Skip to content

Update dependency standard to ^12.0.1#41

Open
ghost wants to merge 1 commit into
masterfrom
whitesource-remediate/standard-12.x
Open

Update dependency standard to ^12.0.1#41
ghost wants to merge 1 commit into
masterfrom
whitesource-remediate/standard-12.x

Update dependency standard to ^12.0.1

ddebc92
Select commit
Loading
Failed to load commit list.
Deleted GitHub App / Mend Security Check failed Jan 29, 2026 in 47s

Security Report

The Security Check found 13 vulnerabilities.

Vulnerability Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Direct Library Suggested Fix Issue
CVE-2025-13465

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ lodash-4.17.11.tgz (Vulnerable Library)

Critical 9.9 Not Defined 0.1% Direct lodash-4.17.11.tgz lodash-4.17.11.tgz lodash-amd - 4.17.23,lodash - 4.17.23,lodash-es - 4.17.23 None
CVE-2021-3918

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> request-2.88.0.tgz (Root Library)

   -> http-signature-1.2.0.tgz

     -> jsprim-1.4.1.tgz

       -> ❌ json-schema-0.2.3.tgz (Vulnerable Library)

Critical 9.8 Not Defined 1.2% Transitive json-schema-0.2.3.tgz request-2.88.0.tgz 2.88.2 None
CVE-2025-7783

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> request-2.88.0.tgz (Root Library)

   -> ❌ form-data-2.3.3.tgz (Vulnerable Library)

High 8.7 Not Defined 0.2% Transitive form-data-2.3.3.tgz request-2.88.0.tgz Transitive 2.5.4 None
CVE-2021-43138

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ async-2.6.1.tgz (Vulnerable Library)

High 7.8 Not Defined 0.70000005% Direct async-2.6.1.tgz async-2.6.1.tgz 2.6.4 None
CVE-2025-15284

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> request-2.88.0.tgz (Root Library)

   -> ❌ qs-6.5.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% Transitive qs-6.5.2.tgz request-2.88.0.tgz Transitive 6.14.1 None
CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> request-2.88.0.tgz (Root Library)

   -> ❌ qs-6.5.2.tgz (Vulnerable Library)

High 7.5 Not Defined 1.4000001% Transitive qs-6.5.2.tgz request-2.88.0.tgz 2.88.2 None
CVE-2020-8203

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ lodash-4.17.11.tgz (Vulnerable Library)

High 7.4 Not Defined 2.5% Direct lodash-4.17.11.tgz lodash-4.17.11.tgz 4.17.19 None
CVE-2021-23337

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ lodash-4.17.11.tgz (Vulnerable Library)

High 7.2 Proof of concept 0.70000005% Direct lodash-4.17.11.tgz lodash-4.17.11.tgz 4.17.21 None
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> request-2.88.0.tgz (Root Library)

   -> ❌ tough-cookie-2.4.3.tgz (Vulnerable Library)

Medium 6.5 Proof of concept 6.8999996% Transitive tough-cookie-2.4.3.tgz request-2.88.0.tgz Transitive 4.1.3 None
CVE-2023-28155

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ request-2.88.0.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.6% Direct request-2.88.0.tgz request-2.88.0.tgz @cypress/request - 3.0.0 None
CVE-2021-23438

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ mpath-0.5.1.tgz (Vulnerable Library)

Medium 5.6 Proof of concept 0.5% Direct mpath-0.5.1.tgz mpath-0.5.1.tgz 0.8.4 None
CVE-2020-15366

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> request-2.88.0.tgz (Root Library)

   -> har-validator-5.1.0.tgz

     -> ❌ ajv-5.5.2.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.4% Transitive ajv-5.5.2.tgz request-2.88.0.tgz 2.88.2 None
CVE-2020-28500

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ lodash-4.17.11.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.2% Direct lodash-4.17.11.tgz lodash-4.17.11.tgz lodash - 4.17.21,lodash-es - 4.17.21,lodash-rails - 4.17.21 None

Total libraries scanned: 66
Scan token: abb0a271de9c418abba08808627e9538