This repository has been archived by the owner on Apr 11, 2023. It is now read-only.
Upgrade Vulnerable Libraries #1973
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Upgrade included vulnerable libraries to the non-vulnerable versions
Module: trustbloc / wallet
Dependency github.com/opencontainers/runc Version < 1.0.3 Upgrade to ~> 1.0.3
Defined in go.sum
Vulnerabilities
CVE-2021-43784 Moderate severity
CVE-2022-29162 Moderate severity
CVE-2019-19921 Moderate severity
Dependency github.com/whyrusleeping/tar-utils Version < 0.0.0-20201201191210-20a61371de5b Upgrade to ~> 0.0.0-20201201191210-20a61371de5b
Defined in go.sum
Vulnerabilities
CVE-2020-36566 Critical severity
Dependency json5 Version < 1.0.2 Upgrade to ~> 1.0.2
Defined in package-lock.json
Vulnerabilities
CVE-2022-46175 High severity
CVE-2022-46175 High severity
CVE-2022-46175 High severity
Dependency ua-parser-js Version >= 0.8.0 < 1.0.33 Upgrade to ~> 1.0.33
Defined in package-lock.json Suggested update #1960
Vulnerabilities
CVE-2022-25927 High severity
CVE-2022-25927 High severity
Dependency http-cache-semantics Version < 4.1.1 Upgrade to ~> 4.1.1
Defined in package-lock.json Suggested update #1966
Vulnerabilities
CVE-2022-25881 High severity
Dependency @sideway/formula Version < 3.0.1 Upgrade to ~> 3.0.1
Defined in package-lock.json Suggested update #1969
Vulnerabilities
CVE-2023-25166 Moderate severity
Dependency github.com/prometheus/client_golang Version < 1.11.1 Upgrade to ~> 1.11.1
Defined in go.sum
Vulnerabilities
CVE-2022-21698 High severity
CVE-2022-21698 High severity
trustbloc / sandbox
Dependency is-svg Version >= 2.1.0 < 4.2.2 Upgrade to ~> 4.2.2
Defined in package-lock.json
Vulnerabilities
CVE-2021-28092 High severity
CVE-2021-29059 High severity
Dependency mem Version < 4.0.0 Upgrade to ~> 4.0.0
Defined in package-lock.json
Vulnerabilities
GHSA-4xcv-9jjx-gfj3 Moderate severity
Dependency glob-parent Version < 5.1.2 Upgrade to ~> 5.1.2
Defined in package-lock.json
Vulnerabilities
CVE-2020-28469 High severity
Dependency url-parse Version < 1.5.2 Upgrade to ~> 1.5.2
Defined in package-lock.json
Vulnerabilities
CVE-2022-0686 Critical severity
CVE-2021-3664 Moderate severity
CVE-2022-0512 Moderate severity
CVE-2022-0639 Moderate severity
CVE-2022-0691 Moderate severity
Dependency path-parse Version < 1.0.7 Upgrade to ~> 1.0.7
Defined in package-lock.json Suggested update #1157
Vulnerabilities
CVE-2021-23343 Moderate severity
CVE-2021-23343 Moderate severity
Dependency nth-check Version < 2.0.1 Upgrade to ~> 2.0.1
Defined in package-lock.json
Vulnerabilities
CVE-2021-3803 High severity
Dependency validator Version < 13.7.0 Upgrade to ~> 13.7.0
Defined in package-lock.json
Vulnerabilities
CVE-2021-3765 Moderate severity
GHSA-xx4c-jj58-r7x6 Moderate severity
Dependency github.com/tidwall/gjson Version < 1.9.3 Upgrade to ~> 1.9.3
Defined in go.sum
Vulnerabilities
CVE-2021-42836 High severity
CVE-2021-42836 High severity
CVE-2021-42836 High severity
CVE-2021-42836 High severity
CVE-2021-42248 High severity
Dependency json-schema Version < 0.4.0 Upgrade to ~> 0.4.0
Defined in package-lock.json
Vulnerabilities
CVE-2021-3918 Critical severity
Dependency go.mongodb.org/mongo-driver Version < 1.5.1 Upgrade to ~> 1.5.1
Defined in go.sum
Vulnerabilities
