premierlangage icon indicating copy to clipboard operation
premierlangage copied to clipboard

Published 20 hours ago verified publisher icon PremierLangage

Préconisations de mise a jour de dépendances pour raisons de sécurité

Open nimdanor opened this issue 9 months ago • 0 comments

Requirements.txt django-celery-results >2.4.0

package-lock.json canvas >= 1.6.10 minimist >= 0.2.1 yargs-parser >13.1.2 webpack-subresource-integrity >1.5.1 ini > 1.3.6 socket.io >2.4.0 xmlhttprequest-ssl >1.6.2

etc Dependency django-celery-results Version < 2.4.0 Upgrade to ~> 2.4.0 Defined in requirements.txt Suggested update #497 Vulnerabilities CVE-2020-17495 High severity Dependency canvas Version < 1.6.10 Upgrade to ~> 1.6.10 Defined in package-lock.json Vulnerabilities CVE-2020-8215 High severity GHSA-vpq5-4rc8-c222 Moderate severity Dependency minimist Version < 0.2.1 Upgrade to ~> 0.2.1 Defined in package-lock.json Vulnerabilities CVE-2021-44906 Critical severity CVE-2021-44906 Critical severity CVE-2021-44906 Critical severity CVE-2020-7598 Moderate severity CVE-2020-7598 Moderate severity Dependency yargs-parser Version

