Update dependency grunt to v1.5.3 (develop) #862
Security Report
❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
general
https://vonagecc.jfrog.io/artifactory
Step | Level | Description | Details |
---|---|---|---|
Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | Unsupported registry hostType gradle, skipped |
https://vonagecc.jfrog.io/artifactory/maven
Step | Level | Description | Details |
---|---|---|---|
Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | Unsupported registry hostType gradle, skipped |
The Security Check found 48 vulnerabilities.
CVE | Severity | CVSS Score | Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
---|---|---|---|---|---|---|---|---|
CVE-2023-26136Path to dependency file: /package.json Path to vulnerable library: /node_modules/tough-cookie/package.json Dependency Hierarchy: -> opentok-2.10.0.tgz (Root Library) -> request-2.88.2.tgz -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library) |
Critical | 9.8 | Not Defined | 0.1% | tough-cookie-2.5.0.tgz | Upgrade to version: tough-cookie - 4.1.3 | #794 | |
CVE-2021-3918Path to dependency file: /package.json Path to vulnerable library: /node_modules/json-schema/package.json Dependency Hierarchy: -> opentok-2.10.0.tgz (Root Library) -> request-2.88.2.tgz -> http-signature-1.2.0.tgz -> jsprim-1.4.1.tgz -> ❌ json-schema-0.2.3.tgz (Vulnerable Library) |
Critical | 9.8 | Not Defined | 0.4% | json-schema-0.2.3.tgz | Upgrade to version: json-schema - 0.4.0 | #794 | |
CVE-2022-23539Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> opentok-2.10.0.tgz (Root Library) -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library) |
High | 8.1 | Not Defined | 0.1% | jsonwebtoken-8.5.1.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #794 | |
CVE-2022-23540Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> opentok-2.10.0.tgz (Root Library) -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library) |
High | 7.6 | Not Defined | 0.1% | jsonwebtoken-8.5.1.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #794 | |
CVE-2022-3517Path to dependency file: /package.json Path to vulnerable library: /node_modules/minimatch/package.json Dependency Hierarchy: -> ejs-3.1.5.tgz (Root Library) -> jake-10.8.2.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.2% | minimatch-3.0.4.tgz | Upgrade to version: minimatch - 3.0.5 | #797 | |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /node_modules/semver/package.json Dependency Hierarchy: -> grunt-html-build-0.7.1.tgz (Root Library) -> js-beautify-1.13.0.tgz -> editorconfig-0.15.3.tgz -> ❌ semver-5.7.1.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.1% | semver-5.7.1.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | #795 | |
CVE-2022-24999Path to dependency file: /package.json Path to vulnerable library: /node_modules/qs/package.json Dependency Hierarchy: -> ❌ qs-6.9.4.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.9% | qs-6.9.4.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | #829 | |
CVE-2022-24999Path to dependency file: /package.json Path to vulnerable library: /node_modules/express/node_modules/qs/package.json,/node_modules/body-parser/node_modules/qs/package.json Dependency Hierarchy: -> express-4.17.1.tgz (Root Library) -> ❌ qs-6.7.0.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.9% | qs-6.7.0.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | #828 | |
CVE-2022-24999Path to dependency file: /package.json Path to vulnerable library: /node_modules/request/node_modules/qs/package.json Dependency Hierarchy: -> opentok-2.10.0.tgz (Root Library) -> request-2.88.2.tgz -> ❌ qs-6.5.2.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.9% | qs-6.5.2.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | #794 | |
CVE-2022-24772Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gtoken-5.1.0.tgz -> google-p12-pem-3.0.3.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.1% | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #787 | |
CVE-2022-24771Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gtoken-5.1.0.tgz -> google-p12-pem-3.0.3.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.1% | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #787 | |
CVE-2022-24434Path to dependency file: /package.json Path to vulnerable library: /node_modules/dicer/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> multer-1.4.2.tgz -> busboy-0.2.14.tgz -> ❌ dicer-0.2.5.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.2% | dicer-0.2.5.tgz | #786 | ||
WS-2018-0590Path to dependency file: /package.json Path to vulnerable library: /node_modules/diff/package.json Dependency Hierarchy: -> grunt-autoprefixer-3.0.4.tgz (Root Library) -> ❌ diff-1.3.2.tgz (Vulnerable Library) |
High | 7.1 | Not Defined | diff-1.3.2.tgz | Upgrade to version: 3.5.0 | #789 | ||
WS-2022-0008Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gtoken-5.1.0.tgz -> google-p12-pem-3.0.3.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium | 6.6 | Not Defined | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | #787 | ||
