Skip to content

Update dependency axios to ^0.30.0 (main) #232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mend-for-github-com wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency axios to ^0.30.0

e6c126b
Select commit
Loading
Failed to load commit list.
Open

Update dependency axios to ^0.30.0 (main) #232

Update dependency axios to ^0.30.0
e6c126b
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Nov 4, 2025 in 11m 4s

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: gradle,sbt. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

You have successfully remediated 11 vulnerabilities, but introduced 49 new vulnerabilities in this branch.

❌ New vulnerabilities:

Partial results (39 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


Vulnerability Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Direct Library Suggested Fix Issue Reachability
MSC-2023-16600

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> ❌ fsevents-1.2.4.tgz (Vulnerable Library)

Critical 9.8 High Transitive fsevents-1.2.4.tgz vue-lory-0.0.4.tgz #110

Reachable
CVE-2023-45311

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> ❌ fsevents-1.2.4.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.4% Transitive fsevents-1.2.4.tgz vue-lory-0.0.4.tgz Transitive 1.2.11 #110

Reachable
CVE-2024-4068

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% Transitive braces-2.3.2.tgz vue-lory-0.0.4.tgz Transitive braces - 3.0.3 #110

Reachable
CVE-2022-38900

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> braces-2.3.2.tgz

               -> snapdragon-0.8.2.tgz

                 -> source-map-resolve-0.5.2.tgz

                   -> ❌ decode-uri-component-0.2.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.4% Transitive decode-uri-component-0.2.0.tgz vue-lory-0.0.4.tgz #110

Reachable
CVE-2022-3517

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> readdirp-2.1.0.tgz

               -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.4% Transitive minimatch-3.0.4.tgz vue-lory-0.0.4.tgz #110

Reachable
CVE-2024-43788

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> ❌ webpack-2.7.0.tgz (Vulnerable Library)

Medium 6.4 Not Defined 0.6% Transitive webpack-2.7.0.tgz vue-lory-0.0.4.tgz Transitive 5.94.0 #110

Reachable
CVE-2024-4067

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> anymatch-2.0.0.tgz

               -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% Transitive micromatch-3.1.10.tgz vue-lory-0.0.4.tgz Transitive 4.0.8 #110

Reachable
CVE-2022-25883

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ semver-5.5.0.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.3% Transitive semver-5.5.0.tgz vue-lory-0.0.4.tgz Transitive 5.7.2 #110

Reachable
CVE-2020-28469

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> ❌ glob-parent-3.1.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.3% Transitive glob-parent-3.1.0.tgz vue-lory-0.0.4.tgz Transitive 5.1.2 #110

Reachable
CVE-2025-5889

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> readdirp-2.1.0.tgz

               -> minimatch-3.0.4.tgz

                 -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)

Low 3.1 Proof of concept 0.0% Transitive brace-expansion-1.1.11.tgz vue-lory-0.0.4.tgz Transitive 1.1.12 #110

Reachable
CVE-2021-44906

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> mkdirp-0.5.1.tgz

           -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.8% Transitive minimist-0.0.8.tgz vue-lory-0.0.4.tgz Transitive 1.2.6 #110

Unreachable
CVE-2021-44906

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> rc-1.2.7.tgz

                   -> ❌ minimist-1.2.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.8% Transitive minimist-1.2.0.tgz vue-lory-0.0.4.tgz Transitive 1.2.6 #110

Unreachable
CVE-2019-10747

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> braces-2.3.2.tgz

               -> snapdragon-0.8.2.tgz

                 -> base-0.11.2.tgz

                   -> cache-base-1.0.1.tgz

                     -> union-value-1.0.0.tgz

                       -> ❌ set-value-0.4.3.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.5% Transitive set-value-0.4.3.tgz vue-lory-0.0.4.tgz Transitive 2.0.1 #110

