Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code scan #1266

Merged
merged 18 commits into from
Jan 19, 2023
Merged

Code scan #1266

merged 18 commits into from
Jan 19, 2023
+162 −2

Conversation

tubone24
Copy link
Owner

PR title

Status

READY/IN DEVELOPMENT/HOLD

Description

A few sentences describing the overall goals of the pull request's commits.

Related PRs

List related PRs against other branches:

branch PR
other_pr_master link
other_pr_develop link

Todos

  • Tests
  • e2e Tests
  • Storybook
  • Documentation

Steps to Test or Reproduce

Outline the steps to test or reproduce the PR here.

git pull --prune
git checkout <feature_branch>
yarn test

Preview Deploy

Describe the URL of the Preview Deploy.

link

Impacted Areas in Application

List general components of the application that this PR will affect:

  • aaa
  • bbb

Screenshot

Replace FIXME_BRANCH_NAME, FIXME_PR_NUMBER in the URL below with this branch name and PR number.

Desktop

Width 1200px

Desktop Home

Mobile

Width 400px

mobile home

@github-actions
Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies 
- @popperjs/core
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript
- webpack
Unused devdependencies 
- @babel/core
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-eslint
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- cypress
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- markdownlint-cli2
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-hoso-kinshi-yogo
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint
Missing 
- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

- https
  - /github/workspace/scripts/uploadScreenShot.ts

@github-actions github-actions bot requested a deployment to development-storybook January 19, 2023 14:40 Pending
@github-actions
Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies 
- @popperjs/core
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript
- webpack
Unused devdependencies 
- @babel/core
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-eslint
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- cypress
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- markdownlint-cli2
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-hoso-kinshi-yogo
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint
Missing 
- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

- https
  - /github/workspace/scripts/uploadScreenShot.ts

@github-actions github-actions bot requested a deployment to development-storybook January 19, 2023 14:43 Pending
@github-actions
Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies 
- @popperjs/core
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript
- webpack
Unused devdependencies 
- @babel/core
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-eslint
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- cypress
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- markdownlint-cli2
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-hoso-kinshi-yogo
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint
Missing 
- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

- https
  - /github/workspace/scripts/uploadScreenShot.ts

@github-actions
Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1715 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Issues to fix by upgrading:

Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.0.0 to fix
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526] in sanitize-html@2.3.2
introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.3.2

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by gatsby@4.25.1 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0
introduced by html-minifier@4.0.0
No upgrade or patch available
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0
introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0
No upgrade or patch available

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

✔ Awesome! No issues were found.

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!

Test Summary

Organization: tubone24
Project name: tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]

Tip

New: Share your test results in the Snyk Web UI with the option --report

Container

⚠ Important: Beginning January 24th, 2023, application dependencies in container images will be scanned by default when using the snyk container test/monitor commands. If you are using Snyk in a CI pipeline, action may be required. Read https://snyk.io/blog/securing-container-applications-using-the-snyk-cli/ for more info.

Testing test-blog...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Privilege Management
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Memory Leak
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in lz4/liblz4-1
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3
From: lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1

✗ Low severity vulnerability found in libtasn1-6
Description: CVE-2018-1000654
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libseccomp/libseccomp2
Description: CVE-2019-9893
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3
From: libseccomp/libseccomp2@2.3.3-4
From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4

✗ Low severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3
From: libidn2/libidn2-0@2.0.5-1+deb10u1
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3
From: gnupg2/gpgv@2.2.12-1+deb10u2
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2019-1010023
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Low severity vulnerability found in e2fsprogs/libcom-err2
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482
Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3
From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
and 5 more...

✗ Low severity vulnerability found in db5.3/libdb5.3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169
Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118
From: db5.3/libdb5.3@5.3.28+dfsg1-0.5
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5

✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in bash
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-3112363
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3
From: apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3

✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Critical severity vulnerability found in libtasn1-6
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3
Fixed in: 4.13-3+deb10u1

Organization: tubone24
Package manager: deb
Project name: docker-image|test-blog
Docker image: test-blog
Platform: linux/amd64
Base image: node:16.19.0-slim
Licenses: enabled

Tested 86 dependencies for known issues, found 57 issues.

Base Image Vulnerabilities Severity
node:16.19.0-slim 57 1 critical, 2 high, 0 medium, 54 low

Recommendations for base image upgrade:

Major upgrades
Base Image Vulnerabilities Severity
node:lts-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Alternative image types
Base Image Vulnerabilities Severity
node:16.19-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection

@github-actions
Copy link
Contributor

Memlab leaks report

page-load [8.2MB] (baseline) [s1] > action-on-page [9.8MB] (target) [s2] > revert [10MB] (final) [s3]  
------3 clusters------

