file: /fixtures/flight/package.json

Path to vulnerable library: /fixtures/flight/package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-jasmine2-24.9.0.tgz

         -> ❌ traverse-7.1.0.tgz (Vulnerable Library)

High 8.8 traverse-7.1.0.tgz Upgrade to version: @babel/traverse - 7.23.2 #307
CVE-2023-45133

Path to dependency file: /fixtures/blocks/package.json

Path to vulnerable library: /fixtures/blocks/package.json

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> core-7.9.0.tgz

     -> ❌ traverse-7.9.0.tgz (Vulnerable Library)

High 8.8 traverse-7.9.0.tgz Upgrade to version: @babel/traverse - 7.23.2 #307
CVE-2023-45133

Path to dependency file: /fixtures/flight/package.json

Path to vulnerable library: /fixtures/flight/package.json

Dependency Hierarchy:

-> core-7.6.0.tgz (Root Library)

   -> ❌ traverse-7.7.2.tgz (Vulnerable Library)

High 8.8 traverse-7.7.2.tgz Upgrade to version: @babel/traverse - 7.23.2 #307
CVE-2021-43138

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> addons-linter-1.26.0.tgz

       -> dispensary-0.51.2.tgz

         -> ❌ async-3.2.0.tgz (Vulnerable Library)

High 7.8 async-3.2.0.tgz Upgrade to version: async - 2.6.4,3.2.2 #197
CVE-2022-31129

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> bunyan-1.8.12.tgz

       -> ❌ moment-2.24.0.tgz (Vulnerable Library)

High 7.5 moment-2.24.0.tgz Upgrade to version: moment - 2.29.4 #221
CVE-2022-24785

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> bunyan-1.8.12.tgz

       -> ❌ moment-2.24.0.tgz (Vulnerable Library)

High 7.5 moment-2.24.0.tgz Upgrade to version: moment - 2.29.2 #194
CVE-2022-24772

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> adbkit-2.11.1.tgz

       -> ❌ node-forge-0.7.6.tgz (Vulnerable Library)

High 7.5 node-forge-0.7.6.tgz Upgrade to version: node-forge - 1.3.0 #185
CVE-2022-24772

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> webpack-dev-server-3.10.3.tgz

     -> selfsigned-1.10.14.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #185
CVE-2022-24771

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> adbkit-2.11.1.tgz

       -> ❌ node-forge-0.7.6.tgz (Vulnerable Library)

High 7.5 node-forge-0.7.6.tgz Upgrade to version: node-forge - 1.3.0 #186
CVE-2022-24771

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> webpack-dev-server-3.10.3.tgz

     -> selfsigned-1.10.14.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #186
CVE-2021-27292

Path to dependency file: /fixtures/attribute-behavior/package.json

Path to vulnerable library: /fixtures/attribute-behavior/package.json

Dependency Hierarchy:

-> react-dom-15.6.1.tgz (Root Library)

   -> fbjs-0.8.14.tgz

     -> ❌ ua-parser-js-0.7.14.tgz (Vulnerable Library)

High 7.5 ua-parser-js-0.7.14.tgz Upgrade to version: ua-parser-js - 0.7.24 #14
CVE-2020-7793

Path to dependency file: /fixtures/attribute-behavior/package.json

Path to vulnerable library: /fixtures/attribute-behavior/package.json

Dependency Hierarchy:

-> react-dom-15.6.1.tgz (Root Library)

   -> fbjs-0.8.14.tgz

     -> ❌ ua-parser-js-0.7.14.tgz (Vulnerable Library)

High 7.5 ua-parser-js-0.7.14.tgz Upgrade to version: 0.7.23 #130
CVE-2020-7733

Path to dependency file: /fixtures/attribute-behavior/package.json

Path to vulnerable library: /fixtures/attribute-behavior/package.json

Dependency Hierarchy:

-> react-dom-15.6.1.tgz (Root Library)

   -> fbjs-0.8.14.tgz

     -> ❌ ua-parser-js-0.7.14.tgz (Vulnerable Library)

High 7.5 ua-parser-js-0.7.14.tgz Upgrade to version: ua-parser-js - 0.7.22 #20
CVE-2022-48285

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> zip-dir-1.0.2.tgz

       -> ❌ jszip-2.6.1.tgz (Vulnerable Library)