CVE-2021-20329 Moderate severity
Dependency follow-redirects Version < 1.14.7 Upgrade to ~> 1.14.7
Defined in package-lock.json
Vulnerabilities
CVE-2022-0155 High severity
CVE-2022-0536 Moderate severity
Dependency node-forge Version < 1.0.0 Upgrade to ~> 1.0.0
Defined in package-lock.json
Vulnerabilities
CVE-2022-24772 High severity
CVE-2022-24771 High severity
GHSA-gf8q-jrpm-jvxq Low severity
GHSA-5rrq-pxf6-6jx5 Low severity
CVE-2022-0122 Moderate severity
Dependency engine.io Version >= 6.0.0 < 6.1.1 Upgrade to ~> 6.1.1
Defined in package-lock.json
Vulnerabilities
CVE-2022-21676 High severity
CVE-2022-41940 Moderate severity
Dependency highlight.js Version >= 9.0.0 < 10.4.1 Upgrade to ~> 10.4.1
Defined in package-lock.json
Vulnerabilities
GHSA-7wwv-vh3v-89cq Moderate severity
Dependency ssri Version >= 7.0.0 < 7.1.1 Upgrade to ~> 7.1.1
Defined in package-lock.json
Vulnerabilities
CVE-2021-27290 High severity
Dependency yargs-parser Version >= 6.0.0 < 13.1.2 Upgrade to ~> 13.1.2
Defined in package-lock.json
Vulnerabilities
CVE-2020-7608 Moderate severity
Dependency node-fetch Version < 2.6.7 Upgrade to ~> 2.6.7
Defined in package-lock.json
Vulnerabilities
CVE-2022-0235 High severity
Dependency ansi-html Version < 0.0.8 Upgrade to ~> 0.0.8
Defined in package-lock.json
Vulnerabilities
CVE-2021-23424 High severity
Dependency nanoid Version >= 3.0.0 < 3.1.31 Upgrade to ~> 3.1.31
Defined in package-lock.json
Vulnerabilities
CVE-2021-23566 Moderate severity
Dependency ansi-regex Version >= 5.0.0 < 5.0.1 Upgrade to ~> 5.0.1
Defined in package-lock.json
Vulnerabilities
CVE-2021-3807 High severity
CVE-2021-3807 High severity
CVE-2021-3807 High severity
CVE-2021-3807 High severity
CVE-2021-3807 High severity
Dependency minimist Version < 1.2.6 Upgrade to ~> 1.2.6
Defined in package-lock.json
Vulnerabilities
CVE-2021-44906 Critical severity
CVE-2021-44906 Critical severity
Dependency ejs Version < 3.1.7 Upgrade to ~> 3.1.7
Defined in package-lock.json
Vulnerabilities
CVE-2022-29078 Critical severity
CVE-2022-29078 Critical severity
Dependency github.com/opencontainers/runc Version < 1.1.2 Upgrade to ~> 1.1.2
Defined in go.sum
Vulnerabilities
CVE-2022-29162 Moderate severity
CVE-2022-29162 Moderate severity
CVE-2022-29162 Moderate severity
CVE-2022-29162 Moderate severity
CVE-2022-29162 Moderate severity
Dependency eventsource Version < 1.1.1 Upgrade to ~> 1.1.1
Defined in package-lock.json Suggested update #1445
Vulnerabilities
CVE-2022-1650 Critical severity
Dependency async Version >= 2.0.0 < 2.6.4 Upgrade to ~> 2.6.4
Defined in package-lock.json
Vulnerabilities
CVE-2021-43138 High severity
Dependency got Version < 11.8.5 Upgrade to ~> 11.8.5
Defined in package-lock.json Suggested update #1462
Vulnerabilities
CVE-2022-33987 Moderate severity
Dependency shell-quote Version <= 1.7.2 Upgrade to ~> 1.7.3
Defined in package-lock.json Suggested update #1463
Vulnerabilities
CVE-2021-42740 Critical severity
Dependency terser Version < 4.8.1 Upgrade to ~> 4.8.1
Defined in package-lock.json Suggested update #1477
Vulnerabilities
CVE-2022-25858 High severity
Dependency socket.io-parser Version >= 4.0.0 < 4.0.5 Upgrade to ~> 4.0.5
Defined in package-lock.json Suggested update #1589
Vulnerabilities
CVE-2022-2421 Critical severity
Dependency minimatch Version < 3.0.5 Upgrade to ~> 3.0.5
