[DepShield] Vulnerability due to usage of lodash.flatten:4.4.0

Vulnerabilities

DepShield reports that this application's usage of lodash.flatten:4.4.0 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.flatten:4.4.0 is a transitive dependency introduced by the following direct dependency(s):

• markdownlint-cli:0.13.0
└─ lodash.flatten:4.4.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] Vulnerability due to usage of lodash.memoize:4.1.2

Vulnerabilities

DepShield reports that this application's usage of lodash.memoize:4.1.2 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.memoize:4.1.2 is a transitive dependency introduced by the following direct dependency(s):

• prettier-eslint-cli:4.7.1
└─ lodash.memoize:4.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.get:4.4.2

Vulnerabilities

DepShield reports that this application's usage of lodash.get:4.4.2 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
(CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.get:4.4.2 is a transitive dependency introduced by the following direct dependency(s):

• husky:1.3.1
└─ cosmiconfig:5.1.0
└─ lodash.get:4.4.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Weekly Digest (31 March, 2019 - 7 April, 2019)

Here's the Weekly Digest for 9renpoto/archive:

ISSUES

Last week 13 issues were created.
Of these, 12 issues have been closed and 1 issues are still open.

OPEN ISSUES

💚 #541 chore(deps): update dependency markdownlint-cli to v0.15.0, by renovate[bot]

CLOSED ISSUES

PULL REQUESTS

Last week, 9 pull requests were created, updated or merged.

MERGED PULL REQUEST

COMMITS

CONTRIBUTORS

Last week there were 2 contributors.
👤 renovate-bot
👤 9renpoto

STARGAZERS

Last week there were no stargazers.

RELEASES

Last week there were no releases.

That's all for last week, please 👀 Watch and ⭐ Star the repository 9renpoto/archive to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

[DepShield] Vulnerability due to usage of lodash.debounce:4.0.8

Vulnerabilities

DepShield reports that this application's usage of lodash.debounce:4.0.8 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.debounce:4.0.8 is a transitive dependency introduced by the following direct dependency(s):

• nextein:2.1.2
└─ chokidar:2.0.4
└─ lodash.debounce:4.0.8

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] Vulnerability due to usage of lodash.merge:4.6.1

Vulnerabilities

DepShield reports that this application's usage of lodash.merge:4.6.1 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.merge:4.6.1 is a transitive dependency introduced by the following direct dependency(s):

• prettier-eslint-cli:4.7.1
└─ prettier-eslint:8.8.2
└─ lodash.merge:4.6.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] Vulnerability due to usage of lodash._reinterpolate:3.0.0

Vulnerabilities

DepShield reports that this application's usage of lodash._reinterpolate:3.0.0 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._reinterpolate:3.0.0 is a transitive dependency introduced by the following direct dependency(s):

• next-offline:3.2.2
        └─ workbox-webpack-plugin:3.6.3
              └─ workbox-build:3.6.3
                    └─ lodash.template:4.4.0
                          └─ lodash._reinterpolate:3.0.0
                          └─ lodash.templatesettings:4.1.0
                                └─ lodash._reinterpolate:3.0.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

DepShield encountered errors while building your project

The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

lighthouse動かす

https://github.com/ebidel/lighthouse-ci

https://app.leanboard.io/board/213fc401-36a9-41fa-9918-fcac4a3b626e

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.templatesettings:4.1.0

Vulnerabilities

DepShield reports that this application's usage of lodash.templatesettings:4.1.0 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.templatesettings:4.1.0 is a transitive dependency introduced by the following direct dependency(s):

• next-offline:3.3.5
        └─ workbox-webpack-plugin:3.6.3
              └─ workbox-build:3.6.3
                    └─ lodash.template:4.4.0
                          └─ lodash.templatesettings:4.1.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

DepShield encountered errors while building your project

The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.uniq:4.5.0

Vulnerabilities

DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• size-limit:0.21.1
        └─ optimize-css-assets-webpack-plugin:5.0.1
              └─ cssnano:4.1.8
                    └─ cssnano-preset-default:4.0.6
                          └─ postcss-merge-rules:4.0.2
                                └─ caniuse-api:3.0.0
                                      └─ lodash.uniq:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

WS-2019-0019 Medium Severity Vulnerability detected by WhiteSource

WS-2019-0019 - Medium Severity Vulnerability

Vulnerable Library - braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

path: /tmp/git/archive/node_modules/cpx/node_modules/braces/package.json

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Dependency Hierarchy:

cpx-1.5.0.tgz (Root Library)
- chokidar-1.7.0.tgz
  - anymatch-1.3.2.tgz
    - micromatch-2.3.11.tgz
      - ❌ braces-1.8.5.tgz (Vulnerable Library)

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-02-21

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

Step up your Open Source Security Game with WhiteSource here

[DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.template:4.4.0

Vulnerabilities

DepShield reports that this application's usage of lodash.template:4.4.0 results in the following vulnerability(s):

(CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.template:4.4.0 is a transitive dependency introduced by the following direct dependency(s):

• next-offline:3.3.5
        └─ workbox-webpack-plugin:3.6.3
              └─ workbox-build:3.6.3
                    └─ lodash.template:4.4.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Preset name not found within published preset config (monorepo:angularmaterial). Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

[DepShield] (CVSS 7.5) Vulnerability due to usage of debug:2.6.9

Vulnerabilities

DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):

(CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):

• @9renpoto/eslint-config:4.7.0
        └─ eslint-plugin-import:2.17.2
              └─ eslint-import-resolver-node:0.3.2
                    └─ debug:2.6.9
              └─ eslint-module-utils:2.4.0
                    └─ debug:2.6.9
              └─ debug:2.6.9

• lint-staged:8.1.7
        └─ micromatch:3.1.10
              └─ extglob:2.0.4
                    └─ expand-brackets:2.1.4
                          └─ debug:2.6.9
              └─ snapdragon:0.8.2
                    └─ debug:2.6.9

• next:8.1.0
        └─ next-server:8.1.0
              └─ send:0.16.1
                    └─ debug:2.6.9

• size-limit:1.3.2
        └─ estimo:0.1.9
              └─ @condenast/perf-timeline-cli:0.1.3
                    └─ puppeteer:1.16.0
                          └─ extract-zip:1.6.7
                                └─ debug:2.6.9
        └─ webpack-bundle-analyzer:3.3.2
              └─ express:4.17.0
                    └─ body-parser:1.19.0
                          └─ debug:2.6.9
                    └─ debug:2.6.9
                    └─ send:0.17.1
                          └─ debug:2.6.9
                    └─ finalhandler:1.1.2
                          └─ debug:2.6.9
                    └─ serve-static:1.14.1
                          └─ send:0.17.1
                                └─ debug:2.6.9

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

9renpoto / archive Goto Github PK

archive's Introduction

Hi 👋, Im Keisuke Umeno.

Blogs posts

Activity

archive's People

Contributors

Watchers

archive's Issues

ISSUES

OPEN ISSUES

CLOSED ISSUES

PULL REQUESTS

MERGED PULL REQUEST

COMMITS

CONTRIBUTORS

STARGAZERS

RELEASES

WS-2019-0019 - Medium Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org

Jobs