fix(deps): update dependency @opentelemetry/auto-instrumentations-node to v0.39.3 - autoclosed #84

Security Report

You have successfully remediated 2 vulnerabilities, but introduced 3 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
CVE-2023-45133 Path to dependency file: /src/frontend/package.json Path to vulnerable library: /src/frontend/package.json Dependency Hierarchy: -> styled-components-5.3.5.tgz (Root Library) -> ❌ traverse-7.18.9.tgz (Vulnerable Library)	High	8.8	traverse-7.18.9.tgz	Upgrade to version: @babel/traverse - 7.23.2	None
CVE-2023-44487 Path to dependency file: /src/frauddetectionservice/build.gradle.kts Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http2/4.1.93.Final/f1625b43bde13ec057da0d2fe381ded2547a70e/netty-codec-http2-4.1.93.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/io.netty/netty-codec-http2/4.1.93.Final/f1625b43bde13ec057da0d2fe381ded2547a70e/netty-codec-http2-4.1.93.Final.jar Dependency Hierarchy: -> grpc-netty-1.57.0.jar (Root Library) -> ❌ netty-codec-http2-4.1.93.Final.jar (Vulnerable Library)	High	7.5	netty-codec-http2-4.1.93.Final.jar	Upgrade to version: org.eclipse.jetty.http2:http2-server:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-server:12.0.2, org.eclipse.jetty.http2:http2-common:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-common:12.0.2, nghttp - v1.57.0, swift-nio-http2 - 1.28.0, io.netty:netty-codec-http2:4.1.100.Final, trafficserver - 9.2.3, org.apache.tomcat:tomcat-coyote:8.5.94,9.0.81,10.1.14, org.apache.tomcat.embed:tomcat-embed-core:8.5.94,9.0.81,10.1.14, Microsoft.AspNetCore.App - 6.0.23,7.0.12, contour - v1.26.1, proxygen - v2023.10.16.00, grpc-go - v1.56.3, v1.57.1, v1.58.3	#58
CVE-2023-39325 Path to dependency file: /src/checkoutservice/go.mod Path to vulnerable library: /src/checkoutservice/go.mod,/src/productcatalogservice/go.mod,/src/accountingservice/go.mod Dependency Hierarchy: -> google.golang.org/grpc-v1.56.1 (Root Library) -> ❌ golang.org/x/net-v0.11.0 (Vulnerable Library)	High	7.5	golang.org/x/net-v0.11.0	Upgrade to version: go1.20.10, go1.21.3, golang.org/x/net - v0.17.0	None

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
CVE-2023-36665	protobufjs-7.1.2.tgz
CVE-2022-25883	semver-7.5.0.tgz

Base branch total remaining vulnerabilities: 30
Base branch commit: dbe873acc75992a5ca0724bd1222561d2651439d

Total libraries scanned: 1079

Scan token: 8d63c54f9ba448c2af108537e66b305b

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency @opentelemetry/auto-instrumentations-node to v0.39.3 - autoclosed #84

fix(deps): update dependency @opentelemetry/auto-instrumentations-node to v0.39.3 - autoclosed #84

Security Report

Re-running checks...

fix(deps): update dependency @opentelemetry/auto-instrumentations-node to v0.39.3 - autoclosed #84

fix(deps): update dependency @opentelemetry/auto-instrumentations-nod…

fix(deps): update dependency @opentelemetry/auto-instrumentations-node to v0.39.3 - autoclosed #84

Security Report

Re-running checks...