[GitHub] Your Dependabot alerts for today Nov 24

11 views

Skip to first unread message

GitHub

unread,

Nov 23, 2021, 11:31:34 PM11/23/21

to Phileco

security alert digest

Philecodiscussions’s repository security updates from today, Nov 24

Philecodiscussions’s personal account

Philecodiscussions / json-viewer

Known security vulnerabilities detected

Dependency brace-expansion

Version < 1.1.7

Upgrade to ~> 1.1.7

Defined in yarn.lock

Vulnerabilities

CVE-2017-18077 High severity

Dependency hoek

Version < 4.2.1

Upgrade to ~> 4.2.1

Defined in yarn.lock

Vulnerabilities

CVE-2018-3728 Moderate severity

Dependency tough-cookie

Version < 2.3.3

Upgrade to ~> 2.3.3

Defined in yarn.lock

Vulnerabilities

CVE-2017-15010 High severity

Dependency lodash

Version < 4.17.5

Upgrade to ~> 4.17.5

Defined in yarn.lock

Vulnerabilities

CVE-2019-10744 Critical severity

CVE-2018-16487 High severity

CVE-2020-8203 High severity

CVE-2021-23337 High severity

CVE-2018-3721 Low severity

View 1 more

Dependency debug

Version < 2.6.9

Upgrade to ~> 2.6.9

Defined in yarn.lock

Vulnerabilities

CVE-2017-16137 Low severity

Dependency sshpk

Version < 1.13.2

Upgrade to ~> 1.13.2

Defined in yarn.lock

Vulnerabilities

CVE-2018-3737 High severity

Dependency cryptiles

Version < 4.1.2

Upgrade to ~> 4.1.2

Defined in yarn.lock

Vulnerabilities

CVE-2018-1000620 Critical severity

Dependency deep-extend

Version < 0.5.1

Upgrade to ~> 0.5.1

Defined in yarn.lock

Vulnerabilities

CVE-2018-3750 Critical severity

Dependency randomatic

Version < 3.0.0

Upgrade to ~> 3.0.0

Defined in yarn.lock

Vulnerabilities

CVE-2017-16028 Low severity

Dependency extend

Version >= 3.0.0 < 3.0.2

Upgrade to ~> 3.0.2

Defined in yarn.lock

Vulnerabilities

CVE-2018-16492 Moderate severity

Dependency tar

Version < 2.2.2

Upgrade to ~> 2.2.2

Defined in yarn.lock

Vulnerabilities

CVE-2018-20834 High severity

CVE-2021-32803 High severity

CVE-2021-32804 High severity

CVE-2021-37701 High severity

CVE-2021-37712 High severity

View 1 more

Dependency fstream

Version < 1.0.12

Upgrade to ~> 1.0.12

Defined in yarn.lock

Vulnerabilities

CVE-2019-13173 High severity

Dependency tunnel-agent

Version < 0.6.0

Upgrade to ~> 0.6.0

Defined in yarn.lock

Vulnerabilities

GHSA-xc7v-wxcw-j472 Moderate severity

Dependency clean-css

Version < 4.1.11

Upgrade to ~> 4.1.11

Defined in yarn.lock

Vulnerabilities

GHSA-wxhq-pm8v-cw75 Low severity

Dependency braces

Version < 2.3.1

Upgrade to ~> 2.3.1

Defined in yarn.lock

Vulnerabilities

GHSA-g95f-p29q-9xw4 Low severity

Dependency stringstream

Version < 0.0.6

Upgrade to ~> 0.0.6

Defined in yarn.lock

Vulnerabilities

CVE-2018-21270 Moderate severity

Dependency lodash.mergewith

Version < 4.6.2

Upgrade to ~> 4.6.2

Defined in yarn.lock

Vulnerabilities

CVE-2019-10744 Critical severity

GHSA-5947-m4fg-xhqg High severity

GHSA-779f-wgxg-qr8f High severity

Dependency minimist

Version < 0.2.1

Upgrade to ~> 0.2.1

Defined in yarn.lock

Vulnerabilities

CVE-2020-7598 Moderate severity

Dependency qs

Version >= 6.3.0 < 6.3.2

Upgrade to ~> 6.3.2

Defined in yarn.lock

Vulnerabilities

CVE-2017-1000048 High severity

Dependency elliptic

Version < 6.5.3

Upgrade to ~> 6.5.3

Defined in yarn.lock

Vulnerabilities

CVE-2020-13822 High severity

CVE-2020-28498 Moderate severity

Dependency is-my-json-valid

Version >= 2.0.0 < 2.17.2

Upgrade to ~> 2.17.2

Defined in yarn.lock

Vulnerabilities

CVE-2016-2537 High severity

Dependency node-sass

Version >= 3.3.0 < 4.13.1

Upgrade to ~> 4.13.1

Defined in yarn.lock

Vulnerabilities

GHSA-9v62-24cr-58cx Moderate severity

Dependency bl

Version < 1.2.3

Upgrade to ~> 1.2.3

Defined in yarn.lock

Vulnerabilities

CVE-2020-8244 High severity

Dependency yargs-parser

Version <= 5.0.0

Upgrade to ~> 5.0.1

Defined in yarn.lock

Vulnerabilities

CVE-2020-7608 Moderate severity

Dependency ini

Version < 1.3.6

Upgrade to ~> 1.3.6

Defined in yarn.lock

Vulnerabilities

CVE-2020-7788 High severity

Dependency y18n

Version < 3.2.2

Upgrade to ~> 3.2.2

Defined in yarn.lock

Vulnerabilities

CVE-2020-7774 High severity

Dependency codemirror

Version < 5.58.2

Upgrade to ~> 5.58.2

Defined in yarn.lock

Suggested update #1

Vulnerabilities

CVE-2020-7760 Moderate severity

Dependency hosted-git-info

Version < 2.8.9

Upgrade to ~> 2.8.9

Defined in yarn.lock

Suggested update #3

Vulnerabilities

CVE-2021-23362 Moderate severity

Dependency glob-parent

Version < 5.1.2

Upgrade to ~> 5.1.2

Defined in yarn.lock

Vulnerabilities

CVE-2020-28469 High severity

Dependency trim-newlines

Version < 3.0.1

Upgrade to ~> 3.0.1

Defined in yarn.lock

Vulnerabilities

CVE-2021-33623 High severity

Dependency jsonpointer

Version < 5.0.0

Upgrade to ~> 5.0.0

Defined in yarn.lock

Vulnerabilities

CVE-2021-23807 Moderate severity

Review all vulnerable dependencies

Always verify the validity and compatibility of suggestions with your codebase.

Change how you receive security alert emails in your notification preferences.

Unsubscribe · Email preferences · Terms · Privacy · Sign into GitHub

GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107

Reply all

Reply to author

Forward

0 new messages