High 7.3 jszip-2.6.1.tgz Upgrade to version: jszip - 3.8.0 None
CVE-2020-7720

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> adbkit-2.11.1.tgz

       -> ❌ node-forge-0.7.6.tgz (Vulnerable Library)

High 7.3 node-forge-0.7.6.tgz Upgrade to version: node-forge - 0.10.0 #150
WS-2022-0008

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> adbkit-2.11.1.tgz

       -> ❌ node-forge-0.7.6.tgz (Vulnerable Library)

Medium 6.6 node-forge-0.7.6.tgz Upgrade to version: node-forge - 1.0.0 #167
WS-2022-0008

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> webpack-dev-server-3.10.3.tgz

     -> selfsigned-1.10.14.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 6.6 node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.0.0 #167
WS-2020-0217

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> ❌ bunyan-1.8.12.tgz (Vulnerable Library)

Medium 6.2 bunyan-1.8.12.tgz Upgrade to version: bunyan - 1.8.13,2.0.3 None
CVE-2022-0235

Path to dependency file: /fixtures/attribute-behavior/package.json

Path to vulnerable library: /fixtures/attribute-behavior/package.json

Dependency Hierarchy:

-> react-dom-15.6.1.tgz (Root Library)

   -> fbjs-0.8.14.tgz

     -> isomorphic-fetch-2.2.1.tgz

       -> ❌ node-fetch-1.7.2.tgz (Vulnerable Library)

Medium 6.1 node-fetch-1.7.2.tgz Upgrade to version: node-fetch - 2.6.7,3.1.1 #173
CVE-2022-0122

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> adbkit-2.11.1.tgz

       -> ❌ node-forge-0.7.6.tgz (Vulnerable Library)

Medium 6.1 node-forge-0.7.6.tgz Upgrade to version: node-forge - 1.0.0 #154
CVE-2022-0122

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> webpack-dev-server-3.10.3.tgz

     -> selfsigned-1.10.14.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 6.1 node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.0.0 #154
CVE-2022-24773

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> adbkit-2.11.1.tgz

       -> ❌ node-forge-0.7.6.tgz (Vulnerable Library)

Medium 5.3 node-forge-0.7.6.tgz Upgrade to version: node-forge - 1.3.0 #184
CVE-2022-24773

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> webpack-dev-server-3.10.3.tgz

     -> selfsigned-1.10.14.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 5.3 node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #184
CVE-2021-32640

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> ❌ ws-7.2.3.tgz (Vulnerable Library)

Medium 5.3 ws-7.2.3.tgz Upgrade to version: 5.2.3,6.2.2,7.4.6 #13
CVE-2021-23413

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> zip-dir-1.0.2.tgz

       -> ❌ jszip-2.6.1.tgz (Vulnerable Library)

Medium 5.3 jszip-2.6.1.tgz Upgrade to version: jszip - 3.7.0 None
CVE-2021-23362

Path to dependency file: /fixtures/blocks/package.json

Path to vulnerable library: /fixtures/blocks/package.json

Dependency Hierarchy:

-> concurrently-5.2.0.tgz (Root Library)

   -> read-pkg-4.0.1.tgz

     -> normalize-package-data-2.5.0.tgz

       -> ❌ hosted-git-info-2.8.8.tgz (Vulnerable Library)

Medium 5.3 hosted-git-info-2.8.8.tgz Upgrade to version: hosted-git-info - 2.8.9,3.0.8 #147
CVE-2020-15168

Path to dependency file: /fixtures/attribute-behavior/package.json

Path to vulnerable library: /fixtures/attribute-behavior/package.json

Dependency Hierarchy:

-> react-dom-15.6.1.tgz (Root Library)

   -> fbjs-0.8.14.tgz

     -> isomorphic-fetch-2.2.1.tgz

       -> ❌ node-fetch-1.7.2.tgz (Vulnerable Library)

