search

trustbloc / agent-sdk

Apache License 2.0
8 stars 21 forks source link

Upgrade Vulnerable Libraries #378

Open biljanaLukovic opened 2 years ago

biljanaLukovic commented 2 years ago

Upgrade vulnerable libraries to the latest/suggested version

trustbloc / wallet Known security vulnerabilities detected

Dependency: github.com/opencontainers/runc Version < 1.0.3 MEDIUM severity Upgrade to ~> 1.0.3 Defined in: go.sum

Dependency axios Version < 0.21.1
Upgrade to ~> 0.21.1 Defined in: package-lock.json

Dependency underscore Version >= 1.3.2 < 1.12.1
Upgrade to ~> 1.12.1 Defined in package-lock.json

Dependency dot-object Version < 2.1.3
Upgrade to ~> 2.1.3 Defined in package-lock.json

trustbloc / sandbox

Dependency is-svg Version >= 2.1.0 < 4.2.2 HIGH Severity Issues CVE-2021-28092 High severity CVE-2021-29059 High severity Upgrade to ~> 4.2.2 Defined in package-lock.json

Dependency mem Version < 4.0.0 MEDIUM Severity Upgrade to ~> 4.0.0 Defined in package-lock.json

Dependency glob-parent Version < 5.1.2 CVE-2020-28469 High severity Upgrade to ~> 5.1.2 Defined in package-lock.json

Dependency url-parse CVE-2022-0686 Critical severity CVE-2021-3664 Moderate severity Version < 1.5.2 Upgrade to ~> 1.5.2 Defined in package-lock.json

Dependency path-parse Version < 1.0.7 CVE-2021-23343 Moderate severity Upgrade to ~> 1.0.7 Defined in package-lock.json

Dependency nth-check CVE-2021-3803 High severity Version < 2.0.1 Upgrade to ~> 2.0.1 Defined in package-lock.json

Dependency validator Version < 13.7.0 CVE-2021-3765 Moderate severity Upgrade to ~> 13.7.0 Defined in package-lock.json

Dependency github.com/tidwall/gjson CVE-2021-42836 High severity CVE-2021-42836 High severity CVE-2021-42836 High severity CVE-2021-42836 High severity CVE-2021-42248 High severity Version < 1.9.3 Upgrade to ~> 1.9.3 Defined in go.sum

Dependency go.mongodb.org/mongo-driver Version < 1.5.1 CVE-2021-20329 Moderate severity Upgrade to ~> 1.5.1 Defined in go.sum

Dependency json-schema Version < 0.4.0 CVE-2021-3918 Critical severity
Upgrade to ~> 0.4.0

biljanaLukovic commented 2 years ago

Dependency follow-redirects Version< 1.14.7 CVE-2022-0155 High severity CVE-2022-0536 Moderate severity Upgrade to~> 1.14.7

Dependency node-forge Version< 1.0.0 Upgrade to~> 1.0.0