Update dependency mongodb to ^4.17.0 #20
Open
Mend for GitHub.com / WhiteSource Security Check
failed
Jan 12, 2025 in 5m 56s
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-37168Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> firebase-9.23.0.tgz (Root Library) -> firestore-3.13.0.tgz -> ❌ grpc-js-1.7.3.tgz (Vulnerable Library) |
 Medium |
5.3 | grpc-js-1.7.3.tgz | Upgrade to version: @grpc/grpc-js - 1.8.22,1.9.15,1.10.9 | None |
CVE-2024-11023Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> firebase-9.23.0.tgz (Root Library) -> ❌ auth-0.23.2.tgz (Vulnerable Library) |
Medium |
5.3 | auth-0.23.2.tgz | Upgrade to version: @firebase/auth - 1.6.2 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2021-32050 | mongodb-4.9.1.tgz |
| CVE-2023-42282 | ip-2.0.0.tgz |
| CVE-2023-36665 | protobufjs-7.1.2.tgz |
| CVE-2022-23541 | jsonwebtoken-8.5.1.tgz |
| CVE-2024-37890 | ws-8.9.0.tgz |
| CVE-2022-25883 | semver-5.7.1.tgz |
| CVE-2021-32050 | mongodb-4.10.0.tgz |
| CVE-2023-36665 | protobufjs-6.11.3.tgz |
| CVE-2024-29415 | ip-2.0.0.tgz |
| CVE-2024-53900 | mongoose-6.6.5.tgz |
| CVE-2022-38900 | decode-uri-component-0.2.0.tgz |
| CVE-2023-5590 | selenium-webdriver-4.1.2.tgz |
| CVE-2023-3696 | mongoose-6.6.5.tgz |
| CVE-2022-23540 | jsonwebtoken-8.5.1.tgz |
| CVE-2024-11023 | @firebase/auth-0.20.8.tgz |
| CVE-2022-23539 | jsonwebtoken-8.5.1.tgz |
| CVE-2024-37168 | grpc-js-1.7.1.tgz |
Base branch total remaining vulnerabilities: 28
Base branch commit: null
Total libraries scanned: 308
Scan token: 07e1c435d7904d1bbdf29545757e6ffc
Loading