Unreachable
CVE-2019-10747

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> braces-2.3.2.tgz

               -> snapdragon-0.8.2.tgz

                 -> base-0.11.2.tgz

                   -> cache-base-1.0.1.tgz

                     -> ❌ set-value-2.0.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.5% Transitive set-value-2.0.0.tgz vue-lory-0.0.4.tgz Transitive 2.0.1 #110

Unreachable
CVE-2019-10746

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> braces-2.3.2.tgz

               -> snapdragon-0.8.2.tgz

                 -> base-0.11.2.tgz

                   -> ❌ mixin-deep-1.3.1.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.9% Transitive mixin-deep-1.3.1.tgz vue-lory-0.0.4.tgz Transitive 1.3.2 #110

Unreachable
CVE-2025-6545

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> ❌ pbkdf2-3.0.16.tgz (Vulnerable Library)

Critical 9.3 Not Defined 0.2% Transitive pbkdf2-3.0.16.tgz vue-lory-0.0.4.tgz Transitive 3.1.3 #110

Unreachable
CVE-2025-9288

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> create-hash-1.2.0.tgz

               -> ❌ sha.js-2.4.11.tgz (Vulnerable Library)

Critical 9.1 Not Defined 0.0% Transitive sha.js-2.4.11.tgz vue-lory-0.0.4.tgz Transitive 2.4.12 #110

Unreachable
CVE-2025-9287

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> create-hash-1.2.0.tgz

               -> ❌ cipher-base-1.0.4.tgz (Vulnerable Library)

Critical 9.1 Not Defined 0.2% Transitive cipher-base-1.0.4.tgz vue-lory-0.0.4.tgz Transitive cipher-base - 1.0.4 #110

Unreachable
CVE-2024-48949

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> create-ecdh-4.0.3.tgz

               -> ❌ elliptic-6.4.0.tgz (Vulnerable Library)

Critical 9.1 Not Defined 0.1% Transitive elliptic-6.4.0.tgz vue-lory-0.0.4.tgz Transitive 6.5.6 #110

Unreachable
CVE-2021-37713

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.6% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive 4.4.18 #110

Unreachable
CVE-2021-37712

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.0% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive Replace or update the following files: unpack.js, unpack.js #110

Unreachable
CVE-2021-37701

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.0% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive 4.4.16 #110

Unreachable
CVE-2021-32804

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.2 Not Defined 85.5% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive 4.4.14 #110

Unreachable
CVE-2021-32803

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.2% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive 4.4.15 #110

Unreachable
CVE-2021-43138

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> ❌ async-2.6.1.tgz (Vulnerable Library)

High 7.8 Not Defined 0.4% Transitive async-2.6.1.tgz vue-lory-0.0.4.tgz Transitive 2.6.4 #110

Unreachable
CVE-2020-13822

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> create-ecdh-4.0.3.tgz

               -> ❌ elliptic-6.4.0.tgz (Vulnerable Library)

High 7.7 Not Defined 0.4% Transitive elliptic-6.4.0.tgz vue-lory-0.0.4.tgz Transitive 6.5.3 #110

Unreachable
WS-2020-0042

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> ❌ acorn-5.7.1.tgz (Vulnerable Library)

High 7.5 Not Defined Transitive acorn-5.7.1.tgz vue-lory-0.0.4.tgz Transitive 5.7.4 #110

Unreachable
CVE-2019-20149

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> braces-2.3.2.tgz

               -> snapdragon-0.8.2.tgz

                 -> base-0.11.2.tgz

                   -> define-property-1.0.0.tgz

                     -> is-descriptor-1.0.2.tgz

                       -> ❌ kind-of-6.0.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.1% Transitive kind-of-6.0.2.tgz vue-lory-0.0.4.tgz Transitive 6.0.3 #110

Unreachable
CVE-2018-20834

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.4% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive 4.4.2 #110

Unreachable
CVE-2021-23440

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> braces-2.3.2.tgz

               -> snapdragon-0.8.2.tgz

                 -> base-0.11.2.tgz

                   -> cache-base-1.0.1.tgz

                     -> union-value-1.0.0.tgz

                       -> ❌ set-value-0.4.3.tgz (Vulnerable Library)

