[Backport 1.x] [Security] Remediate axios
vulnerabilities and remove code sandbox links
#1230
Mend for GitHub.com / Mend Security Check
failed
Feb 2, 2024 in 7m 44s
Security Report
You have successfully remediated 3 vulnerabilities, but introduced 1 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2023-26159Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> start-server-and-test-2.0.0.tgz (Root Library) -> wait-on-7.2.0.tgz -> axios-1.6.2.tgz -> ❌ follow-redirects-1.15.3.tgz (Vulnerable Library) |
Medium | 6.1 | follow-redirects-1.15.3.tgz | Upgrade to version: follow-redirects - 1.15.4 | #1149 |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2023-45857 | axios-0.27.2.tgz |
CVE-2023-26159 | follow-redirects-1.15.2.tgz |
CVE-2023-45857 | axios-0.22.0.tgz |
Base branch total remaining vulnerabilities: 5
Base branch commit: 077a7b47cb4d69cfce4072c38a325ecb2208936b
Total libraries scanned: 2308
Scan token: dfdc7fcb585c4b2e9da4174ebbb366b1
Loading