= 6.0.0 < 13.1.2 Upgrade to ~> 13.1.2 Defined in package-lock.json Vulnerabilities CVE-2020-7608 Moderate severity CVE-2020-7608 Moderate severity Dependency webpack-subresource-integrity Version < 1.5.1 Upgrade to ~> 1.5.1 Defined in package-lock.json Vulnerabilities CVE-2020-15262 Low severity CVE-2020-15262 Low severity Dependency ini Version < 1.3.6 Upgrade to ~> 1.3.6 Defined in package-lock.json Vulnerabilities CVE-2020-7788 High severity CVE-2020-7788 High severity Dependency socket.io Version < 2.4.0 Upgrade to ~> 2.4.0 Defined in package-lock.json Vulnerabilities CVE-2020-28481 Moderate severity CVE-2020-28481 Moderate severity Dependency xmlhttprequest-ssl Version < 1.6.2 Upgrade to ~> 1.6.2 Defined in package-lock.json Vulnerabilities CVE-2020-28502 Critical severity CVE-2021-31597 Critical severity CVE-2020-28502 Critical severity CVE-2021-31597 Critical severity Dependency trim-newlines Version < 3.0.1 Upgrade to ~> 3.0.1 Defined in package-lock.json Vulnerabilities CVE-2021-33623 High severity CVE-2021-33623 High severity Dependency tar Version < 3.2.2 Upgrade to ~> 3.2.2 Defined in package-lock.json Vulnerabilities CVE-2021-32804 High severity CVE-2021-37713 High severity CVE-2021-32803 High severity CVE-2021-32803 High severity CVE-2021-32804 High severity View 8 more Dependency node-forge Version < 1.0.0 Upgrade to ~> 1.0.0 Defined in package-lock.json Vulnerabilities CVE-2022-24771 High severity CVE-2022-24772 High severity CVE-2022-24771 High severity CVE-2022-24772 High severity GHSA-gf8q-jrpm-jvxq Low severity View 7 more Dependency marked Version < 4.0.10 Upgrade to ~> 4.0.10 Defined in package-lock.json Vulnerabilities CVE-2022-21680 High severity CVE-2022-21681 High severity CVE-2022-21680 High severity CVE-2022-21681 High severity Dependency log4js Version < 6.4.0 Upgrade to ~> 6.4.0 Defined in package-lock.json Vulnerabilities CVE-2022-21704 Moderate severity CVE-2022-21704 Moderate severity Dependency karma Version < 6.3.14 Upgrade to ~> 6.3.14 Defined in package-lock.json Vulnerabilities CVE-2022-0437 Moderate severity CVE-2021-23495 Moderate severity CVE-2022-0437 Moderate severity CVE-2021-23495 Moderate severity Dependency node-sass Version = 2.0.0 < 7.0.0 Upgrade to ~> 7.0.0 Defined in package-lock.json Vulnerabilities CVE-2020-24025 Moderate severity CVE-2020-24025 Moderate severity Dependency scss-tokenizer Version <= 0.4.2 Upgrade to ~> 0.4.3 Defined in package-lock.json Vulnerabilities CVE-2022-25758 High severity CVE-2022-25758 High severity Dependency prismjs Version < 1.23.0 Upgrade to ~> 1.23.0 Defined in package-lock.json Vulnerabilities CVE-2021-23341 High severity CVE-2021-32723 High severity CVE-2022-23647 High severity CVE-2021-3801 Moderate severity Dependency elliptic Version < 6.5.4 Upgrade to ~> 6.5.4 Defined in package-lock.json Vulnerabilities CVE-2020-28498 Moderate severity Dependency lodash Version < 4.17.21 Upgrade to ~> 4.17.21 Defined in package-lock.json Vulnerabilities CVE-2021-23337 High severity CVE-2020-28500 Moderate severity Dependency url-parse Version < 1.5.0 Upgrade to ~> 1.5.0 Defined in package-lock.json Vulnerabilities CVE-2022-0686 Critical severity CVE-2021-27515 Moderate severity CVE-2021-3664 Moderate severity CVE-2022-0512 Moderate severity CVE-2022-0639 Moderate severity View 1 more Dependency hosted-git-info Version < 2.8.9 Upgrade to ~> 2.8.9 Defined in package-lock.json Vulnerabilities CVE-2021-23362 Moderate severity Dependency dns-packet Version < 1.3.2 Upgrade to ~> 1.3.2 Defined in package-lock.json Vulnerabilities CVE-2021-23386 High severity Dependency ws Version = 6.0.0 < 6.2.2 Upgrade to ~> 6.2.2 Defined in package-lock.json Vulnerabilities CVE-2021-32640 Moderate severity Dependency path-parse Version < 1.0.7 Upgrade to ~> 1.0.7 Defined in package-lock.json Vulnerabilities CVE-2021-23343 Moderate severity Dependency json-schema Version < 0.4.0 Upgrade to ~> 0.4.0 Defined in package-lock.json Vulnerabilities CVE-2021-3918 Critical severity Dependency follow-redirects Version < 1.14.7 Upgrade to ~> 1.14.7 Defined in package-lock.json Vulnerabilities CVE-2022-0155 High severity CVE-2022-0536 Moderate severity CVE-2023-26159 Moderate severity CVE-2023-26159 Moderate severity CVE-2024-28849 Moderate severity View 1 more Dependency ansi-regex Version = 5.0.0 < 5.0.1 Upgrade to ~> 5.0.1 Defined in package-lock.json Vulnerabilities CVE-2021-3807 High severity CVE-2021-3807 High severity CVE-2021-3807 High severity Dependency eventsource Version < 1.1.1 Upgrade to ~> 1.1.1 Defined in package-lock.json Suggested update #504 Vulnerabilities CVE-2022-1650 Critical severity Dependency async Version = 2.0.0 < 2.6.4 Upgrade to ~> 2.6.4 Defined in package-lock.json Suggested update #503 Vulnerabilities CVE-2021-43138 High severity Dependency jszip Version = 3.0.0 < 3.7.0 Upgrade to ~> 3.7.0 Defined in package-lock.json Vulnerabilities CVE-2022-48285 High severity CVE-2021-23413 Moderate severity Dependency d3-color Version < 3.1.0 Upgrade to ~> 3.1.0 Defined in package-lock.json Vulnerabilities GHSA-36jr-mh4h-2g58 High severity Dependency loader-utils Version = 2.0.0 < 2.0.3 Upgrade to ~> 2.0.3 Defined in package-lock.json Suggested update #516 Vulnerabilities CVE-2022-37601 Critical severity CVE-2022-37601 Critical severity CVE-2022-37601 Critical severity CVE-2022-37601 Critical severity Dependency socket.io-parser Version < 3.3.3 Upgrade to ~> 3.3.3 Defined in package-lock.json Vulnerabilities CVE-2022-2421 Critical severity CVE-2022-2421 Critical severity Dependency minimatch Version < 3.0.5 Upgrade to ~> 3.0.5 Defined in package-lock.json Vulnerabilities CVE-2022-3517 High severity Dependency decode-uri-component Version < 0.2.1 Upgrade to ~> 0.2.1 Defined in package-lock.json Suggested update #522 Vulnerabilities CVE-2022-38900 High severity CVE-2022-38900 High severity Dependency qs Version = 6.7.0 < 6.7.3 Upgrade to ~> 6.7.3 Defined in package-lock.json Suggested update #524 Vulnerabilities CVE-2022-24999 High severity CVE-2022-24999 High severity Dependency json5 Version = 2.0.0 < 2.2.2 Upgrade to ~> 2.2.2 Defined in package-lock.json Suggested update #526 Vulnerabilities CVE-2022-46175 High severity CVE-2022-46175 High severity CVE-2022-46175 High severity CVE-2022-46175 High severity Dependency request Version <= 2.88.2 Defined in package-lock.json Vulnerabilities Dependency xml2js Version < 0.5.0 Upgrade to ~> 0.5.0 Defined in package-lock.json Vulnerabilities CVE-2023-0842 Moderate severity CVE-2023-0842 Moderate severity Dependency tough-cookie Version < 4.1.3 Upgrade to ~> 4.1.3 Defined in package-lock.json Vulnerabilities CVE-2023-26136 Moderate severity CVE-2023-26136 Moderate severity Dependency postcss Version < 8.4.31 Upgrade to ~> 8.4.31 Defined in package-lock.json Vulnerabilities CVE-2023-44270 Moderate severity CVE-2023-44270 Moderate severity Dependency @angular/core Version < 10.2.5 Upgrade to ~> 10.2.5 Defined in package-lock.json Vulnerabilities CVE-2021-4231 Moderate severity CVE-2021-4231 Moderate severity Dependency @babel/traverse Version < 7.23.2 Upgrade to ~> 7.23.2 Defined in package-lock.json Vulnerabilities CVE-2023-45133 Critical severity CVE-2023-45133 Critical severity Dependency browserify-sign Version = 2.6.0 <= 4.2.1 Upgrade to ~> 4.2.2 Defined in package-lock.json Vulnerabilities CVE-2023-46234 High severity CVE-2023-46234 High severity Dependency jinja2 Version < 3.1.3 Upgrade to ~> 3.1.3 Defined in requirements.txt Vulnerabilities CVE-2024-22195 Moderate severity Dependency django Version < 3.2.24 Upgrade to ~> 3.2.24 Defined in requirements.txt Vulnerabilities CVE-2024-24680 Moderate severity Dependency ip Version < 1.1.9 Upgrade to ~> 1.1.9 Defined in package-lock.json Vulnerabilities CVE-2023-42282 Moderate severity CVE-2023-42282 Moderate severity Dependency webpack-dev-middleware Version <= 5.3.3 Upgrade to ~> 5.3.4 Defined in package-lock.json Vulnerabilities CVE-2024-29180 High severity CVE-2024-29180 High severity Dependency katex Version = 0.11.0 < 0.16.10 Upgrade to ~> 0.16.10 Defined in package-lock.json Vulnerabilities CVE-2024-28246 Moderate severity CVE-2024-28246 Moderate severity CVE-2024-28245 Moderate severity CVE-2024-28245 Moderate severity CVE-2024-28243 Moderate severity View 1 more Dependency express Version < 4.19.2 Upgrade to ~> 4.19.2 Defined in package-lock.json Vulnerabilities CVE-2024-29041 Moderate severity CVE-2024-29041 Moderate severity Dependency Jinja2 Version < 3.1.4 Upgrade to ~> 3.1.4 Defined in requirements.txt Vulnerabilities CVE-2024-34064 Moderate severity

nimdanor avatar May 07 '24 12:05 nimdanor