--Similar leaks in this run: 1096--
--Retained size of leaked objects: 163.7KB--
[<synthetic>] (synthetic) @1 [10.9MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.6KB]
  --setTimeout (property)--->  [<closure>] (closure) @48179 [264 bytes]
  --context (internal)--->  [<function scope>] (object) @216429 [20 bytes]
  --previous (internal)--->  [<function scope>] (object) @44833 [44.1KB]
  --n (variable)--->  [t] (closure) @216599 [1.2KB]
  --context (internal)--->  [<function scope>] (object) @287083 [42.5KB]
  --n (variable)--->  [Object] (object) @292407 [42.4KB]
  --449 (element)--->  [Object] (object) @292933 [24 bytes]
  --exports (property)--->  [r] (closure) @173839 [2.1KB]
  --hasData (property)--->  [<closure>] (closure) @59507 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @59503 [1.3KB]
  --e (variable)--->  [Object] (object) @114775 [1KB]
  --2 (element)--->  [Object] (object) @374951 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @437247 [348 bytes]
  --$node (property)--->  [q] (object) @462853 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @369323 [676 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @369563 [5.7KB]
  --7 (element)--->  [Detached HTMLDivElement] (native) @368733 [428 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @369535 [428 bytes]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @369393 [2.3KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @369407 [2.3KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @369421 [2.3KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @369435 [2.3KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @369449 [2.3KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @369463 [2.3KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @369477 [2.3KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @369883 [2.3KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @369867 [2.3KB]
  --13 (element)--->  [Detached InternalNode] (native) @140114400 [524 bytes]
  --4 (element)--->  [Detached ElementIntersectionObserverData] (native) @388845888 [64 bytes]

--Similar leaks in this run: 256--
--Retained size of leaked objects: 54.3KB--
[<synthetic>] (synthetic) @1 [10.9MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.6KB]
  --___replace (property)--->  [<closure>] (closure) @189043 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @212385 [496 bytes]
  --a (variable)--->  [Module] (object) @173783 [5.8KB]
  --get version (property)--->  [version] (closure) @286777 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @116965 [16.4KB]
  --Qn (variable)--->  [y] (object) @470335 [368 bytes]
  --props (property)--->  [Object] (object) @538647 [28 bytes]
  --children (property)--->  [Object] (object) @545601 [296 bytes]
  --props (property)--->  [Object] (object) @545603 [56 bytes]
  --children (property)--->  [Object] (object) @504761 [1.2KB]
  --__ (property)--->  [Object] (object) @504775 [1.1KB]
  --__ (property)--->  [Object] (object) @504791 [940 bytes]
  --__ (property)--->  [Object] (object) @504805 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @368773 [504 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @368771 [428 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @368769 [428 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @369361 [14.6KB]
  --8 (element)--->  [Detached HTMLElement] (native) @369379 [30.3KB]
  --5 (element)--->  [Detached HTMLDivElement] (native) @369377 [27.2KB]
  --6 (element)--->  [Detached Text] (native) @368853 [204 bytes]
  --6 (element)--->  [Detached HTMLImageElement] (native) @368855 [724 bytes]
  --7 (element)--->  [Detached Text] (native) @368857 [204 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @368873 [2.3KB]
  --8 (element)--->  [Detached Text] (native) @368875 [204 bytes]
  --6 (element)--->  [Detached HTMLHeadingElement] (native) @368879 [632 bytes]
  --8 (element)--->  [Detached Text] (native) @368881 [204 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @368885 [536 bytes]
  --8 (element)--->  [Detached Text] (native) @368887 [204 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @368891 [536 bytes]
  --8 (element)--->  [Detached Text] (native) @368893 [204 bytes]
  --6 (element)--->  [Detached HTMLImageElement] (native) @368895 [724 bytes]
  --7 (element)--->  [Detached Text] (native) @368897 [204 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @368901 [536 bytes]
  --8 (element)--->  [Detached Text] (native) @368903 [204 bytes]
  --6 (element)--->  [Detached HTMLHeadingElement] (native) @368907 [632 bytes]
  --8 (element)--->  [Detached Text] (native) @368909 [204 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @368943 [5.1KB]
  --6 (element)--->  [Detached Text] (native) @368911 [204 bytes]
  --6 (element)--->  [Detached HTMLUListElement] (native) @368931 [3.1KB]
  --10 (element)--->  [Detached InternalNode] (native) @387067616 [268 bytes]
  --3 (element)--->  [Detached InternalNode] (native) @387067136 [96 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @140114720 [96 bytes]
  --1 (element)--->  [Detached Attr] (native) @388835008 [96 bytes]

--Similar leaks in this run: 11--
--Retained size of leaked objects: 1.7KB--
[<synthetic>] (synthetic) @1 [10.9MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.6KB]
  --__twttrll (property)--->  [Array] (object) @66273 [184 bytes]
  --push (property)--->  [e] (closure) @294595 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @66255 [248 bytes]
  --n (variable)--->  [Object] (object) @294223 [13KB]
  --102 (element)--->  [Object] (object) @295111 [24 bytes]
  --exports (property)--->  [Object] (object) @295665 [3.4KB]
  --init (property)--->  [init] (closure) @296297 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @296387 [3KB]
  --r (variable)--->  [Detached HTMLFormElement] (native) @41103 [1.8KB]
  --4 (element)--->  [Detached HTMLInputElement] (native) @387096384 [656 bytes]
  --6 (element)--->  [Detached InternalNode] (native) @140683424 [328 bytes]
  --1 (element)--->  [Detached ShadowRoot] (native) @140684704 [328 bytes]
  --4 (element)--->  [Detached V8ObservableArrayCSSStyleSheet] (native) @386759936 [120 bytes]
  --2 (element)--->  [Detached ObservableArrayExoticObject] (native) @329631232 [32 bytes]

github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Added file for PR #1266
eb29aa7
@coveralls
Copy link
Collaborator

coveralls commented Jan 19, 2023
edited
Loading

Pull Request Test Coverage Report for Build 3960534281

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 85.602%
Totals Coverage Status
Change from base Build 3954564464: 0.0%
Covered Lines: 250
Relevant Lines: 280
💛 - Coveralls

@github-actions github-actions bot requested a deployment to development-storybook January 19, 2023 14:46 Pending
@github-actions
Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1715 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Issues to fix by upgrading:

Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.0.0 to fix
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526] in sanitize-html@2.3.2
introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.3.2

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by gatsby@4.25.1 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0
introduced by html-minifier@4.0.0
No upgrade or patch available
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0
introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0
No upgrade or patch available

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

✔ Awesome! No issues were found.

