[Snyk] Security upgrade @sectester/reporter from 0.16.5 to 0.29.0 #141

TheRedHatter · 2024-06-20T17:58:35Z

This PR was automatically created by Snyk using the credentials of a real user.

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

package.json
package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	676
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	586

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)
🦉 Regular Expression Denial of Service (ReDoS)

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 - https://snyk.io/vuln/SNYK-JS-AXIOS-6124857

sonarcloud · 2024-06-20T17:59:08Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

prisma-cloud-devsecops · 2024-06-20T17:59:17Z

package.json

@@ -40,7 +40,7 @@
    "@sectester/bus": "^0.16.5",
    "@sectester/core": "^0.16.5",
    "@sectester/repeater": "^0.16.5",
-    "@sectester/reporter": "^0.16.5",
+    "@sectester/reporter": "^0.29.0",
    "@sectester/runner": "^0.16.5",


@sectester/runner 0.16.5 / package.json

Total vulnerabilities: 6

Critical: 2 High: 3 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2023-26136 CRITICAL 9.8 - Open

CVE-2023-42282 CRITICAL 9.8 - Open

CVE-2022-25883 HIGH 7.5 - Open

CVE-2024-29415 HIGH - - Open

CVE-2024-37890 HIGH 7.5 - Open

CVE-2024-28849 MEDIUM 6.5 - Open

prisma-cloud-devsecops · 2024-06-20T17:59:18Z

package.json

@@ -40,7 +40,7 @@
    "@sectester/bus": "^0.16.5",
    "@sectester/core": "^0.16.5",
    "@sectester/repeater": "^0.16.5",


@sectester/repeater 0.16.5 / package.json

Total vulnerabilities: 6

Critical: 2 High: 3 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2023-26136 CRITICAL 9.8 - Open

CVE-2023-42282 CRITICAL 9.8 - Open

CVE-2022-25883 HIGH 7.5 - Open

CVE-2024-29415 HIGH - - Open

CVE-2024-37890 HIGH 7.5 - Open

CVE-2024-28849 MEDIUM 6.5 - Open

prisma-cloud-devsecops · 2024-06-20T17:59:22Z

package.json

@@ -40,7 +40,7 @@
    "@sectester/bus": "^0.16.5",
    "@sectester/core": "^0.16.5",
    "@sectester/repeater": "^0.16.5",
-    "@sectester/reporter": "^0.16.5",
+    "@sectester/reporter": "^0.29.0",
    "@sectester/runner": "^0.16.5",
    "@sectester/scan": "^0.16.5",


@sectester/scan 0.16.5 / package.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2024-28849 MEDIUM 6.5 - Open

prisma-cloud-devsecops · 2024-06-20T17:59:23Z

package.json

@@ -40,7 +40,7 @@
    "@sectester/bus": "^0.16.5",
    "@sectester/core": "^0.16.5",
    "@sectester/repeater": "^0.16.5",
-    "@sectester/reporter": "^0.16.5",
+    "@sectester/reporter": "^0.29.0",


@sectester/reporter 0.29.0 / package.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2024-28849 MEDIUM 6.5 - Open

prisma-cloud-devsecops · 2024-06-20T17:59:24Z

package.json

@@ -40,7 +40,7 @@
    "@sectester/bus": "^0.16.5",


@sectester/bus 0.16.5 / package.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2024-28849 MEDIUM 6.5 - Open

prisma-cloud-devsecops · 2024-06-20T17:59:24Z

package.json

@@ -40,7 +40,7 @@
    "@sectester/bus": "^0.16.5",
    "@sectester/core": "^0.16.5",
    "@sectester/repeater": "^0.16.5",
-    "@sectester/reporter": "^0.16.5",
+    "@sectester/reporter": "^0.29.0",


axios 0.21.4 / package.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2024-28849 MEDIUM 6.5 - Open

