Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency Review Test Formatting #2

Open
davelosert opened this issue Feb 28, 2023 · 2 comments
Open

Dependency Review Test Formatting #2

davelosert opened this issue Feb 28, 2023 · 2 comments

Comments

@davelosert
Copy link
Owner

Dependency Review

The following issues were found:
  • ❌ 1 vulnerable package(s)
  • ❌ 1 package(s) with incompatible licenses
  • ❌ 1 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Vulnerabilities

package.json

NameVersionVulnerabilitySeverity
lodash4.17.20Command Injection in lodashhigh
Regular Expression Denial of Service (ReDoS) in lodashmoderate
Only included vulnerabilities with severity high or higher.

License Issues

Allowed Licenses: MIT

Incompatible Licenses

package.json

PackageVersionLicense
underscore1.12.0Apache 2.0

Invalid SPDX License Definitions

package.json

PackageVersionLicense
octoinvader4.17.20Non SPDX License

Unknown Licenses

package.json

PackageVersionLicense
my-other-dependency4.17.20No License

Scanned Manifest Files

package.json
  • lodash@4.17.20
  • underscore@1.12.0
  • octoinvader@4.17.20
  • my-other-dependency@4.17.20
@davelosert
Copy link
Owner Author

Dependency Review

✅ No vulnerabilities or license issues found.

Scanned Manifest Files

package.json
  • lodash@4.17.20
  • underscore@1.12.0
  • octoinvader@4.17.20
  • my-other-dependency@4.17.20

@davelosert davelosert mentioned this issue Mar 1, 2023
Merged
@davelosert
Copy link
Owner Author

davelosert commented Mar 2, 2023
edited
Loading

Dependency Review

The following issues were found:
  • ❌ 1 vulnerable package(s)
  • ❌ 1 package(s) with incompatible licenses
  • ❌ 2 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

Vulnerabilities

package.json

NameVersionVulnerabilitySeverity
lodash4.17.20Command Injection in lodashhigh
Regular Expression Denial of Service (ReDoS) in lodashmoderate
Only included vulnerabilities with severity high or higher.

License Issues

package.json

PackageVersionLicenseIssue Type
underscore1.12.0Apache 2.0Incompatible License
octoinvader4.17.20Non SPDX LicenseInvalid SPDX License
my-other-dependency4.17.20NullUnknown License

.github/workflows/action.yml

PackageVersionLicenseIssue Type
owner/action-1v1.2.2XYZ-LicenseInvalid SPDX License
owner/action-2mainNullUnknown License
Allowed Licenses: MIT

Scanned Manifest Files

package.json
  • lodash@4.17.20
  • underscore@1.12.0
  • octoinvader@4.17.20
  • my-other-dependency@4.17.20
.github/workflows/action.yml
  • owner/action-1@v1.2.2
  • owner/action-2@main

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@davelosert