Medium 5.3 node-fetch-1.7.2.tgz Upgrade to version: 2.6.1,3.0.0-beta.9 #76

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2017-20165 debug-2.2.0.tgz
CVE-2021-23382 postcss-5.2.15.tgz
WS-2019-0032 js-yaml-3.6.1.tgz
CVE-2022-0235 node-fetch-2.6.0.tgz
CVE-2022-0691 url-parse-1.1.7.tgz
CVE-2017-20162 ms-0.7.1.tgz
CVE-2021-23490 parse-link-header-1.0.1.tgz
CVE-2022-37603 loader-utils-2.0.0.tgz
CVE-2021-23364 browserslist-4.8.5.tgz
WS-2019-0103 handlebars-4.0.6.tgz
CVE-2023-26136 tough-cookie-3.0.1.tgz
CVE-2019-20920 handlebars-4.0.6.tgz
MSC-2023-16652 fsevents-1.0.14.tgz
CVE-2022-0686 url-parse-1.1.8.tgz
CVE-2023-28155 request-2.79.0.tgz
CVE-2021-32804 tar-5.0.5.tgz
CVE-2017-1000048 qs-6.3.0.tgz
CVE-2021-43138 async-2.3.0.tgz
CVE-2022-0536 follow-redirects-1.7.0.tgz
CVE-2020-15366 ajv-4.10.3.tgz
CVE-2018-14732 webpack-dev-server-1.16.2.tgz
CVE-2022-0155 follow-redirects-1.7.0.tgz
CVE-2019-20922 handlebars-4.0.6.tgz
WS-2019-0063 js-yaml-3.6.1.tgz
CVE-2022-0691 url-parse-1.1.8.tgz
CVE-2022-0686 url-parse-1.1.7.tgz
CVE-2022-0512 url-parse-1.1.8.tgz
CVE-2017-1000427 marked-0.3.6.tgz
CVE-2018-3737 sshpk-1.11.0.tgz
CVE-2021-32640 ws-6.1.2.tgz
CVE-2021-32640 ws-7.3.1.tgz
WS-2018-0589 nwmatcher-1.3.9.tgz
CVE-2023-45133 traverse-7.10.5.tgz
CVE-2021-23364 browserslist-4.14.0.tgz
CVE-2017-18077 brace-expansion-1.1.6.tgz
WS-2018-0069 is-my-json-valid-2.15.0.tgz
WS-2019-0027 marked-0.3.6.tgz
CVE-2019-19919 handlebars-4.0.6.tgz
CVE-2021-23337 lodash-4.17.19.tgz
CVE-2022-46175 json5-0.4.0.tgz
CVE-2021-23386 dns-packet-1.1.1.tgz
CVE-2022-37599 loader-utils-2.0.0.tgz
CVE-2020-15168 node-fetch-2.6.0.tgz
CVE-2022-21213 mout-1.1.0.tgz
CVE-2020-28500 lodash-4.17.19.tgz
WS-2020-0127 npm-registry-fetch-6.0.0.tgz
CVE-2022-37620 html-minifier-3.2.3.tgz
CVE-2021-23369 handlebars-4.0.6.tgz
CVE-2018-3750 deep-extend-0.4.1.tgz
CVE-2022-0512 url-parse-1.1.7.tgz
CVE-2023-45133 traverse-7.9.5.tgz
CVE-2022-21681 marked-0.3.6.tgz
CVE-2022-46175 json5-2.1.0.tgz
CVE-2023-45311 fsevents-1.1.2.tgz
CVE-2022-24785 moment-2.18.1.tgz
CVE-2020-8124 url-parse-1.1.8.tgz
CVE-2021-23364 browserslist-4.13.0.tgz
CVE-2017-16099 no-case-2.3.0.tgz
CVE-2021-23362 hosted-git-info-2.1.5.tgz
CVE-2021-37713 tar-5.0.5.tgz
WS-2018-0076 tunnel-agent-0.4.3.tgz
CVE-2018-20835 tar-fs-1.16.0.tgz
CVE-2022-0639 url-parse-1.1.7.tgz
WS-2019-0064 handlebars-4.0.6.tgz
CVE-2021-3664 url-parse-1.1.8.tgz
WS-2018-0590 diff-3.2.0.tgz
CVE-2020-15366 ajv-4.10.4.tgz
CVE-2020-28469 glob-parent-5.1.1.tgz
CVE-2022-25883 semver-5.7.0.tgz
WS-2018-0628 marked-0.3.6.tgz
CVE-2020-15366 ajv-4.11.5.tgz