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!

Test Summary

Organization: tubone24
Project name: tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]

Tip

New: Share your test results in the Snyk Web UI with the option --report

Container

⚠ Important: Beginning January 24th, 2023, application dependencies in container images will be scanned by default when using the snyk container test/monitor commands. If you are using Snyk in a CI pipeline, action may be required. Read https://snyk.io/blog/securing-container-applications-using-the-snyk-cli/ for more info.

Testing test-blog...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Privilege Management
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Memory Leak
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in lz4/liblz4-1
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3
From: lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1

✗ Low severity vulnerability found in libtasn1-6
Description: CVE-2018-1000654
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libseccomp/libseccomp2
Description: CVE-2019-9893
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3
From: libseccomp/libseccomp2@2.3.3-4
From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4

✗ Low severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3
From: libidn2/libidn2-0@2.0.5-1+deb10u1
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3
From: gnupg2/gpgv@2.2.12-1+deb10u2
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2019-1010023
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Low severity vulnerability found in e2fsprogs/libcom-err2
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482
Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3
From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
and 5 more...

✗ Low severity vulnerability found in db5.3/libdb5.3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169
Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118
From: db5.3/libdb5.3@5.3.28+dfsg1-0.5
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5

✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in bash
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-3112363
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3
From: apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3

✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Critical severity vulnerability found in libtasn1-6
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3
Fixed in: 4.13-3+deb10u1

Organization: tubone24
Package manager: deb
Project name: docker-image|test-blog
Docker image: test-blog
Platform: linux/amd64
Base image: node:16.19.0-slim
Licenses: enabled

Tested 86 dependencies for known issues, found 57 issues.

Base Image Vulnerabilities Severity
node:16.19.0-slim 57 1 critical, 2 high, 0 medium, 54 low

Recommendations for base image upgrade:

Major upgrades
Base Image Vulnerabilities Severity
node:lts-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Alternative image types
Base Image Vulnerabilities Severity
node:16.19-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection

@github-actions
Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies 
- @popperjs/core
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript
- webpack
Unused devdependencies 
- @babel/core
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-eslint
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- cypress
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- markdownlint-cli2
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-hoso-kinshi-yogo
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint
Missing 
- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

- https
  - /github/workspace/scripts/uploadScreenShot.ts

@github-actions
Copy link
Contributor

Memlab leaks report

page-load [8.1MB] (baseline) [s1] > action-on-page [9.8MB] (target) [s2] > revert [10MB] (final) [s3]  
------3 clusters------

--Similar leaks in this run: 1044--
--Retained size of leaked objects: 157.5KB--
[<synthetic>] (synthetic) @1 [10.9MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.6KB]
  --requestAnimationFrame (property)--->  [<closure>] (closure) @115755 [156 bytes]
  --context (internal)--->  [<function scope>] (object) @115765 [68 bytes]
  --previous (internal)--->  [<function scope>] (object) @72345 [44.1KB]
  --n (variable)--->  [t] (closure) @102311 [1.2KB]
  --context (internal)--->  [<function scope>] (object) @274997 [42.5KB]
  --n (variable)--->  [Object] (object) @290399 [42.4KB]
  --449 (element)--->  [Object] (object) @278827 [24 bytes]
  --exports (property)--->  [r] (closure) @103041 [2.1KB]
  --hasData (property)--->  [<closure>] (closure) @105709 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @72981 [1.3KB]
  --e (variable)--->  [Object] (object) @72961 [1KB]
  --1 (element)--->  [Object] (object) @72963 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @83281 [348 bytes]
  --$node (property)--->  [q] (object) @83493 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @42237 [816 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @43201 [304 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @43235 [400 bytes]
  --7 (element)--->  [Detached HTMLElement] (native) @42425 [400 bytes]
  --8 (element)--->  [Detached HTMLElement] (native) @42423 [400 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @42097 [496 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @42123 [400 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @42131 [400 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @42169 [400 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @42179 [400 bytes]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @42203 [2.3KB]
  --12 (element)--->  [Detached InternalNode] (native) @391426240 [524 bytes]
  --4 (element)--->  [Detached ElementIntersectionObserverData] (native) @391379104 [64 bytes]

