chore(deps): update dependency opentok to v2.17.0 (master) #855
Security Report
❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
general
https://vonagecc.jfrog.io/artifactory
| Step | Level | Description | Details |
|---|---|---|---|
| Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | Unsupported registry hostType gradle, skipped |
https://vonagecc.jfrog.io/artifactory/maven
| Step | Level | Description | Details |
|---|---|---|---|
| Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | Unsupported registry hostType gradle, skipped |
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|---|
CVE-2018-3721Path to dependency file: /package.json Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json Dependency Hierarchy: -> grunt-bower-task-0.5.0.tgz (Root Library) -> ❌ lodash-0.10.0.tgz (Vulnerable Library) |
 Medium |
6.5 | Not Defined | 0.1% | lodash-0.10.0.tgz | Upgrade to version: lodash 4.17.5 | #796 |
|
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2021-3918 | json-schema-0.2.3.tgz |
| CVE-2022-24999 | qs-6.5.2.tgz |
| CVE-2022-23541 | jsonwebtoken-8.5.1.tgz |
| CVE-2022-23540 | jsonwebtoken-8.5.1.tgz |
| CVE-2022-23539 | jsonwebtoken-8.5.1.tgz |
| CVE-2023-26136 | tough-cookie-2.5.0.tgz |
| CVE-2023-28155 | request-2.88.2.tgz |
Base branch total remaining vulnerabilities: 46
Base branch commit: null
Total libraries scanned: 547
Scan token: 34b9cbe137da45088e14764549514a27