New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependency updates #1668

Closed

krishnan-aot wants to merge 12 commits into main from rel34dep

Closed

Dependency updates #1668

Delete policy engine from onroutebc

GitHub Advanced Security / Trivy failed Dec 3, 2024 in 4s

3 new alerts including 1 critical severity security vulnerability

New alerts in code changed by this pull request

Security Alerts:

1 critical
2 medium

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 1399 in dops/package-lock.json

Code scanning / Trivy

azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity Medium

Package: @azure/identity
Installed Version: 3.4.2
Vulnerability CVE-2024-35255
Severity: MEDIUM
Fixed Version: 4.2.1
Link: CVE-2024-35255

Check failure on line 6605 in frontend/package-lock.json

Code scanning / Trivy

jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization Critical

Package: jsonpath-plus
Installed Version: 7.2.0
Vulnerability CVE-2024-21534
Severity: CRITICAL
Fixed Version: 10.0.7
Link: CVE-2024-21534

Check warning on line 1325 in scheduler/package-lock.json

Code scanning / Trivy

azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity Medium

Package: @azure/identity
Installed Version: 3.4.2
Vulnerability CVE-2024-35255
Severity: MEDIUM
Fixed Version: 4.2.1
Link: CVE-2024-35255