--Similar leaks in this run: 293--
--Retained size of leaked objects: 54.3KB--
[<synthetic>] (synthetic) @1 [10.9MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.6KB]
  --___navigate (property)--->  [<closure>] (closure) @250047 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @117801 [496 bytes]
  --a (variable)--->  [Module] (object) @102317 [5.8KB]
  --get version (property)--->  [version] (closure) @288527 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @123231 [16.4KB]
  --Qn (variable)--->  [y] (object) @483243 [368 bytes]
  --props (property)--->  [Object] (object) @520391 [28 bytes]
  --children (property)--->  [Object] (object) @527261 [296 bytes]
  --props (property)--->  [Object] (object) @527263 [56 bytes]
  --children (property)--->  [Object] (object) @524039 [1.2KB]
  --__ (property)--->  [Object] (object) @535675 [1.1KB]
  --__ (property)--->  [Object] (object) @535679 [940 bytes]
  --__ (property)--->  [Object] (object) @523865 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @370025 [504 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @370017 [428 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @370015 [428 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @370893 [14.6KB]
  --5 (element)--->  [Detached HTMLAnchorElement] (native) @370891 [2.3KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @370885 [2.3KB]
  --12 (element)--->  [Detached HTMLAnchorElement] (native) @370879 [2.3KB]
  --13 (element)--->  [Detached InternalNode] (native) @392102688 [748 bytes]
  --3 (element)--->  [Detached InternalNode] (native) @392102208 [576 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @391372224 [576 bytes]
  --6 (element)--->  [Detached Attr] (native) @391371904 [96 bytes]

--Similar leaks in this run: 5--
--Retained size of leaked objects: 456 bytes--
[<synthetic>] (synthetic) @1 [10.9MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.6KB]
  --__twttrll (property)--->  [Array] (object) @250009 [184 bytes]
  --push (property)--->  [e] (closure) @274919 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @274907 [248 bytes]
  --n (variable)--->  [Object] (object) @274911 [13KB]
  --101 (element)--->  [Object] (object) @296325 [24 bytes]
  --exports (property)--->  [o] (closure) @270859 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @246129 [6.2KB]
  --g (variable)--->  [Detached Text] (native) @43725 [396 bytes]
  --3 (element)--->  [Detached InternalNode] (native) @97909856 [272 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @389698016 [272 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @389698176 [272 bytes]
  --1 (element)--->  [Detached MutationObserverRegistration] (native) @389698336 [272 bytes]

github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Delete file for PR #1266
053ec13
github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Added file for PR #1266
0db0702
@github-actions github-actions bot requested a deployment to development-storybook January 19, 2023 14:48 Pending
@github-actions
Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1715 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Issues to fix by upgrading:

Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.0.0 to fix
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526] in sanitize-html@2.3.2
introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.3.2

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by gatsby@4.25.1 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0
introduced by html-minifier@4.0.0
No upgrade or patch available
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0
introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0
No upgrade or patch available

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

✔ Awesome! No issues were found.

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!

Test Summary

Organization: tubone24
Project name: tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]

Tip

New: Share your test results in the Snyk Web UI with the option --report

Container

⚠ Important: Beginning January 24th, 2023, application dependencies in container images will be scanned by default when using the snyk container test/monitor commands. If you are using Snyk in a CI pipeline, action may be required. Read https://snyk.io/blog/securing-container-applications-using-the-snyk-cli/ for more info.

Testing test-blog...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Privilege Management
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Memory Leak
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in lz4/liblz4-1
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3
From: lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1

✗ Low severity vulnerability found in libtasn1-6
Description: CVE-2018-1000654
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libseccomp/libseccomp2
Description: CVE-2019-9893
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3
From: libseccomp/libseccomp2@2.3.3-4
From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4

✗ Low severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3
From: libidn2/libidn2-0@2.0.5-1+deb10u1
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3
From: gnupg2/gpgv@2.2.12-1+deb10u2
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2019-1010023
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Low severity vulnerability found in e2fsprogs/libcom-err2
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482
Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3
From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
and 5 more...

✗ Low severity vulnerability found in db5.3/libdb5.3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169
Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118
From: db5.3/libdb5.3@5.3.28+dfsg1-0.5
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5

✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in bash
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-3112363
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3
From: apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3

✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Critical severity vulnerability found in libtasn1-6
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3
Fixed in: 4.13-3+deb10u1

Organization: tubone24
Package manager: deb
Project name: docker-image|test-blog
Docker image: test-blog
Platform: linux/amd64
Base image: node:16.19.0-slim
Licenses: enabled

Tested 86 dependencies for known issues, found 57 issues.

Base Image Vulnerabilities Severity
node:16.19.0-slim 57 1 critical, 2 high, 0 medium, 54 low

Recommendations for base image upgrade:

Major upgrades
Base Image Vulnerabilities Severity
node:lts-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Alternative image types
Base Image Vulnerabilities Severity
node:16.19-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection

github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Delete file for PR #1266
8dde425
github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Added file for PR #1266
2257cd3
@github-actions
Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies 
- @popperjs/core
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript
- webpack
Unused devdependencies 
- @babel/core
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-eslint
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- cypress
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- markdownlint-cli2
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-hoso-kinshi-yogo
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint
Missing 
- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

- https
  - /github/workspace/scripts/uploadScreenShot.ts

@github-actions github-actions bot requested a deployment to development-storybook January 19, 2023 16:27 Pending
@github-actions
Copy link
Contributor

Memlab leaks report

page-load [8.3MB] (baseline) [s1] > action-on-page [9.3MB] (target) [s2] > revert [9.5MB] (final) [s3]  
------3 clusters------

