react-file-viewer
react-file-viewer copied to clipboard
plangrid
update mammoth version to avoid vuln
mammoth 1.3.6 uses an vulnerable version of xmlbuilder (via lodash). This updates it to a non-vulnerable version.
Issue: https://github.com/plangrid/react-file-viewer/issues/112
Vulnerable Package: mime Affected Range: < 1.4.1 Fixed Version: 1.4.1 Related CVE: CVE-2017-16138 Severity: HIGH
More Information: Please consider upgrading mime to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2017-16138, or visit the FAQ
Vulnerable Package: lodash Affected Range: < 4.17.5 Fixed Version: 4.17.5 Related CVE: CVE-2018-3721 Severity: MODERATE
More Information: Please consider upgrading lodash to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2018-3721, or visit the FAQ
Vulnerable Package: webpack-dev-server Affected Range: < 3.1.11 Fixed Version: 3.1.11 Related CVE: CVE-2018-14732 Severity: LOW
More Information: Please consider upgrading webpack-dev-server to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2018-14732, or visit the FAQ
Vulnerable Package: lodash Affected Range: < 4.17.11 Fixed Version: 4.17.11 Related CVE: CVE-2018-16487 Severity: LOW
More Information: Please consider upgrading lodash to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2018-16487, or visit the FAQ
Vulnerable Package: tar Affected Range: < 2.2.2 Fixed Version: 2.2.2 Related CVE: CVE-2018-20834 Severity: HIGH
More Information: Please consider upgrading tar to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2018-20834, or visit the FAQ
Vulnerable Package: fstream Affected Range: < 1.0.12 Fixed Version: 1.0.12 Related CVE: WS-2019-0100 Severity: MODERATE
More Information: Please consider upgrading fstream to prevent deploying vulnerable code into production. For more information, visit: https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22, or visit the FAQ
Vulnerable Package: js-yaml Affected Range: < 3.13.1 Fixed Version: 3.13.1 Related CVE: WS-2019-0063 Severity: HIGH
More Information: Please consider upgrading js-yaml to prevent deploying vulnerable code into production. For more information, visit: https://github.com/nodeca/js-yaml/pull/480, or visit the FAQ
Vulnerable Package: js-yaml Affected Range: < 3.13.0 Fixed Version: 3.13.0 Related CVE: WS-2019-0032 Severity: MODERATE
More Information: Please consider upgrading js-yaml to prevent deploying vulnerable code into production. For more information, visit: https://github.com/nodeca/js-yaml/issues/475, or visit the FAQ
Vulnerable Package: braces Affected Range: < 2.3.1 Fixed Version: 2.3.1 Related CVE: WS-2019-0019 Severity: MODERATE
More Information: Please consider upgrading braces to prevent deploying vulnerable code into production. For more information, visit: https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451, or visit the FAQ
Vulnerable Package: eslint Affected Range: < 4.18.2 Fixed Version: 4.18.2 Related CVE: WS-2018-0592 Severity: MODERATE
More Information: Please consider upgrading eslint to prevent deploying vulnerable code into production. For more information, visit: https://github.com/eslint/eslint/commit/f6901d0bcf6c918ac4e5c6c7c4bddeb2cb715c09, or visit the FAQ
Vulnerable Package: mem Affected Range: < 4.0.0 Fixed Version: 4.0.0 Related CVE: WS-2018-0236 Severity: MODERATE
More Information: Please consider upgrading mem to prevent deploying vulnerable code into production. For more information, visit: https://github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b, or visit the FAQ
Vulnerable Package: lodash Affected Range: < 4.17.13 Fixed Version: 4.17.13 Related CVE: CVE-2019-10744 Severity: CRITICAL
More Information: Please consider upgrading lodash to prevent deploying vulnerable code into production. For more information, visit: https://github.com/lodash/lodash/pull/4336, or visit the FAQ
Vulnerable Package: lodash.mergewith Affected Range: < 4.6.2 Fixed Version: 4.6.2 Related CVE: CVE-2019-10744 Severity: CRITICAL
More Information: Please consider upgrading lodash.mergewith to prevent deploying vulnerable code into production. For more information, visit: https://github.com/lodash/lodash/pull/4336, or visit the FAQ
Vulnerable Package: handlebars Affected Range: >= 4.0.0, < 4.0.14 Fixed Version: 4.0.14 Related CVE: WS-2019-0064 Severity: HIGH
More Information: Please consider upgrading handlebars to prevent deploying vulnerable code into production. For more information, visit: https://github.com/wycats/handlebars.js/compare/v4.1.1...v4.1.2, or visit the FAQ
Vulnerable Package: lodash Affected Range: < 4.17.11 Fixed Version: 4.17.11 Related CVE: CVE-2019-1010266 Severity: MODERATE
More Information: Please consider upgrading lodash to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2019-1010266, or visit the FAQ
Vulnerable Package: mixin-deep Affected Range: < 1.3.2 Fixed Version: 1.3.2 Related CVE: CVE-2019-10746 Severity: CRITICAL
More Information: Please consider upgrading mixin-deep to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2019-10746, or visit the FAQ
Vulnerable Package: set-value Affected Range: < 2.0.1 Fixed Version: 2.0.1 Related CVE: CVE-2019-10747 Severity: CRITICAL
More Information: Please consider upgrading set-value to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2019-10747, or visit the FAQ