search

PremierLangage / premierlangage

Server for auto-evaluating exercices
Other
18 stars 9 forks source link

Préconisations de mise a jour de dépendances pour raisons de sécurité #552

Open nimdanor opened 4 months ago

nimdanor commented 4 months ago

Requirements.txt django-celery-results >2.4.0

package-lock.json canvas >= 1.6.10 minimist >= 0.2.1 yargs-parser >13.1.2 webpack-subresource-integrity >1.5.1 ini > 1.3.6 socket.io >2.4.0 xmlhttprequest-ssl >1.6.2

etc Dependency django-celery-results
Version < 2.4.0 Upgrade to ~> 2.4.0 Defined in requirements.txt
Suggested update #497 Vulnerabilities CVE-2020-17495 High severity Dependency canvas
Version < 1.6.10
Upgrade to ~> 1.6.10 Defined in package-lock.json Vulnerabilities CVE-2020-8215 High severity GHSA-vpq5-4rc8-c222 Moderate severity Dependency minimist
Version < 0.2.1 Upgrade to ~> 0.2.1 Defined in package-lock.json Vulnerabilities CVE-2021-44906 Critical severity CVE-2021-44906 Critical severity CVE-2021-44906 Critical severity CVE-2020-7598 Moderate severity CVE-2020-7598 Moderate severity Dependency yargs-parser
Version