--Similar leaks in this run: 1079--
--Retained size of leaked objects: 157.6KB--
[<synthetic>] (synthetic) @1 [10.4MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.6KB]
  --setInterval (property)--->  [<closure>] (closure) @179885 [264 bytes]
  --context (internal)--->  [<function scope>] (object) @179891 [20 bytes]
  --previous (internal)--->  [<function scope>] (object) @71831 [44.1KB]
  --n (variable)--->  [t] (closure) @158747 [1.2KB]
  --context (internal)--->  [<function scope>] (object) @140087 [42.9KB]
  --n (variable)--->  [Object] (object) @357359 [42.9KB]
  --449 (element)--->  [Object] (object) @175281 [24 bytes]
  --exports (property)--->  [r] (closure) @229529 [2.1KB]
  --hasData (property)--->  [<closure>] (closure) @230755 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @229933 [1.3KB]
  --e (variable)--->  [Object] (object) @229935 [1KB]
  --2 (element)--->  [Object] (object) @374785 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @454777 [348 bytes]
  --$node (property)--->  [q] (object) @454797 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @373215 [648 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @371979 [5.7KB]
  --7 (element)--->  [Detached HTMLDivElement] (native) @373591 [400 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @373481 [400 bytes]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @373289 [2.2KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @373303 [2.2KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @373317 [2.2KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @373331 [2.2KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @373345 [2.2KB]
  --13 (element)--->  [Detached InternalNode] (native) @344779008 [496 bytes]
  --4 (element)--->  [Detached ElementIntersectionObserverData] (native) @390875904 [64 bytes]

--Similar leaks in this run: 292--
--Retained size of leaked objects: 50.7KB--
[<synthetic>] (synthetic) @1 [10.4MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.6KB]
  --___navigate (property)--->  [<closure>] (closure) @286065 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @298781 [496 bytes]
  --a (variable)--->  [Module] (object) @170533 [5.8KB]
  --get version (property)--->  [version] (closure) @142591 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @142595 [16.4KB]
  --Qn (variable)--->  [y] (object) @485429 [368 bytes]
  --props (property)--->  [Object] (object) @508439 [28 bytes]
  --children (property)--->  [Object] (object) @506073 [296 bytes]
  --props (property)--->  [Object] (object) @506195 [56 bytes]
  --children (property)--->  [Object] (object) @506221 [1.2KB]
  --__ (property)--->  [Object] (object) @532583 [1.1KB]
  --__ (property)--->  [Object] (object) @532587 [940 bytes]
  --__ (property)--->  [Object] (object) @532055 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @373631 [476 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @373629 [400 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @373627 [400 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @373255 [14.2KB]
  --8 (element)--->  [Detached HTMLElement] (native) @373273 [27.6KB]
  --6 (element)--->  [Detached HTMLDivElement] (native) @373269 [2.4KB]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @373259 [1KB]
  --9 (element)--->  [Detached HTMLParagraphElement] (native) @373263 [480 bytes]
  --10 (element)--->  [Detached InternalNode] (native) @149930720 [144 bytes]
  --1 (element)--->  [Detached DOMTokenList] (native) @390861664 [56 bytes]

--Similar leaks in this run: 7--
--Retained size of leaked objects: 832 bytes--
[<synthetic>] (synthetic) @1 [10.4MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [74.6KB]
  --__twttrll (property)--->  [Array] (object) @285969 [184 bytes]
  --push (property)--->  [e] (closure) @99123 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @99129 [248 bytes]
  --n (variable)--->  [Object] (object) @99813 [13KB]
  --102 (element)--->  [Object] (object) @98657 [24 bytes]
  --exports (property)--->  [Object] (object) @100583 [3.5KB]
  --init (property)--->  [init] (closure) @101967 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @102149 [3.1KB]
  --i (variable)--->  [Detached HTMLIFrameElement] (native) @40643 [592 bytes]
  --5 (element)--->  [Detached DOMTokenList] (native) @297158944 [56 bytes]

@github-actions
Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1715 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Issues to fix by upgrading:

Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.0.0 to fix
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526] in sanitize-html@2.3.2
introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.3.2

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by gatsby@4.25.1 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0
introduced by html-minifier@4.0.0
No upgrade or patch available
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0
introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0
No upgrade or patch available

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

✔ Awesome! No issues were found.

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!

Test Summary

Organization: tubone24
Project name: tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]

Tip

New: Share your test results in the Snyk Web UI with the option --report

Container

⚠ Important: Beginning January 24th, 2023, application dependencies in container images will be scanned by default when using the snyk container test/monitor commands. If you are using Snyk in a CI pipeline, action may be required. Read https://snyk.io/blog/securing-container-applications-using-the-snyk-cli/ for more info.

Testing test-blog...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Privilege Management
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Memory Leak
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in lz4/liblz4-1
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3
From: lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1

✗ Low severity vulnerability found in libtasn1-6
Description: CVE-2018-1000654
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libseccomp/libseccomp2
Description: CVE-2019-9893
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3
From: libseccomp/libseccomp2@2.3.3-4
From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4

✗ Low severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3
From: libidn2/libidn2-0@2.0.5-1+deb10u1
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3
From: gnupg2/gpgv@2.2.12-1+deb10u2
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2019-1010023
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Low severity vulnerability found in e2fsprogs/libcom-err2
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482
Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3
From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
and 5 more...