CVE-2024-28849Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library) |
Medium | 6.5 | Not Defined | 0.0% | follow-redirects-1.13.0.tgz | Upgrade to version: follow-redirects - 1.15.6 | #786 | |
CVE-2022-0155Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library) |
Medium | 6.5 | Not Defined | 0.1% | follow-redirects-1.13.0.tgz | Upgrade to version: follow-redirects - v1.14.7 | #786 | |
CVE-2022-23541Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> opentok-2.10.0.tgz (Root Library) -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library) |
Medium | 6.3 | Not Defined | 0.1% | jsonwebtoken-8.5.1.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #794 | |
CVE-2024-29041Path to dependency file: /package.json Path to vulnerable library: /node_modules/express/package.json Dependency Hierarchy: -> ❌ express-4.17.1.tgz (Vulnerable Library) |
Medium | 6.1 | Not Defined | 0.0% | express-4.17.1.tgz | Upgrade to version: express - 4.19.0 | #828 | |
CVE-2023-28155Path to dependency file: /package.json Path to vulnerable library: /node_modules/request/package.json Dependency Hierarchy: -> opentok-2.10.0.tgz (Root Library) -> ❌ request-2.88.2.tgz (Vulnerable Library) |
Medium | 6.1 | Not Defined | 0.1% | request-2.88.2.tgz | Upgrade to version: @cypress/request - 3.0.0 | #794 | |
CVE-2023-26159Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library) |
Medium | 6.1 | Not Defined | 0.1% | follow-redirects-1.13.0.tgz | Upgrade to version: follow-redirects - 1.15.4 | #786 | |
CVE-2022-0235Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-fetch/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gaxios-4.0.1.tgz -> ❌ node-fetch-2.6.1.tgz (Vulnerable Library) |
Medium | 6.1 | Not Defined | 0.4% | node-fetch-2.6.1.tgz | Upgrade to version: node-fetch - 2.6.7,3.1.1 | #787 | |
CVE-2022-0122Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gtoken-5.1.0.tgz -> google-p12-pem-3.0.3.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium | 6.1 | Not Defined | 0.1% | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | #787 | |
CVE-2022-0536Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library) |
Medium | 5.9 | Not Defined | 0.1% | follow-redirects-1.13.0.tgz | Upgrade to version: follow-redirects - 1.14.8 | #786 | |
CVE-2023-0842Path to dependency file: /package.json Path to vulnerable library: /node_modules/xml2js/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ xml2js-0.4.23.tgz (Vulnerable Library) |
Medium | 5.3 | Not Defined | 0.1% | xml2js-0.4.23.tgz | Upgrade to version: xml2js - 0.5.0 | #786 | |
CVE-2022-24773Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> google-auth-library-6.1.3.tgz (Root Library) -> gtoken-5.1.0.tgz -> google-p12-pem-3.0.3.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium | 5.3 | Not Defined | 0.1% | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #787 | |
WS-2021-0153Path to dependency file: /package.json Path to vulnerable library: /node_modules/ejs/package.json Dependency Hierarchy: -> ❌ ejs-3.1.5.tgz (Vulnerable Library) |
Critical | 9.8 | Not Defined | ejs-3.1.5.tgz | Upgrade to version: ejs - 3.1.6 | #797 | ||
CVE-2022-37602Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-karma/package.json Dependency Hierarchy: -> ❌ grunt-karma-4.0.0.tgz (Vulnerable Library) |
Critical | 9.8 | Not Defined | 0.2% | grunt-karma-4.0.0.tgz | #817 | ||
CVE-2022-29078Path to dependency file: /package.json Path to vulnerable library: /node_modules/ejs/package.json Dependency Hierarchy: -> ❌ ejs-3.1.5.tgz (Vulnerable Library) |
Critical | 9.8 | Not Defined | 42.5% | ejs-3.1.5.tgz | Upgrade to version: ejs - v3.1.7 | #797 | |
CVE-2021-44906Path to dependency file: /package.json Path to vulnerable library: /node_modules/minimist/package.json Dependency Hierarchy: -> grunt-contrib-compress-1.6.0.tgz (Root Library) -> iltorb-2.4.5.tgz -> prebuild-install-5.3.6.tgz -> ❌ minimist-1.2.5.tgz (Vulnerable Library) |
Critical | 9.8 | Not Defined | 1.2% | minimist-1.2.5.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #792 | |
CVE-2020-28282Path to dependency file: /package.json Path to vulnerable library: /node_modules/getobject/package.json Dependency Hierarchy: -> grunt-gitinfo-0.1.9.tgz (Root Library) -> ❌ getobject-0.1.0.tgz (Vulnerable Library) |
Critical | 9.8 | Not Defined | 0.70000005% | getobject-0.1.0.tgz | Upgrade to version: getobject - 1.0.0 | #793 | |
CVE-2019-10744Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
Critical | 9.1 | Not Defined | 1.5% | lodash-0.10.0.tgz | Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 | #796 | |
CVE-2021-43138Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-contrib-connect/node_modules/async/package.json Dependency Hierarchy: -> grunt-contrib-connect-3.0.0.tgz (Root Library) -> ❌ async-3.2.0.tgz (Vulnerable Library) |
