Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PMM-12377 Custom Labels #682

Closed
wants to merge 1 commit into from

PMM-12377 POC

520b98c
Select commit
Loading
Failed to load commit list.
Closed

PMM-12377 Custom Labels #682

PMM-12377 POC
520b98c
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Aug 7, 2023 in 8m 46s

Security Report

10 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/tough-cookie-npm-4.0.0-7c5f3086af-0891b37eb7.zip

Dependency Hierarchy:

-> toolkit-9.2.20.tgz (Root Library)

   -> core-27.5.1.tgz

     -> jest-config-27.5.1.tgz

       -> jest-environment-jsdom-27.5.1.tgz

         -> jsdom-16.7.0.tgz

           -> ❌ tough-cookie-4.0.0.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-4.0.0.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /.yarn/cache/tough-cookie-npm-2.5.0-79a2fe43fe-16a8cd0902.zip

Dependency Hierarchy:

-> e2e-9.2.20.tgz (Root Library)

   -> cypress-9.5.1.tgz

     -> request-2.88.10.tgz

       -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.5.0.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2022-41721

Dependency Hierarchy:

-> google.golang.org/api-v0.74.0 (Root Library)

   -> ❌ golang.org/x/net-v0.0.0-20220909164309-bea034e7d591 (Vulnerable Library)

High 7.5 golang.org/x/net-v0.0.0-20220909164309-bea034e7d591 Upgrade to version: v0.2.0 None
CVE-2019-0205

Dependency Hierarchy:

-> ❌ github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d (Vulnerable Library)

High 7.5 github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d Upgrade to version: org.apache.thrift:libthrift:0.13.0 None
CVE-2020-15113

Dependency Hierarchy:

-> ❌ github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d (Vulnerable Library)

High 7.1 github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d Upgrade to version: 3.4.10, 3.3.23 None
CVE-2020-15113

Dependency Hierarchy:

-> ❌ github.com/prometheus/prometheus-v1.8.2-0.20211011171444-354d8d2ecfac (Vulnerable Library)

High 7.1 github.com/prometheus/prometheus-v1.8.2-0.20211011171444-354d8d2ecfac Upgrade to version: 3.4.10, 3.3.23 None
CVE-2020-15112

Dependency Hierarchy:

-> ❌ github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d (Vulnerable Library)

Medium 6.5 github.com/cortexproject/cortex-v1.10.1-0.20211014125347-85c378182d0d Upgrade to version: 3.4.10, 3.3.23 None
CVE-2020-11023

Dependency Hierarchy:

-> ❌ github.com/magefile/mage-v1.13.0 (Vulnerable Library)

Medium 6.1 github.com/magefile/mage-v1.13.0 Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 None
CVE-2020-11022

Dependency Hierarchy:

-> ❌ github.com/magefile/mage-v1.13.0 (Vulnerable Library)

Medium 6.1 github.com/magefile/mage-v1.13.0 Upgrade to version: jQuery - 3.5.0 None
CVE-2019-11358

Dependency Hierarchy:

-> ❌ github.com/magefile/mage-v1.13.0 (Vulnerable Library)

Medium 6.1 github.com/magefile/mage-v1.13.0 Upgrade to version: jquery - 3.4.0 None

Base branch total remaining vulnerabilities: 42
Base branch commit: 1a38b24d5978e005ca62f287574e85c6b55bf481


Total libraries scanned: 2171

Scan token: c5c2c9c1cf984415a0ace80a64c44065

View more details on Mend for GitHub.com