Defined in package-lock.json Suggested update #1590
Vulnerabilities
CVE-2022-3517 High severity
CVE-2022-3517 High severity
Dependency loader-utils Version < 1.4.1 Upgrade to ~> 1.4.1
Defined in package-lock.json
Vulnerabilities
CVE-2022-37601 Critical severity
CVE-2022-37601 Critical severity
CVE-2022-37599 High severity
CVE-2022-37603 High severity
CVE-2022-37599 High severity
Dependency github.com/labstack/echo/v4 Version < 4.9.0 Upgrade to ~> 4.9.0
Defined in go.sum
Vulnerabilities
CVE-2022-40083 Critical severity
Dependency decode-uri-component Version < 0.2.1 Upgrade to ~> 0.2.1
Defined in package-lock.json Suggested update #1602
Vulnerabilities
CVE-2022-38900 Low severity
Dependency qs Version >= 6.7.0 < 6.7.3 Upgrade to ~> 6.7.3
Defined in package-lock.json Suggested update #1609
Dependency github.com/whyrusleeping/tar-utils Version < 0.0.0-20201201191210-20a61371de5b Upgrade to ~> 0.0.0-20201201191210-20a61371de5b
Defined in go.sum
Vulnerabilities
CVE-2020-36566 Critical severity
CVE-2020-36566 Critical severity
CVE-2020-36566 Critical severity
CVE-2020-36566 Critical severity
CVE-2020-36566 Critical severity
Dependency json5 Version >= 2.0.0 < 2.2.2 Upgrade to ~> 2.2.2
Defined in package-lock.json Suggested update #1616
Vulnerabilities
CVE-2022-46175 High severity
Dependency ua-parser-js Version >= 0.8.0 < 1.0.33 Upgrade to ~> 1.0.33
Defined in package-lock.json Suggested update #1618
Vulnerabilities
CVE-2022-25927 High severity
Dependency http-cache-semantics Version < 4.1.1 Upgrade to ~> 4.1.1
Defined in package-lock.json Suggested update #1619
Vulnerabilities
CVE-2022-25881 High severity
Dependency github.com/prometheus/client_golang Version < 1.11.1 Upgrade to ~> 1.11.1
Defined in go.sum Suggested update #1624
Vulnerabilities
CVE-2022-21698 High severity
CVE-2022-21698 High severity
CVE-2022-21698 High severity
CVE-2022-21698 High severity
CVE-2022-21698 High severity
trustbloc / adapter
Known security vulnerabilities detected
Dependency lodash Version < 4.17.21 Upgrade to ~> 4.17.21
Defined in package-lock.json
Vulnerabilities
CVE-2021-23337 High severity
CVE-2021-23337 High severity
CVE-2020-8203 High severity
CVE-2020-28500 Moderate severity
CVE-2020-28500 Moderate severity
Dependency browserslist Version >= 4.0.0 < 4.16.5 Upgrade to ~> 4.16.5
Defined in package-lock.json
Vulnerabilities
CVE-2021-23364 Moderate severity
CVE-2021-23364 Moderate severity
Dependency path-parse Version < 1.0.7 Upgrade to ~> 1.0.7
Defined in package-lock.json
Vulnerabilities
CVE-2021-23343 Moderate severity
CVE-2021-23343 Moderate severity
CVE-2021-23343 Moderate severity
Dependency nth-check Version < 2.0.1 Upgrade to ~> 2.0.1
Defined in package-lock.json
Vulnerabilities
CVE-2021-3803 High severity
CVE-2021-3803 High severity
CVE-2021-3803 High severity
Dependency github.com/containerd/containerd Version >= 1.5.0 < 1.5.7 Upgrade to ~> 1.5.7
Defined in go.sum
Vulnerabilities
CVE-2021-43816 High severity
CVE-2022-23648 High severity
GHSA-5j5w-g665-5m35 Low severity
CVE-2021-41103 Moderate severity
CVE-2022-31030 Moderate severity
Dependency github.com/tidwall/gjson Version < 1.9.3 Upgrade to ~> 1.9.3
Defined in go.sum
Vulnerabilities
CVE-2021-42836 High severity
CVE-2021-42836 High severity
CVE-2021-42836 High severity