TheRedHatter · 2024-06-20T18:19:27Z

Checkmarx One – Scan Summary & Details – 63a52e6b-cfce-40d8-ab4f-23acf31466ee

New Issues

Issue	Source File / Package	Checkmarx Insight
CVE-2024-37890	Npm-ws-8.12.0	Vulnerable Package
CVE-2024-37890	Npm-ws-7.5.9	Vulnerable Package
CVE-2024-37890	Npm-ws-8.12.1	Vulnerable Package
CVE-2024-37890	Npm-ws-6.2.2	Vulnerable Package
Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/main/Userprofile.tsx: 50	Attack Vector
Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/auth/LoginNew/PasswordCheck.tsx: 70	Attack Vector
Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/auth/Login/Login.tsx: 89	Attack Vector
Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/main/Userprofile.tsx: 46	Attack Vector
Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/auth/LoginNew/PasswordCheck.tsx: 65	Attack Vector
Client_Privacy_Violation	/public/src/pages/auth/LoginNew/LoginNew.tsx: 38	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/main/Userprofile.tsx: 46
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/main/Userprofile.tsx: 49
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 301
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 157
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 49
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 132
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 278
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 34
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 89
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/auth/Register/Register.tsx: 16
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 141
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 206
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 194
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 122
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 222
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 301
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 168
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 183
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 299
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 77
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 299
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/main/Userprofile.tsx: 46
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/main/Userprofile.tsx: 49
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 301
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 141
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 194
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 206
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 77
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 299
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 49
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 222
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/auth/Register/Register.tsx: 16
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 168
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 183
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 89
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 299
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 157
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 278
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 132
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 34
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 122
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 301
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 301
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 301
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 183
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 299
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 299
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/auth/Register/Register.tsx: 16
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 77
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 49
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 89
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 34
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/main/Userprofile.tsx: 49
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/main/Userprofile.tsx: 46
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 157
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 132
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 278
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 141
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 222
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 122
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 194
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 206
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 168
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 89
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/pages/auth/Register/Register.tsx: 16
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 34
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 77
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 49
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 49
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 34
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 49
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/public/src/api/httpClient.ts: 34
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 512
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 508
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 512
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 508
	Client_Potential_XSS	/public/public/vendor/progressbar/progressbar.min.js: 692
	Client_Potential_XSS	/public/public/vendor/progressbar/progressbar.js: 2144
	Client_Potential_XSS	/public/public/vendor/progressbar/progressbar.js: 2034
	Client_Potential_XSS	/public/public/vendor/progressbar/progressbar.min.js: 664
	Client_Potential_XSS	/public/public/vendor/progressbar/progressbar.min.js: 664
	Client_Potential_XSS	/public/public/vendor/fullcalendar-3.10.0/fullcalendar.js: 14518
	Client_Potential_XSS	/public/public/vendor/fullcalendar-3.10.0/fullcalendar.js: 7745
	Client_Potential_XSS	/public/public/vendor/fullcalendar-3.10.0/fullcalendar.js: 7745
	Client_Potential_XSS	/public/public/vendor/assets/vendor/venobox/venobox.js: 353
	Client_Potential_XSS	/public/public/assets/vendor/venobox/venobox.js: 353
	Client_Potential_XSS	/public/public/assets/vendor/venobox/venobox.js: 352
	Client_Potential_XSS	/public/public/vendor/assets/vendor/venobox/venobox.js: 352
	Client_Potential_XSS	/public/public/assets/vendor/venobox/venobox.js: 351
	Client_Potential_XSS	/public/public/vendor/assets/vendor/venobox/venobox.js: 351
	Client_Potential_XSS	/public/public/vendor/assets/vendor/venobox/venobox.js: 350
	Client_Potential_XSS	/public/public/assets/vendor/venobox/venobox.js: 350
	Client_Potential_XSS	/public/public/vendor/assets/vendor/venobox/venobox.js: 349
	Client_Potential_XSS	/public/public/assets/vendor/venobox/venobox.js: 349
	Client_Potential_XSS	/public/public/assets/vendor/venobox/venobox.js: 349
	Client_Potential_XSS	/public/public/vendor/assets/vendor/venobox/venobox.js: 349
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 265
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 265
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 250
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 250
	Client_Potential_XSS	/public/public/assets/vendor/owl.carousel/owl.carousel.js: 612
	Client_Potential_XSS	/public/public/vendor/assets/vendor/owl.carousel/owl.carousel.js: 612
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 274
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 274
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 269
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 269
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 259
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 259
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 254
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 254
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 245
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 245
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 241
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 241
	Client_Potential_XSS	/public/public/assets/js/main.js: 63
	Client_Potential_XSS	/public/public/vendor/assets/js/main.js: 62
	Client_Potential_XSS	/public/public/vendor/assets/vendor/venobox/venobox.js: 739
	Client_Potential_XSS	/public/public/assets/vendor/venobox/venobox.js: 739
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 324
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 324
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 321
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 321
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 318
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 318
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 315
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 315
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 281
	Client_Potential_XSS	/public/public/js/bootstrap-datetimepicker.js: 281
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 281
	Client_Potential_XSS	/public/public/vendor/js/bootstrap-datetimepicker.js: 281
	Client_Potential_XSS

