Update dependency express to v4.22.0 #40
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2019-10747Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> union-value-1.0.0.tgz -> ❌ set-value-0.4.3.tgz (Vulnerable Library) |
 Critical |
9.8 | Transitive set-value-0.4.3.tgz |
forever-2.0.0.tgz | Transitive 2.0.1 |
#11 |
|
CVE-2019-10747Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> ❌ set-value-2.0.0.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive set-value-2.0.0.tgz |
forever-2.0.0.tgz | Transitive 2.0.1 |
#11 |
|
CVE-2019-10746Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> ❌ mixin-deep-1.3.1.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive mixin-deep-1.3.1.tgz |
forever-2.0.0.tgz | Transitive 1.3.2 |
#11 |
|
CVE-616547-419802Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.22.0.tgz (Root Library) -> ❌ parseurl-1.3.3.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive parseurl-1.3.3.tgz |
express-4.22.0.tgz | None | ||
CVE-398484-724968Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.22.0.tgz (Root Library) -> send-0.19.2.tgz -> ❌ ms-2.1.3.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive ms-2.1.3.tgz |
express-4.22.0.tgz | None | ||
CVE-289561-266276Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.22.0.tgz (Root Library) -> http-errors-2.0.1.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
express-4.22.0.tgz | None |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| GHSA-c3m8-x3cg-qm2c | helmet-csp-1.2.2.tgz |
| GHSA-mh5c-679w-hh4r | mongodb-2.2.36.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-1.2.0.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.10.tgz |
| CVE-2024-45296 | path-to-regexp-0.1.7.tgz |
| CVE-2026-4867 | path-to-regexp-0.1.7.tgz |
| CVE-2024-43800 | serve-static-1.13.2.tgz |
| CVE-2024-10491 | express-4.16.4.tgz |
| CVE-2024-43796 | express-4.16.4.tgz |
| CVE-2024-52798 | path-to-regexp-0.1.7.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.8.tgz |
Base branch total remaining vulnerabilities: 72
Base branch commit: 09abfcb7c80bc0d91a4161008058c051cd300bfb
Total libraries scanned: 416
Scan token: 534be842b34944d1806d3e6a9ea869d0