Update dependency nexmo-client to v8 (main) #51
Security Report
❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
general
https://vonagecc.jfrog.io/artifactory
Step | Level | Description | Details |
---|---|---|---|
Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | Unsupported registry hostType gradle, skipped |
https://vonagecc.jfrog.io/artifactory/maven
Step | Level | Description | Details |
---|---|---|---|
Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | Unsupported registry hostType gradle, skipped |
You have successfully remediated 15 vulnerabilities, but introduced 1 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
---|---|---|---|---|---|---|---|---|
CVE-2022-33987Path to dependency file: /enable-video/package.json Path to vulnerable library: /enable-video/node_modules/got/package.json,/inviting-members/node_modules/got/package.json,/enable-audio/node_modules/got/package.json,/utilizing-events/node_modules/got/package.json,/enable-screen-share/node_modules/got/package.json,/simple-conversation/node_modules/got/package.json Dependency Hierarchy: -> nexmo-client-8.7.3.tgz (Root Library) -> public-ip-4.0.4.tgz -> ❌ got-9.6.0.tgz (Vulnerable Library) |
Medium | 5.3 | Not Defined | 0.1% | got-9.6.0.tgz | Upgrade to version: got - 11.8.5,12.1.0 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2020-28481 | socket.io-2.2.0.tgz |
CVE-2021-31597 | xmlhttprequest-ssl-1.5.5.tgz |
CVE-2022-2421 | socket.io-parser-3.3.2.tgz |
CVE-2017-16137 | debug-4.1.1.tgz |
CVE-2020-36048 | engine.io-3.3.2.tgz |
WS-2020-0443 | socket.io-2.2.0.tgz |
CVE-2020-36049 | socket.io-parser-3.3.0.tgz |
CVE-2022-41940 | engine.io-3.3.2.tgz |
CVE-2023-32695 | socket.io-parser-3.4.1.tgz |
CVE-2022-2421 | socket.io-parser-3.4.1.tgz |
CVE-2022-41940 | engine.io-3.6.0.tgz |
CVE-2020-28502 | xmlhttprequest-ssl-1.5.5.tgz |
CVE-2021-32640 | ws-6.1.3.tgz |
CVE-2021-32640 | ws-6.1.4.tgz |
CVE-2022-2421 | socket.io-parser-3.3.0.tgz |
Base branch total remaining vulnerabilities: 15
Base branch commit: null
Total libraries scanned: 82
Scan token: 57fbf82de1f54bbc9277006353aa7ef5