= 6.0.0 < 13.1.2
Upgrade to ~> 13.1.2 Defined in package-lock.json Vulnerabilities CVE-2020-7608 Moderate severity CVE-2020-7608 Moderate severity Dependency webpack-subresource-integrity
Version < 1.5.1 Upgrade to ~> 1.5.1 Defined in package-lock.json Vulnerabilities CVE-2020-15262 Low severity CVE-2020-15262 Low severity Dependency ini Version < 1.3.6 Upgrade to ~> 1.3.6 Defined in package-lock.json Vulnerabilities CVE-2020-7788 High severity CVE-2020-7788 High severity Dependency socket.io
Version < 2.4.0 Upgrade to ~> 2.4.0 Defined in package-lock.json Vulnerabilities CVE-2020-28481 Moderate severity CVE-2020-28481 Moderate severity Dependency xmlhttprequest-ssl
Version < 1.6.2 Upgrade to ~> 1.6.2 Defined in package-lock.json Vulnerabilities CVE-2020-28502 Critical severity CVE-2021-31597 Critical severity CVE-2020-28502 Critical severity CVE-2021-31597 Critical severity Dependency trim-newlines
Version < 3.0.1 Upgrade to ~> 3.0.1 Defined in package-lock.json Vulnerabilities CVE-2021-33623 High severity CVE-2021-33623 High severity Dependency tar Version < 3.2.2 Upgrade to ~> 3.2.2 Defined in package-lock.json Vulnerabilities CVE-2021-32804 High severity CVE-2021-37713 High severity CVE-2021-32803 High severity CVE-2021-32803 High severity CVE-2021-32804 High severity View 8 more Dependency node-forge
Version < 1.0.0 Upgrade to ~> 1.0.0 Defined in package-lock.json Vulnerabilities CVE-2022-24771 High severity CVE-2022-24772 High severity CVE-2022-24771 High severity CVE-2022-24772 High severity GHSA-gf8q-jrpm-jvxq Low severity View 7 more Dependency marked
Version < 4.0.10
Upgrade to ~> 4.0.10 Defined in package-lock.json Vulnerabilities CVE-2022-21680 High severity CVE-2022-21681 High severity CVE-2022-21680 High severity CVE-2022-21681 High severity Dependency log4js
Version < 6.4.0 Upgrade to ~> 6.4.0 Defined in package-lock.json Vulnerabilities CVE-2022-21704 Moderate severity CVE-2022-21704 Moderate severity Dependency karma
Version < 6.3.14
Upgrade to ~> 6.3.14 Defined in package-lock.json Vulnerabilities CVE-2022-0437 Moderate severity CVE-2021-23495 Moderate severity CVE-2022-0437 Moderate severity CVE-2021-23495 Moderate severity Dependency node-sass
Version = 2.0.0 < 7.0.0
Upgrade to ~> 7.0.0 Defined in package-lock.json Vulnerabilities CVE-2020-24025 Moderate severity CVE-2020-24025 Moderate severity Dependency scss-tokenizer
Version <= 0.4.2
Upgrade to ~> 0.4.3 Defined in package-lock.json Vulnerabilities CVE-2022-25758 High severity CVE-2022-25758 High severity Dependency prismjs Version < 1.23.0
Upgrade to ~> 1.23.0 Defined in package-lock.json Vulnerabilities CVE-2021-23341 High severity CVE-2021-32723 High severity CVE-2022-23647 High severity CVE-2021-3801 Moderate severity Dependency elliptic
Version < 6.5.4 Upgrade to ~> 6.5.4 Defined in package-lock.json Vulnerabilities CVE-2020-28498 Moderate severity Dependency lodash
Version < 4.17.21
Upgrade to ~> 4.17.21 Defined in package-lock.json Vulnerabilities CVE-2021-23337 High severity CVE-2020-28500 Moderate severity Dependency url-parse
Version < 1.5.0 Upgrade to ~> 1.5.0 Defined in package-lock.json Vulnerabilities CVE-2022-0686 Critical severity CVE-2021-27515 Moderate severity CVE-2021-3664 Moderate severity CVE-2022-0512 Moderate severity CVE-2022-0639 Moderate severity View 1 more Dependency hosted-git-info Version < 2.8.9 Upgrade to ~> 2.8.9 Defined in package-lock.json Vulnerabilities CVE-2021-23362 Moderate severity Dependency dns-packet
Version < 1.3.2 Upgrade to ~> 1.3.2 Defined in package-lock.json Vulnerabilities CVE-2021-23386 High severity Dependency ws
Version = 6.0.0 < 6.2.2
Upgrade to ~> 6.2.2 Defined in package-lock.json Vulnerabilities CVE-2021-32640 Moderate severity Dependency path-parse
Version < 1.0.7 Upgrade to ~> 1.0.7 Defined in package-lock.json Vulnerabilities CVE-2021-23343 Moderate severity Dependency json-schema Version < 0.4.0 Upgrade to ~> 0.4.0 Defined in package-lock.json Vulnerabilities CVE-2021-3918 Critical severity Dependency follow-redirects
Version < 1.14.7
Upgrade to ~> 1.14.7 Defined in package-lock.json Vulnerabilities CVE-2022-0155 High severity CVE-2022-0536 Moderate severity CVE-2023-26159 Moderate severity CVE-2023-26159 Moderate severity CVE-2024-28849 Moderate severity View 1 more Dependency ansi-regex