CVE-2021-42248 High severity
CVE-2021-42248 High severity
Dependency github.com/opencontainers/runc Version < 1.0.3 Upgrade to ~> 1.0.3
Defined in go.sum
Vulnerabilities
CVE-2021-43784 Moderate severity
CVE-2021-43784 Moderate severity
CVE-2021-43784 Moderate severity
CVE-2022-29162 Moderate severity
CVE-2022-29162 Moderate severity
Dependency is-svg Version >= 2.1.0 < 4.2.2 Upgrade to ~> 4.2.2
Defined in package-lock.json
Vulnerabilities
CVE-2021-28092 High severity
CVE-2021-28092 High severity
CVE-2021-29059 High severity
CVE-2021-29059 High severity
Dependency color-string Version < 1.5.5 Upgrade to ~> 1.5.5
Defined in package-lock.json
Vulnerabilities
CVE-2021-29060 Moderate severity
CVE-2021-29060 Moderate severity
Dependency url-parse Version < 1.5.2 Upgrade to ~> 1.5.2
Defined in package-lock.json
Vulnerabilities
CVE-2022-0686 Critical severity
CVE-2022-0686 Critical severity
CVE-2021-3664 Moderate severity
CVE-2021-27515 Moderate severity
CVE-2021-3664 Moderate severity
Dependency json-schema Version < 0.4.0 Upgrade to ~> 0.4.0
Defined in package-lock.json
Vulnerabilities
CVE-2021-3918 Critical severity
CVE-2021-3918 Critical severity
Dependency follow-redirects Version < 1.14.7 Upgrade to ~> 1.14.7
Defined in package-lock.json Suggested update #616
Vulnerabilities
CVE-2022-0155 High severity
CVE-2022-0155 High severity
CVE-2022-0155 High severity
CVE-2022-0536 Moderate severity
CVE-2022-0536 Moderate severity
Dependency node-fetch Version < 2.6.7 Upgrade to ~> 2.6.7
Defined in package-lock.json Suggested update #588
Vulnerabilities
CVE-2022-0235 High severity
CVE-2022-0235 High severity
Dependency hosted-git-info Version < 2.8.9 Upgrade to ~> 2.8.9
Defined in package-lock.json Suggested update #591
Vulnerabilities
CVE-2021-23362 Moderate severity
Dependency node-forge Version < 0.10.0 Upgrade to ~> 0.10.0
Defined in package-lock.json Suggested update #643
Vulnerabilities
CVE-2020-7720 High severity
CVE-2020-7720 High severity
CVE-2022-24772 High severity
CVE-2022-24771 High severity
CVE-2022-24771 High severity
Dependency highlight.js Version >= 9.0.0 < 10.4.1 Upgrade to ~> 10.4.1
Defined in package-lock.json
Vulnerabilities
GHSA-7wwv-vh3v-89cq Moderate severity
GHSA-7wwv-vh3v-89cq Moderate severity
Dependency ssri Version >= 7.0.0 < 7.1.1 Upgrade to ~> 7.1.1
Defined in package-lock.json
Vulnerabilities
CVE-2021-27290 High severity
CVE-2021-27290 High severity
Dependency glob-parent Version < 5.1.2 Upgrade to ~> 5.1.2
Defined in package-lock.json
Vulnerabilities
CVE-2020-28469 High severity
CVE-2020-28469 High severity
Dependency postcss Version >= 7.0.0 < 7.0.36 Upgrade to ~> 7.0.36
Defined in package-lock.json
Vulnerabilities
CVE-2021-23368 Moderate severity
CVE-2021-23368 Moderate severity
CVE-2021-23382 Moderate severity
CVE-2021-23382 Moderate severity
Dependency ajv Version < 6.12.3 Upgrade to ~> 6.12.3
Defined in package-lock.json Suggested update #615
Vulnerabilities
CVE-2020-15366 Moderate severity
CVE-2020-15366 Moderate severity
Dependency ansi-html Version < 0.0.8 Upgrade to ~> 0.0.8
Defined in package-lock.json
Vulnerabilities
CVE-2021-23424 High severity
CVE-2021-23424 High severity
Dependency ansi-regex Version >= 5.0.0 < 5.0.1 Upgrade to ~> 5.0.1
Defined in package-lock.json
Vulnerabilities
CVE-2021-3807 High severity