High 7.3 Not Defined 0.1% Transitive set-value-0.4.3.tgz vue-lory-0.0.4.tgz Transitive 2.0.1 #110

Unreachable
CVE-2021-23440

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> braces-2.3.2.tgz

               -> snapdragon-0.8.2.tgz

                 -> base-0.11.2.tgz

                   -> cache-base-1.0.1.tgz

                     -> ❌ set-value-2.0.0.tgz (Vulnerable Library)

High 7.3 Not Defined 0.1% Transitive set-value-2.0.0.tgz vue-lory-0.0.4.tgz Transitive 2.0.1 #110

Unreachable
CVE-2020-7788

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> rc-1.2.7.tgz

                   -> ❌ ini-1.3.5.tgz (Vulnerable Library)

High 7.3 Proof of concept 0.2% Transitive ini-1.3.5.tgz vue-lory-0.0.4.tgz Transitive 1.3.6 #110

Unreachable
CVE-2020-7774

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> yargs-6.6.0.tgz

           -> ❌ y18n-3.2.1.tgz (Vulnerable Library)

High 7.3 Proof of concept 0.9% Transitive y18n-3.2.1.tgz vue-lory-0.0.4.tgz Transitive 3.2.2 #110

Unreachable
CVE-2025-6547

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> ❌ pbkdf2-3.0.16.tgz (Vulnerable Library)

Medium 6.8 Not Defined 0.2% Transitive pbkdf2-3.0.16.tgz vue-lory-0.0.4.tgz Transitive 3.1.3 #110

Unreachable
CVE-2020-28498

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> create-ecdh-4.0.3.tgz

               -> ❌ elliptic-6.4.0.tgz (Vulnerable Library)

Medium 6.8 Not Defined 0.6% Transitive elliptic-6.4.0.tgz vue-lory-0.0.4.tgz Transitive 6.5.4 #110

Unreachable
CVE-2024-28863

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.2% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive tar - 6.2.1 #110

Unreachable
CVE-2023-46234

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> ❌ browserify-sign-4.0.4.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.3% Transitive browserify-sign-4.0.4.tgz vue-lory-0.0.4.tgz Transitive 4.2.2 #110

Unreachable
WS-2019-0427

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> create-ecdh-4.0.3.tgz

               -> ❌ elliptic-6.4.0.tgz (Vulnerable Library)

Medium 5.9 Not Defined Transitive elliptic-6.4.0.tgz vue-lory-0.0.4.tgz Transitive 6.5.2 #110

Unreachable
WS-2019-0424

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> create-ecdh-4.0.3.tgz

               -> ❌ elliptic-6.4.0.tgz (Vulnerable Library)

Medium 5.9 Not Defined Transitive elliptic-6.4.0.tgz vue-lory-0.0.4.tgz Transitive 6.5.3 #110

Unreachable

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2021-3749 axios-0.15.3.tgz
CVE-2025-27152 axios-0.15.3.tgz
CVE-2020-28168 axios-0.15.3.tgz
CVE-2022-0155 follow-redirects-1.0.0.tgz
CVE-2019-10742 axios-0.15.3.tgz
WS-2023-0439 axios-0.15.3.tgz
CVE-2023-45857 axios-0.15.3.tgz
CVE-2023-26159 follow-redirects-1.0.0.tgz
CVE-2022-0536 follow-redirects-1.0.0.tgz
CVE-2025-58754 axios-0.15.3.tgz
CVE-2024-28849 follow-redirects-1.0.0.tgz

Base branch total remaining vulnerabilities: 176
Base branch commit: 4e5656db54be4b22481fe3774c2caeba51bac190


Total libraries scanned: 559

Scan token: d3404f6900254871b0b8715e1ca8e10e

View more details on Mend for GitHub.com