✗ Low severity vulnerability found in db5.3/libdb5.3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169
Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118
From: db5.3/libdb5.3@5.3.28+dfsg1-0.5
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5

✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in bash
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-3112363
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3
From: apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3

✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Critical severity vulnerability found in libtasn1-6
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3
Fixed in: 4.13-3+deb10u1

Organization: tubone24
Package manager: deb
Project name: docker-image|test-blog
Docker image: test-blog
Platform: linux/amd64
Base image: node:16.19.0-slim
Licenses: enabled

Tested 86 dependencies for known issues, found 57 issues.

Base Image Vulnerabilities Severity
node:16.19.0-slim 57 1 critical, 2 high, 0 medium, 54 low

Recommendations for base image upgrade:

Major upgrades
Base Image Vulnerabilities Severity
node:lts-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Alternative image types
Base Image Vulnerabilities Severity
node:16.19-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection

github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Delete file for PR #1266
3cacabf
github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Added file for PR #1266
4b2f20e
github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Delete file for PR #1266
8eba578
github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Added file for PR #1266
b2c1aad
@github-actions github-actions bot requested a deployment to development-storybook January 19, 2023 16:43 Pending
@github-actions
Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies 
- @popperjs/core
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript
- webpack
Unused devdependencies 
- @babel/core
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-eslint
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- cypress
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- markdownlint-cli2
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-hoso-kinshi-yogo
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint
Missing 
- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

- https
  - /github/workspace/scripts/uploadScreenShot.ts

@github-actions
Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies 
- @popperjs/core
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript
- webpack
Unused devdependencies 
- @babel/core
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-eslint
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- cypress
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- markdownlint-cli2
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-hoso-kinshi-yogo
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint
Missing 
- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

- https
  - /github/workspace/scripts/uploadScreenShot.ts

@github-actions github-actions bot requested a deployment to development-storybook January 19, 2023 16:46 Pending
@github-actions
Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1715 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Issues to fix by upgrading:

Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.0.0 to fix
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526] in sanitize-html@2.3.2
introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.3.2

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by gatsby@4.25.1 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0
introduced by html-minifier@4.0.0
No upgrade or patch available
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0
introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0
No upgrade or patch available

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

✔ Awesome! No issues were found.

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!

Test Summary

Organization: tubone24
Project name: tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]

Tip

New: Share your test results in the Snyk Web UI with the option --report

Container

⚠ Important: Beginning January 24th, 2023, application dependencies in container images will be scanned by default when using the snyk container test/monitor commands. If you are using Snyk in a CI pipeline, action may be required. Read https://snyk.io/blog/securing-container-applications-using-the-snyk-cli/ for more info.

Testing test-blog...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Privilege Management
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Memory Leak
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in lz4/liblz4-1
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3
From: lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1

✗ Low severity vulnerability found in libtasn1-6
Description: CVE-2018-1000654
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libseccomp/libseccomp2
Description: CVE-2019-9893
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3
From: libseccomp/libseccomp2@2.3.3-4
From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4

✗ Low severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3
From: libidn2/libidn2-0@2.0.5-1+deb10u1
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3
From: gnupg2/gpgv@2.2.12-1+deb10u2
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2019-1010023
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Low severity vulnerability found in e2fsprogs/libcom-err2
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482
Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3
From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
and 5 more...

✗ Low severity vulnerability found in db5.3/libdb5.3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169
Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118
From: db5.3/libdb5.3@5.3.28+dfsg1-0.5
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5

✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in bash
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-3112363
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3
From: apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3

✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Critical severity vulnerability found in libtasn1-6
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3
Fixed in: 4.13-3+deb10u1

Organization: tubone24
Package manager: deb
Project name: docker-image|test-blog
Docker image: test-blog
Platform: linux/amd64
Base image: node:16.19.0-slim
Licenses: enabled

Tested 86 dependencies for known issues, found 57 issues.

Base Image Vulnerabilities Severity
node:16.19.0-slim 57 1 critical, 2 high, 0 medium, 54 low

Recommendations for base image upgrade:

Major upgrades
Base Image Vulnerabilities Severity
node:lts-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Alternative image types
Base Image Vulnerabilities Severity
node:16.19-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection

@github-actions
Copy link
Contributor

Memlab leaks report

page-load [7.7MB] (baseline) [s1] > action-on-page [8.9MB] (target) [s2] > revert [9.2MB] (final) [s3]  
------3 clusters------

--Similar leaks in this run: 982--
--Retained size of leaked objects: 156.9KB--
[<synthetic>] (synthetic) @1 [10MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.6KB]
  --webpackChunkblog (property)--->  [Array] (object) @190249 [8.7KB]
  --push (property)--->  [native_bind] (closure) @231553 [128 bytes]
  --bound_function (internal)--->  [r] (closure) @303927 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @231581 [312 bytes]
  --previous (internal)--->  [<function scope>] (object) @231573 [43.2KB]
  --n (variable)--->  [Object] (object) @231579 [43.1KB]
  --449 (element)--->  [Object] (object) @221295 [24 bytes]
  --exports (property)--->  [r] (closure) @92867 [2.1KB]
  --hasData (property)--->  [<closure>] (closure) @92987 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @142985 [1.3KB]
  --e (variable)--->  [Object] (object) @142969 [1KB]
  --1 (element)--->  [Object] (object) @142971 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @113233 [348 bytes]
  --$node (property)--->  [q] (object) @268231 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @42079 [816 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @42485 [304 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @42511 [400 bytes]
  --7 (element)--->  [Detached HTMLElement] (native) @42519 [400 bytes]
  --8 (element)--->  [Detached HTMLElement] (native) @42517 [400 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @42193 [400 bytes]
  --9 (element)--->  [Detached InternalNode] (native) @377837120 [240 bytes]
  --2 (element)--->  [Detached NamedNodeMap] (native) @377717056 [32 bytes]

