fix(deps): update dependency @opentelemetry/auto-instrumentations-node to v0.39.3 - autoclosed #84
Security Report
You have successfully remediated 2 vulnerabilities, but introduced 3 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2023-45133Path to dependency file: /src/frontend/package.json Path to vulnerable library: /src/frontend/package.json Dependency Hierarchy: -> styled-components-5.3.5.tgz (Root Library) -> ❌ traverse-7.18.9.tgz (Vulnerable Library) |
High | 8.8 | traverse-7.18.9.tgz | Upgrade to version: @babel/traverse - 7.23.2 | None |
CVE-2023-44487Path to dependency file: /src/frauddetectionservice/build.gradle.kts Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http2/4.1.93.Final/f1625b43bde13ec057da0d2fe381ded2547a70e/netty-codec-http2-4.1.93.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http2/4.1.93.Final/f1625b43bde13ec057da0d2fe381ded2547a70e/netty-codec-http2-4.1.93.Final.jar Dependency Hierarchy: -> grpc-netty-1.57.0.jar (Root Library) -> ❌ netty-codec-http2-4.1.93.Final.jar (Vulnerable Library) |
High | 7.5 | netty-codec-http2-4.1.93.Final.jar | Upgrade to version: org.eclipse.jetty.http2:http2-server:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-server:12.0.2, org.eclipse.jetty.http2:http2-common:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-common:12.0.2, nghttp - v1.57.0, swift-nio-http2 - 1.28.0, io.netty:netty-codec-http2:4.1.100.Final, trafficserver - 9.2.3, org.apache.tomcat:tomcat-coyote:8.5.94,9.0.81,10.1.14, org.apache.tomcat.embed:tomcat-embed-core:8.5.94,9.0.81,10.1.14, Microsoft.AspNetCore.App - 6.0.23,7.0.12, contour - v1.26.1, proxygen - v2023.10.16.00, grpc-go - v1.56.3, v1.57.1, v1.58.3 | #58 |
CVE-2023-39325Path to dependency file: /src/checkoutservice/go.mod Path to vulnerable library: /src/checkoutservice/go.mod,/src/productcatalogservice/go.mod,/src/accountingservice/go.mod Dependency Hierarchy: -> google.golang.org/grpc-v1.56.1 (Root Library) -> ❌ golang.org/x/net-v0.11.0 (Vulnerable Library) |
High | 7.5 | golang.org/x/net-v0.11.0 | Upgrade to version: go1.20.10, go1.21.3, golang.org/x/net - v0.17.0 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2023-36665 | protobufjs-7.1.2.tgz |
CVE-2022-25883 | semver-7.5.0.tgz |
Base branch total remaining vulnerabilities: 30
Base branch commit: dbe873acc75992a5ca0724bd1222561d2651439d
Total libraries scanned: 1079
Scan token: 8d63c54f9ba448c2af108537e66b305b