CVE-2021-3807 High severity
CVE-2021-3807 High severity
CVE-2021-3807 High severity
CVE-2021-3807 High severity
Dependency minimist Version < 1.2.6 Upgrade to ~> 1.2.6
Defined in package-lock.json
Vulnerabilities
CVE-2021-44906 Critical severity
CVE-2021-44906 Critical severity
CVE-2021-44906 Critical severity
Dependency axios Version < 0.21.2 Upgrade to ~> 0.21.2
Defined in package-lock.json Suggested update #652
Vulnerabilities
CVE-2021-3749 High severity
CVE-2021-3749 High severity
Dependency ejs Version < 3.1.7 Upgrade to ~> 3.1.7
Defined in package-lock.json
Vulnerabilities
CVE-2022-29078 Critical severity
CVE-2022-29078 Critical severity
Dependency eventsource Version < 1.1.1 Upgrade to ~> 1.1.1
Defined in package-lock.json Suggested update #658
Vulnerabilities
CVE-2022-1650 Critical severity
CVE-2022-1650 Critical severity
Dependency async Version >= 2.0.0 < 2.6.4 Upgrade to ~> 2.6.4
Defined in package-lock.json
Vulnerabilities
CVE-2021-43138 High severity
CVE-2021-43138 High severity
Dependency shell-quote Version <= 1.7.2 Upgrade to ~> 1.7.3
Defined in package-lock.json Suggested update #662
Vulnerabilities
CVE-2021-42740 Critical severity
CVE-2021-42740 Critical severity
Dependency thenify Version < 3.3.1 Upgrade to ~> 3.3.1
Defined in package-lock.json Suggested update #664
Vulnerabilities
CVE-2020-7677 Critical severity
CVE-2020-7677 Critical severity
Dependency terser Version >= 5.0.0 < 5.14.2 Upgrade to ~> 5.14.2
Defined in package-lock.json Suggested update #666
Vulnerabilities
CVE-2022-25858 High severity
CVE-2022-25858 High severity
CVE-2022-25858 High severity
CVE-2022-25858 High severity
Dependency minimatch Version < 3.0.5 Upgrade to ~> 3.0.5
Defined in package-lock.json
Vulnerabilities
CVE-2022-3517 High severity
CVE-2022-3517 High severity
CVE-2022-3517 High severity
Dependency loader-utils Version < 1.4.1 Upgrade to ~> 1.4.1
Defined in package-lock.json
Vulnerabilities
CVE-2022-37601 Critical severity
CVE-2022-37601 Critical severity
CVE-2022-37601 Critical severity
CVE-2022-37599 High severity
CVE-2022-37599 High severity
Dependency decode-uri-component Version < 0.2.1 Upgrade to ~> 0.2.1
Defined in package-lock.json Suggested update #680
Vulnerabilities
CVE-2022-38900 Low severity
CVE-2022-38900 Low severity
Dependency qs Version >= 6.7.0 < 6.7.3 Upgrade to ~> 6.7.3
Defined in package-lock.json Suggested update #681
Vulnerabilities
CVE-2022-24999 High severity
CVE-2022-24999 High severity
CVE-2022-24999 High severity
Dependency github.com/whyrusleeping/tar-utils Version < 0.0.0-20201201191210-20a61371de5b Upgrade to ~> 0.0.0-20201201191210-20a61371de5b
Defined in go.sum
Vulnerabilities
CVE-2020-36566 Critical severity
CVE-2020-36566 Critical severity
CVE-2020-36566 Critical severity
Dependency json5 Version >= 2.0.0 < 2.2.2 Upgrade to ~> 2.2.2
Defined in package-lock.json Suggested update #688
Vulnerabilities
CVE-2022-46175 High severity
CVE-2022-46175 High severity
CVE-2022-46175 High severity
CVE-2022-46175 High severity
Dependency github.com/prometheus/client_golang Version < 1.11.1 Upgrade to ~> 1.11.1
Defined in go.sum Suggested update #690
Vulnerabilities
CVE-2022-21698 High severity
CVE-2022-21698 High severity
CVE-2022-21698 High severity
The text was updated successfully, but these errors were encountered: