[Snyk] Security upgrade @reactioncommerce/api-plugin-files from 1.0.19 to 1.1.0 #227
Security Report
7 new vulnerabilities were introduced in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2023-26136Dependency Hierarchy: -> api-plugin-authentication-2.2.3.tgz (Root Library) -> logger-1.1.3.tgz -> node-loggly-bulk-2.2.5.tgz -> request-2.88.2.tgz -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-2.5.0.tgz | Upgrade to version: tough-cookie - 4.1.3 | None |
High | 7.5 | semver-6.3.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None | |
CVE-2022-25883Dependency Hierarchy: -> sharp-0.29.3.tgz (Root Library) -> ❌ semver-7.3.5.tgz (Vulnerable Library) |
High | 7.5 | semver-7.3.5.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-25883Dependency Hierarchy: -> api-core-2.0.0.tgz (Root Library) -> mongodb-3.6.2.tgz -> require_optional-1.0.1.tgz -> ❌ semver-5.7.1.tgz (Vulnerable Library) |
High | 7.5 | semver-5.7.1.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-25883Dependency Hierarchy: -> api-plugin-tags-1.1.1.tgz (Root Library) -> data-factory-1.0.1.tgz -> preset-env-7.12.1.tgz -> core-js-compat-3.7.0.tgz -> ❌ semver-7.0.0.tgz (Vulnerable Library) |
High | 7.5 | semver-7.0.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-24999Dependency Hierarchy: -> api-core-2.0.0.tgz (Root Library) -> express-4.17.1.tgz -> ❌ qs-6.7.0.tgz (Vulnerable Library) |
High | 7.5 | qs-6.7.0.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | #221 |
CVE-2022-24999Dependency Hierarchy: -> api-plugin-authentication-2.2.3.tgz (Root Library) -> logger-1.1.3.tgz -> node-loggly-bulk-2.2.5.tgz -> request-2.88.2.tgz -> ❌ qs-6.5.2.tgz (Vulnerable Library) |
High | 7.5 | qs-6.5.2.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | #221 |
Base branch total remaining vulnerabilities: 55
Base branch commit: null
Total libraries scanned: 836
Scan token: 219c623e78cf432dba13f2fdf36d4938