High | 7.8 | Not Defined | 0.1% | async-3.2.0.tgz | Upgrade to version: async - 2.6.4,3.2.2 | #799 | |
CVE-2021-43138Path to dependency file: /package.json Path to vulnerable library: /node_modules/geoip-lite/node_modules/async/package.json,/node_modules/portscanner/node_modules/async/package.json,/node_modules/grunt-contrib-watch/node_modules/async/package.json,/node_modules/grunt-contrib-less/node_modules/async/package.json,/node_modules/grunt-bower-task/node_modules/async/package.json,/node_modules/grunt-contrib-clean/node_modules/async/package.json,/node_modules/archiver/node_modules/async/package.json Dependency Hierarchy: -> geoip-lite-1.4.2.tgz (Root Library) -> ❌ async-2.6.3.tgz (Vulnerable Library) |
High | 7.8 | Not Defined | 0.1% | async-2.6.3.tgz | Upgrade to version: async - 2.6.4,3.2.2 | #812 | |
CVE-2022-38900Path to dependency file: /package.json Path to vulnerable library: /node_modules/decode-uri-component/package.json Dependency Hierarchy: -> grunt-cli-1.3.2.tgz (Root Library) -> liftoff-2.5.0.tgz -> findup-sync-2.0.0.tgz -> micromatch-3.1.10.tgz -> snapdragon-0.8.2.tgz -> source-map-resolve-0.5.3.tgz -> ❌ decode-uri-component-0.2.0.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.2% | decode-uri-component-0.2.0.tgz | Upgrade to version: decode-uri-component - 0.2.1 | #798 | |
CVE-2022-25858Path to dependency file: /package.json Path to vulnerable library: /node_modules/terser/package.json Dependency Hierarchy: -> grunt-terser-1.0.0.tgz (Root Library) -> ❌ terser-4.8.0.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.2% | terser-4.8.0.tgz | Upgrade to version: terser - 4.8.1,5.14.2 | #813 | |
CVE-2022-0355Path to dependency file: /package.json Path to vulnerable library: /node_modules/simple-get/package.json Dependency Hierarchy: -> grunt-contrib-compress-1.6.0.tgz (Root Library) -> iltorb-2.4.5.tgz -> prebuild-install-5.3.6.tgz -> ❌ simple-get-3.1.0.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.2% | simple-get-3.1.0.tgz | Upgrade to version: simple-get - 4.0.1 | #792 | |
CVE-2021-23382Path to dependency file: /package.json Path to vulnerable library: /node_modules/postcss/package.json Dependency Hierarchy: -> grunt-autoprefixer-3.0.4.tgz (Root Library) -> ❌ postcss-4.1.16.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.2% | postcss-4.1.16.tgz | Upgrade to version: postcss - 8.2.13 | #789 | |
CVE-2017-20165Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-rest-client/node_modules/debug/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ debug-2.2.0.tgz (Vulnerable Library) |
High | 7.5 | Not Defined | 0.6% | debug-2.2.0.tgz | Upgrade to version: debug - 2.6.9,3.1.0 | #786 | |
CVE-2020-8203Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
High | 7.4 | Not Defined | 1.0% | lodash-0.10.0.tgz | Upgrade to version: lodash - 4.17.19 | #796 | |
CVE-2021-23337Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> async-2.6.3.tgz -> ❌ lodash-4.17.20.tgz (Vulnerable Library) |
High | 7.2 | Not Defined | 0.6% | lodash-4.17.20.tgz | Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 | #796 | |
CVE-2021-23337Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
High | 7.2 | Not Defined | 0.6% | lodash-0.10.0.tgz | Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 | #796 | |
CVE-2019-1010266Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
Medium | 6.5 | Not Defined | 0.3% | lodash-0.10.0.tgz | Upgrade to version: lodash-4.17.11 | #796 | |
CVE-2018-3721Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
Medium | 6.5 | Not Defined | 0.1% | lodash-0.10.0.tgz | Upgrade to version: lodash 4.17.5 | #796 | |
CVE-2018-16487Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
Medium | 5.6 | Not Defined | 0.1% | lodash-0.10.0.tgz | Upgrade to version: lodash 4.17.11 | #796 | |
CVE-2017-20162Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-rest-client/node_modules/ms/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> debug-2.2.0.tgz -> ❌ ms-0.7.1.tgz (Vulnerable Library) |
Medium | 5.3 | Not Defined | 0.1% | ms-0.7.1.tgz | Upgrade to version: ms - 2.0.0 | #786 | |
CVE-2017-16137Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-rest-client/node_modules/debug/package.json Dependency Hierarchy: -> swagger-boilerplate-0.1.6.tgz (Root Library) -> node-rest-client-3.1.0.tgz -> ❌ debug-2.2.0.tgz (Vulnerable Library) |
Low | 3.7 | Not Defined | 0.3% | debug-2.2.0.tgz | Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 | #786 | |
CVE-2020-28500Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
Medium | 5.3 | Not Defined | 0.2% | lodash-0.10.0.tgz | Upgrade to version: lodash - 4.17.21 | #796 | |
CVE-2020-28500Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> async-2.6.3.tgz -> ❌ lodash-4.17.20.tgz (Vulnerable Library) |
Medium | 5.3 | Not Defined | 0.2% | lodash-4.17.20.tgz | Upgrade to version: lodash - 4.17.21 | #796 |
Total libraries scanned: 608
Scan token: 33418ce62b9847168387914e950677f7