fix(deps): update dependency oas-resolver to ^2.5.6 #51
Mend/5034428 / Mend Security Check
failed
Oct 19, 2024 in 1m 10s
Security Report
| CVE | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|---|---|
CVE-2021-3807Path to dependency file: /packages/oas-resolver/package.json Path to vulnerable library: /packages/oas-resolver/package.json Dependency Hierarchy: -> yargs-16.1.1.tgz (Root Library) -> string-width-4.2.0.tgz -> strip-ansi-6.0.0.tgz -> ❌ ansi-regex-5.0.0.tgz (Vulnerable Library) |
 High |
7.5 | Not Defined | 0.4% | ansi-regex-5.0.0.tgz | Upgrade to version: ansi-regex - 5.0.1,6.0.1 | None |
CVE-2022-0235Path to dependency file: /packages/swagger2openapi/package.json Path to vulnerable library: /packages/swagger2openapi/package.json Dependency Hierarchy: -> ❌ node-fetch-2.6.1.tgz (Vulnerable Library) |
 Medium |
6.1 | Not Defined | 0.4% | node-fetch-2.6.1.tgz | Upgrade to version: node-fetch - 2.6.7,3.1.1 | None |
Total libraries scanned: 48
Scan token: 20988603f69c4a8c9e7377ca15a4ad6d
Loading