Skip to content

Update Internal #390

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mend-for-github-com wants to merge 1 commit into
base: main
Choose a base branch
from

Update Internal

f62fc01
Select commit
Loading
Failed to load commit list.
Open

Update Internal #390

Update Internal
f62fc01
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Feb 4, 2025 in 2m 50s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

npm

https://amplearning.jfrog.io/artifactory/api/npm/amplify-npm
Step Level Description Details
Setting the scanner configuration ⚠Warn Failure to set private registries, due to an issue with the configuration provided by the user no "registry" field corresponding to this url was found in the .npmrc files

1 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:
CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2025-2306

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/mongoose/package.json

Dependency Hierarchy:

-> ❌ mongoose-8.5.2.tgz (Vulnerable Library)

Critical 9.4 mongoose-8.5.2.tgz Upgrade to version: mongoose -6.13.6,7.8.4,8.9.5 #402

Base branch total remaining vulnerabilities: 16
Base branch commit: d78fa6c704e955e6c8c8cfced0439e66cf72809e


Total libraries scanned: 643

Scan token: ce4942f5e9f445f4b375fc2a7a8560d9

View more details on Mend for GitHub.com