Version = 5.0.0 < 5.0.1
Upgrade to ~> 5.0.1 Defined in package-lock.json Vulnerabilities CVE-2021-3807 High severity CVE-2021-3807 High severity CVE-2021-3807 High severity Dependency eventsource Version < 1.1.1 Upgrade to ~> 1.1.1 Defined in package-lock.json
Suggested update #504 Vulnerabilities CVE-2022-1650 Critical severity Dependency async
Version = 2.0.0 < 2.6.4
Upgrade to ~> 2.6.4 Defined in package-lock.json
Suggested update #503 Vulnerabilities CVE-2021-43138 High severity Dependency jszip
Version = 3.0.0 < 3.7.0
Upgrade to ~> 3.7.0 Defined in package-lock.json Vulnerabilities CVE-2022-48285 High severity CVE-2021-23413 Moderate severity Dependency d3-color
Version < 3.1.0 Upgrade to ~> 3.1.0 Defined in package-lock.json Vulnerabilities GHSA-36jr-mh4h-2g58 High severity Dependency loader-utils
Version = 2.0.0 < 2.0.3
Upgrade to ~> 2.0.3 Defined in package-lock.json
Suggested update #516 Vulnerabilities CVE-2022-37601 Critical severity CVE-2022-37601 Critical severity CVE-2022-37601 Critical severity CVE-2022-37601 Critical severity Dependency socket.io-parser
Version < 3.3.3 Upgrade to ~> 3.3.3 Defined in package-lock.json Vulnerabilities CVE-2022-2421 Critical severity CVE-2022-2421 Critical severity Dependency minimatch
Version < 3.0.5 Upgrade to ~> 3.0.5 Defined in package-lock.json Vulnerabilities CVE-2022-3517 High severity Dependency decode-uri-component
Version < 0.2.1 Upgrade to ~> 0.2.1 Defined in package-lock.json
Suggested update #522 Vulnerabilities CVE-2022-38900 High severity CVE-2022-38900 High severity Dependency qs
Version = 6.7.0 < 6.7.3
Upgrade to ~> 6.7.3 Defined in package-lock.json
Suggested update #524 Vulnerabilities CVE-2022-24999 High severity CVE-2022-24999 High severity Dependency json5
Version = 2.0.0 < 2.2.2
Upgrade to ~> 2.2.2 Defined in package-lock.json
Suggested update #526 Vulnerabilities CVE-2022-46175 High severity CVE-2022-46175 High severity CVE-2022-46175 High severity CVE-2022-46175 High severity Dependency request Version <= 2.88.2
Defined in package-lock.json Vulnerabilities Dependency xml2js
Version < 0.5.0 Upgrade to ~> 0.5.0 Defined in package-lock.json Vulnerabilities CVE-2023-0842 Moderate severity CVE-2023-0842 Moderate severity Dependency tough-cookie
Version < 4.1.3 Upgrade to ~> 4.1.3 Defined in package-lock.json Vulnerabilities CVE-2023-26136 Moderate severity CVE-2023-26136 Moderate severity Dependency postcss Version < 8.4.31
Upgrade to ~> 8.4.31 Defined in package-lock.json Vulnerabilities CVE-2023-44270 Moderate severity CVE-2023-44270 Moderate severity Dependency @angular/core
Version < 10.2.5
Upgrade to ~> 10.2.5 Defined in package-lock.json Vulnerabilities CVE-2021-4231 Moderate severity CVE-2021-4231 Moderate severity Dependency @babel/traverse Version < 7.23.2
Upgrade to ~> 7.23.2 Defined in package-lock.json Vulnerabilities CVE-2023-45133 Critical severity CVE-2023-45133 Critical severity Dependency browserify-sign Version = 2.6.0 <= 4.2.1
Upgrade to ~> 4.2.2 Defined in package-lock.json Vulnerabilities CVE-2023-46234 High severity CVE-2023-46234 High severity Dependency jinja2
Version < 3.1.3 Upgrade to ~> 3.1.3 Defined in requirements.txt Vulnerabilities CVE-2024-22195 Moderate severity Dependency django
Version < 3.2.24
Upgrade to ~> 3.2.24 Defined in requirements.txt Vulnerabilities CVE-2024-24680 Moderate severity Dependency ip
Version < 1.1.9 Upgrade to ~> 1.1.9 Defined in package-lock.json Vulnerabilities CVE-2023-42282 Moderate severity CVE-2023-42282 Moderate severity Dependency webpack-dev-middleware
Version <= 5.3.3
Upgrade to ~> 5.3.4 Defined in package-lock.json Vulnerabilities CVE-2024-29180 High severity CVE-2024-29180 High severity Dependency katex
Version = 0.11.0 < 0.16.10 Upgrade to ~> 0.16.10 Defined in package-lock.json Vulnerabilities CVE-2024-28246 Moderate severity CVE-2024-28246 Moderate severity CVE-2024-28245 Moderate severity CVE-2024-28245 Moderate severity CVE-2024-28243 Moderate severity View 1 more Dependency express Version < 4.19.2
Upgrade to ~> 4.19.2 Defined in package-lock.json Vulnerabilities CVE-2024-29041 Moderate severity CVE-2024-29041 Moderate severity Dependency Jinja2
Version < 3.1.4 Upgrade to ~> 3.1.4 Defined in requirements.txt Vulnerabilities CVE-2024-34064 Moderate severity