--Similar leaks in this run: 269--
--Retained size of leaked objects: 54.3KB--
[<synthetic>] (synthetic) @1 [10MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.6KB]
  --___push (property)--->  [<closure>] (closure) @190511 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @254787 [496 bytes]
  --a (variable)--->  [Module] (object) @96113 [5.8KB]
  --get version (property)--->  [version] (closure) @231781 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @149099 [16.4KB]
  --Qn (variable)--->  [y] (object) @459145 [368 bytes]
  --props (property)--->  [Object] (object) @495431 [28 bytes]
  --children (property)--->  [Object] (object) @514191 [296 bytes]
  --props (property)--->  [Object] (object) @514185 [56 bytes]
  --children (property)--->  [Object] (object) @479385 [1.2KB]
  --__ (property)--->  [Object] (object) @484553 [1.1KB]
  --__ (property)--->  [Object] (object) @484571 [940 bytes]
  --__ (property)--->  [Object] (object) @484585 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @348725 [504 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @348723 [428 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @348721 [428 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @349329 [14.6KB]
  --5 (element)--->  [Detached HTMLAnchorElement] (native) @349327 [2.3KB]
  --8 (element)--->  [Detached HTMLSpanElement] (native) @349323 [428 bytes]
  --6 (element)--->  [Detached InternalNode] (native) @378334880 [268 bytes]
  --2 (element)--->  [Detached NamedNodeMap] (native) @377766784 [32 bytes]

--Similar leaks in this run: 7--
--Retained size of leaked objects: 520 bytes--
[<synthetic>] (synthetic) @1 [10MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.6KB]
  --__twttrll (property)--->  [Array] (object) @62789 [184 bytes]
  --push (property)--->  [e] (closure) @242203 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @62769 [248 bytes]
  --n (variable)--->  [Object] (object) @241971 [13KB]
  --162 (element)--->  [Object] (object) @242839 [1KB]
  --exports (property)--->  [<closure>] (closure) @243091 [984 bytes]
  --context (internal)--->  [<function scope>] (object) @243115 [916 bytes]
  --d (variable)--->  [Detached HTMLAnchorElement] (native) @43077 [228 bytes]
  --3 (element)--->  [Detached DOMTokenList] (native) @378488320 [56 bytes]

github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Delete file for PR #1266
0d9dc72
github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Added file for PR #1266
6a26fb1
@github-actions
Copy link
Contributor

Memlab leaks report

page-load [8MB] (baseline) [s1] > action-on-page [9.4MB] (target) [s2] > revert [9.6MB] (final) [s3]  
------3 clusters------

--Similar leaks in this run: 964--
--Retained size of leaked objects: 169.8KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.7KB]
  --setTimeout (property)--->  [<closure>] (closure) @223175 [264 bytes]
  --context (internal)--->  [<function scope>] (object) @206949 [20 bytes]
  --previous (internal)--->  [<function scope>] (object) @79271 [44.2KB]
  --n (variable)--->  [t] (closure) @180155 [1.2KB]
  --context (internal)--->  [<function scope>] (object) @192981 [42.3KB]
  --n (variable)--->  [Object] (object) @93711 [42.3KB]
  --449 (element)--->  [Object] (object) @93835 [24 bytes]
  --exports (property)--->  [r] (closure) @159217 [2.1KB]
  --hasData (property)--->  [<closure>] (closure) @167507 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @172075 [1.3KB]
  --e (variable)--->  [Object] (object) @172059 [1KB]
  --1 (element)--->  [Object] (object) @172061 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @269961 [348 bytes]
  --$node (property)--->  [q] (object) @269969 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @42879 [844 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @43131 [332 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @43153 [400 bytes]
  --7 (element)--->  [Detached HTMLElement] (native) @43159 [400 bytes]
  --8 (element)--->  [Detached HTMLElement] (native) @43157 [428 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @42851 [428 bytes]
  --8 (element)--->  [Detached HTMLDivElement] (native) @42849 [524 bytes]
  --8 (element)--->  [Detached HTMLDivElement] (native) @42847 [524 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @40701 [428 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @40709 [428 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @40751 [428 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @40757 [428 bytes]
  --5 (element)--->  [Detached HTMLSpanElement] (native) @40773 [604 bytes]
  --8 (element)--->  [Detached HTMLAnchorElement] (native) @40775 [2.3KB]
  --13 (element)--->  [Detached InternalNode] (native) @384312544 [552 bytes]
  --4 (element)--->  [Detached ElementIntersectionObserverData] (native) @390848096 [64 bytes]