CVE-2023-45133 traverse-7.8.3.tgz
CVE-2020-8124 url-parse-1.1.7.tgz
WS-2018-0347 eslint-3.16.1.tgz
CVE-2021-27515 url-parse-1.1.8.tgz
CVE-2018-16492 extend-3.0.0.tgz
MSC-2023-16595 fsevents-1.1.1.tgz
WS-2018-0069 is-my-json-valid-2.16.0.tgz
CVE-2018-3774 url-parse-1.1.8.tgz
CVE-2021-37712 tar-5.0.5.tgz
CVE-2017-16119 fresh-0.3.0.tgz
CVE-2020-7789 node-notifier-4.6.1.tgz
CVE-2022-31129 moment-2.18.1.tgz
CVE-2017-16028 randomatic-1.1.6.tgz
CVE-2017-16032 brace-expansion-1.1.6.tgz
CVE-2022-0639 url-parse-1.1.8.tgz
CVE-2021-3664 url-parse-1.1.7.tgz
CVE-2022-37601 loader-utils-2.0.0.tgz
CVE-2017-16042 growl-1.8.1.tgz
CVE-2021-23383 handlebars-4.0.6.tgz
CVE-2020-7792 mout-1.1.0.tgz
CVE-2021-37701 tar-5.0.5.tgz
CVE-2017-20165 debug-2.6.0.tgz
CVE-2017-16137 debug-2.2.0.tgz
WS-2019-0025 marked-0.3.6.tgz
CVE-2021-27515 url-parse-1.1.7.tgz
CVE-2021-23362 hosted-git-info-3.0.2.tgz
WS-2019-0017 clean-css-4.0.11.tgz
CVE-2022-24999 qs-6.2.0.tgz
CVE-2017-16138 mime-1.2.11.tgz
CVE-2019-13173 fstream-1.0.10.tgz
CVE-2023-45311 fsevents-1.1.1.tgz
CVE-2019-15599 tree-kill-1.1.0.tgz
CVE-2017-18214 moment-2.18.1.tgz
CVE-2018-1107 is-my-json-valid-2.16.0.tgz
WS-2020-0344 is-my-json-valid-2.16.0.tgz
CVE-2023-45133 babel-traverse-6.21.0.tgz
CVE-2023-45133 babel-traverse-6.23.1.tgz
CVE-2022-25883 semver-7.1.1.tgz
WS-2020-0450 handlebars-4.0.6.tgz
CVE-2017-16137 debug-2.6.0.tgz
CVE-2021-23362 hosted-git-info-2.4.1.tgz
WS-2020-0344 is-my-json-valid-2.15.0.tgz
CVE-2021-23382 postcss-5.2.8.tgz
CVE-2018-1107 is-my-json-valid-2.15.0.tgz
CVE-2021-23382 postcss-6.0.23.tgz
WS-2018-0107 open-0.0.5.tgz
CVE-2017-16114 marked-0.3.6.tgz
CVE-2020-8244 bl-3.0.0.tgz
WS-2020-0163 marked-0.3.6.tgz
CVE-2021-24033 react-dev-utils-0.5.2.tgz
CVE-2023-45133 traverse-7.11.0.tgz
CVE-2021-23382 postcss-5.2.16.tgz
CVE-2017-1000048 qs-6.2.0.tgz
CVE-2022-21680 marked-0.3.6.tgz
CVE-2021-43138 async-2.1.4.tgz
CVE-2018-3774 url-parse-1.1.7.tgz
WS-2019-0017 clean-css-3.4.23.tgz
CVE-2022-37620 html-minifier-3.4.2.tgz
CVE-2021-23424 ansi-html-0.0.5.tgz
WS-2020-0342 is-my-json-valid-2.16.0.tgz
CVE-2019-5786 puppeteer-1.11.0.tgz
CVE-2021-32803 tar-5.0.5.tgz
WS-2020-0091 http-proxy-1.17.0.tgz
CVE-2018-3737 sshpk-1.10.1.tgz
WS-2020-0342 is-my-json-valid-2.15.0.tgz
CVE-2021-4245 rfc6902-3.0.4.tgz
WS-2019-0026 marked-0.3.6.tgz
CVE-2022-37601 loader-utils-0.2.16.tgz
CVE-2022-25858 terser-4.8.0.tgz

Base branch total remaining vulnerabilities: 579
Base branch commit: null


Total libraries scanned: 4135

Scan token: f51105b06a9b40188247ca452bad48b8

View more details on Mend Bolt for GitHub