Update dependency express to ^4.20.0 #39
Security Report
You have successfully remediated 15 vulnerabilities, but introduced 2 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2024-29415Path to dependency file: /package.json Path to vulnerable library: /node_modules/ip/package.json Dependency Hierarchy: -> express-ipfilter-1.3.2.tgz (Root Library) -> ❌ ip-2.0.1.tgz (Vulnerable Library) |
Critical | 9.1 | ip-2.0.1.tgz | None | |
CVE-2024-43799Path to dependency file: /package.json Path to vulnerable library: /node_modules/serve-static/node_modules/send/package.json Dependency Hierarchy: -> express-4.20.0.tgz (Root Library) -> serve-static-1.16.0.tgz -> ❌ send-0.18.0.tgz (Vulnerable Library) |
Medium | 5.0 | send-0.18.0.tgz | Upgrade to version: send - 0.19.0 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2024-28863 | tar-6.1.13.tgz |
CVE-2024-29041 | express-4.18.2.tgz |
CVE-2023-42282 | ip-2.0.0.tgz |
CVE-2023-26132 | dottie-2.0.3.tgz |
CVE-2023-26115 | word-wrap-1.2.3.tgz |
CVE-2024-29415 | ip-2.0.0.tgz |
CVE-2022-25883 | semver-6.3.0.tgz |
CVE-2024-45296 | path-to-regexp-0.1.7.tgz |
CVE-2024-43796 | express-4.18.2.tgz |
CVE-2023-42282 | ip-1.1.8.tgz |
CVE-2022-25883 | semver-5.7.1.tgz |
CVE-2024-29415 | ip-1.1.8.tgz |
CVE-2024-4067 | micromatch-4.0.5.tgz |
CVE-2024-4068 | braces-3.0.2.tgz |
CVE-2022-25883 | semver-7.3.8.tgz |
Base branch total remaining vulnerabilities: 64
Base branch commit: null
Total libraries scanned: 997
Scan token: 3986b3be0a1449c19481836dfe5beea4