More results are available on AST platform

fix: package.json & package-lock.json to reduce vulnerabilities

7ee95ac

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 - https://snyk.io/vuln/SNYK-JS-AXIOS-6124857

prisma-cloud-devsecops bot reviewed Jun 20, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade @sectester/reporter from 0.16.5 to 0.29.0 #141

[Snyk] Security upgrade @sectester/reporter from 0.16.5 to 0.29.0 #141

TheRedHatter commented Jun 20, 2024

sonarcloud bot commented Jun 20, 2024

prisma-cloud-devsecops bot Jun 20, 2024

prisma-cloud-devsecops bot Jun 20, 2024

prisma-cloud-devsecops bot Jun 20, 2024

prisma-cloud-devsecops bot Jun 20, 2024

prisma-cloud-devsecops bot Jun 20, 2024

prisma-cloud-devsecops bot Jun 20, 2024

TheRedHatter commented Jun 20, 2024

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2023-26136	CRITICAL	9.8	`-`	Open
CVE-2023-42282	CRITICAL	9.8	`-`	Open
CVE-2022-25883	HIGH	7.5	`-`	Open
CVE-2024-29415	HIGH	-	`-`	Open
CVE-2024-37890	HIGH	7.5	`-`	Open
CVE-2024-28849	MEDIUM	6.5	`-`	Open

[Snyk] Security upgrade @sectester/reporter from 0.16.5 to 0.29.0 #141

Are you sure you want to change the base?

[Snyk] Security upgrade @sectester/reporter from 0.16.5 to 0.29.0 #141

Conversation

TheRedHatter commented Jun 20, 2024

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

sonarcloud bot commented Jun 20, 2024

Quality Gate passed

prisma-cloud-devsecops bot Jun 20, 2024

Choose a reason for hiding this comment

@sectester/runner 0.16.5 / package.json

Total vulnerabilities: 6

prisma-cloud-devsecops bot Jun 20, 2024

Choose a reason for hiding this comment

@sectester/repeater 0.16.5 / package.json

Total vulnerabilities: 6

prisma-cloud-devsecops bot Jun 20, 2024

Choose a reason for hiding this comment

@sectester/scan 0.16.5 / package.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jun 20, 2024

Choose a reason for hiding this comment

@sectester/reporter 0.29.0 / package.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jun 20, 2024

Choose a reason for hiding this comment

@sectester/bus 0.16.5 / package.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jun 20, 2024

Choose a reason for hiding this comment

axios 0.21.4 / package.json

Total vulnerabilities: 1

TheRedHatter commented Jun 20, 2024

New Issues

Fixed Issues