--Similar leaks in this run: 250--
--Retained size of leaked objects: 54.3KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.7KB]
  --___navigate (property)--->  [<closure>] (closure) @116641 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @115703 [496 bytes]
  --a (variable)--->  [Module] (object) @97189 [5.8KB]
  --get version (property)--->  [version] (closure) @193299 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @89279 [16.4KB]
  --Qn (variable)--->  [y] (object) @466759 [412 bytes]
  --props (property)--->  [Object] (object) @502737 [28 bytes]
  --children (property)--->  [Object] (object) @515109 [296 bytes]
  --props (property)--->  [Object] (object) @515111 [56 bytes]
  --children (property)--->  [Object] (object) @495395 [1.2KB]
  --__ (property)--->  [Object] (object) @495825 [1.1KB]
  --__ (property)--->  [Object] (object) @495841 [940 bytes]
  --__ (property)--->  [Object] (object) @495859 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @351811 [504 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @351809 [428 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @351807 [428 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @351805 [7.5KB]
  --5 (element)--->  [Detached HTMLDivElement] (native) @351801 [6.7KB]
  --6 (element)--->  [Detached HTMLDivElement] (native) @351793 [5.5KB]
  --5 (element)--->  [Detached HTMLDivElement] (native) @351791 [4.5KB]
  --5 (element)--->  [Detached HTMLPictureElement] (native) @351789 [3.4KB]
  --5 (element)--->  [Detached HTMLSourceElement] (native) @351787 [1.5KB]
  --10 (element)--->  [Detached InternalNode] (native) @390979648 [460 bytes]
  --2 (element)--->  [Detached NamedNodeMap] (native) @390845376 [32 bytes]

--Similar leaks in this run: 10--
--Retained size of leaked objects: 872 bytes--
[<synthetic>] (synthetic) @1 [10.5MB]
  --6 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9845 [59.7KB]
  --__twttrll (property)--->  [Array] (object) @206925 [184 bytes]
  --push (property)--->  [e] (closure) @206263 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @205949 [248 bytes]
  --n (variable)--->  [Object] (object) @205931 [13KB]
  --102 (element)--->  [Object] (object) @206779 [24 bytes]
  --exports (property)--->  [Object] (object) @207919 [3.5KB]
  --init (property)--->  [init] (closure) @208113 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @208191 [3.1KB]
  --r (variable)--->  [Detached HTMLFormElement] (native) @40019 [1.8KB]
  --5 (element)--->  [Detached HTMLInputElement] (native) @40027 [684 bytes]
  --8 (element)--->  [Detached InternalNode] (native) @335042112 [328 bytes]
  --1 (element)--->  [Detached ShadowRoot] (native) @334839904 [328 bytes]
  --4 (element)--->  [Detached V8ObservableArrayCSSStyleSheet] (native) @384048960 [120 bytes]

@github-actions
Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1715 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Issues to fix by upgrading:

Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.0.0 to fix
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526] in sanitize-html@2.3.2
introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.3.2

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by gatsby@4.25.1 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0
introduced by html-minifier@4.0.0
No upgrade or patch available
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0
introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0
No upgrade or patch available

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

✔ Awesome! No issues were found.

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!

Test Summary

Organization: tubone24
Project name: tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]

Tip

New: Share your test results in the Snyk Web UI with the option --report

Container

⚠ Important: Beginning January 24th, 2023, application dependencies in container images will be scanned by default when using the snyk container test/monitor commands. If you are using Snyk in a CI pipeline, action may be required. Read https://snyk.io/blog/securing-container-applications-using-the-snyk-cli/ for more info.

Testing test-blog...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Privilege Management
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Memory Leak
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: systemd/libsystemd0@241-7deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in lz4/liblz4-1
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3
From: lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1

✗ Low severity vulnerability found in libtasn1-6
Description: CVE-2018-1000654
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libseccomp/libseccomp2
Description: CVE-2019-9893
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3
From: libseccomp/libseccomp2@2.3.3-4
From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4

✗ Low severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3
From: libidn2/libidn2-0@2.0.5-1+deb10u1
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3
From: gnupg2/gpgv@2.2.12-1+deb10u2
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2019-1010023
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Low severity vulnerability found in e2fsprogs/libcom-err2
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482
Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3
From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
and 5 more...

✗ Low severity vulnerability found in db5.3/libdb5.3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169
Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118
From: db5.3/libdb5.3@5.3.28+dfsg1-0.5
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5

✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in bash
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-3112363
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3
From: apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3

✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/libc-bin@2.28-10+deb10u2, meta-common-packages@meta
From: glibc/libc-bin@2.28-10+deb10u2
From: meta-common-packages@meta > glibc/libc6@2.28-10+deb10u2

✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Critical severity vulnerability found in libtasn1-6
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3
Fixed in: 4.13-3+deb10u1

Organization: tubone24
Package manager: deb
Project name: docker-image|test-blog
Docker image: test-blog
Platform: linux/amd64
Base image: node:16.19.0-slim
Licenses: enabled

Tested 86 dependencies for known issues, found 57 issues.

Base Image Vulnerabilities Severity
node:16.19.0-slim 57 1 critical, 2 high, 0 medium, 54 low

Recommendations for base image upgrade:

Major upgrades
Base Image Vulnerabilities Severity
node:lts-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Alternative image types
Base Image Vulnerabilities Severity
node:16.19-bullseye-slim 43 0 critical, 0 high, 0 medium, 43 low

Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection

github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Delete file for PR #1266
da7c2a4
github-actions bot pushed a commit that referenced this pull request Jan 19, 2023
@tubone24
[file upload] Added file for PR #1266
f92ca8a
@tubone24 tubone24 merged commit 75841cd into master Jan 19, 2023
@tubone24 tubone24 deleted the code_scan branch January 19, 2023 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@tubone24 tubone24

Labels
functions packages
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tubone24 @coveralls