Skip to content

Update dependency dottie to ^2.0.7#21

Open
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/dottie-2.x
Open

Update dependency dottie to ^2.0.7#21
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/dottie-2.x

Update dependency dottie to ^2.0.7

0ccbdb5
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Jun 26, 2026 in 15m 9s

Security Report

You have successfully remediated 66 vulnerabilities, but introduced 15 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-941441-362681

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/once/package.json

Dependency Hierarchy:

-> grunt-1.6.2.tgz (Root Library)

   -> glob-7.1.7.tgz

     -> ❌ once-1.4.0.tgz (Vulnerable Library)

Critical 9.8 Transitive once-1.4.0.tgz grunt-1.6.2.tgz None
CVE-666308-417910

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/has-symbols/package.json

Dependency Hierarchy:

-> pdfkit-0.11.0.tgz (Root Library)

   -> fontkit-1.9.0.tgz

     -> deep-equal-2.2.3.tgz

       -> object.assign-4.1.7.tgz

         -> ❌ has-symbols-1.1.0.tgz (Vulnerable Library)

Critical 9.8 Transitive has-symbols-1.1.0.tgz pdfkit-0.11.0.tgz None
CVE-2026-41907

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/uuid/package.json

Dependency Hierarchy:

-> sequelize-6.37.8.tgz (Root Library)

   -> ❌ uuid-8.3.2.tgz (Vulnerable Library)

Critical 9.8 Transitive uuid-8.3.2.tgz sequelize-6.37.8.tgz Transitive https://github.com/uuidjs/uuid.git - v13.0.1,https://github.com/uuidjs/uuid.git - v12.0.1,https://github.com/uuidjs/uuid.git - v11.1.1 None
CVE-2026-41907

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/node_modules/uuid/package.json

Dependency Hierarchy:

-> request-2.88.2.tgz (Root Library)

   -> ❌ uuid-3.4.0.tgz (Vulnerable Library)

Critical 9.8 Transitive uuid-3.4.0.tgz request-2.88.2.tgz Transitive https://github.com/uuidjs/uuid.git - v13.0.1,https://github.com/uuidjs/uuid.git - v12.0.1,https://github.com/uuidjs/uuid.git - v11.1.1 None
CVE-2026-3520

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.1.1 None
CVE-2026-3304

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz Upgrade to version multer - 2.1.0 or greater None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/glob/node_modules/minimatch/package.json

Dependency Hierarchy:

-> glob-10.5.0.tgz (Root Library)

   -> ❌ minimatch-9.0.9.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-9.0.9.tgz glob-10.5.0.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@⁠eslint/eslintrc/node_modules/minimatch/package.json

Dependency Hierarchy:

-> grunt-1.6.2.tgz (Root Library)

   -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz grunt-1.6.2.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/filehound/node_modules/minimatch/package.json

Dependency Hierarchy:

-> filesniffer-1.0.3.tgz (Root Library)

   -> filehound-1.17.6.tgz

     -> ❌ minimatch-5.1.9.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-5.1.9.tgz filesniffer-1.0.3.tgz Transitive 10.2.1 None
CVE-2026-2359

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz Upgrade to version multer - 2.1.0 or greater None
CVE-2025-7338

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.2 None
CVE-2025-48997

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.1 None
CVE-2025-47944

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.0 None
CVE-2025-47935

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.0 None
CVE-2024-47764

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/engine.io/node_modules/cookie/package.json

Dependency Hierarchy:

-> socket.io-3.1.2.tgz (Root Library)

   -> engine.io-4.1.2.tgz

     -> ❌ cookie-0.4.2.tgz (Vulnerable Library)

Medium 5.3 Transitive cookie-0.4.2.tgz socket.io-3.1.2.tgz Transitive 0.7.0 None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2026-26996 minimatch-5.1.6.tgz
CVE-2026-33939 handlebars-4.7.7.tgz
CVE-636288-474053 on-headers-1.0.2.tgz
CVE-2024-47764 cookie-0.6.0.tgz
CVE-2025-48387 tar-fs-2.1.1.tgz
CVE-2026-26996 minimatch-3.0.8.tgz
CVE-2026-33938 handlebars-4.7.7.tgz
CVE-2026-26996 minimatch-9.0.5.tgz
WS-2018-0096 base64url-0.0.6.tgz
CVE-2026-33671 picomatch-2.3.1.tgz
CVE-2025-64756 glob-10.4.5.tgz
CVE-2025-47944 multer-1.4.5-lts.1.tgz
CVE-2026-33672 picomatch-2.3.1.tgz
CVE-2024-12905 tar-fs-2.1.1.tgz
CVE-2025-15284 qs-6.11.0.tgz
CVE-2025-7338 multer-1.4.5-lts.1.tgz
CVE-2026-4867 path-to-regexp-0.1.7.tgz
CVE-2026-33941 handlebars-4.7.7.tgz
CVE-2026-27904 minimatch-3.0.8.tgz
CVE-2025-5889 brace-expansion-1.1.11.tgz
CVE-2026-26996 minimatch-3.1.2.tgz
CVE-2026-33750 brace-expansion-2.0.1.tgz
CVE-2026-45736 ws-8.17.1.tgz
CVE-2024-47764 cookie-0.4.1.tgz
CVE-2025-69873 ajv-6.12.6.tgz
CVE-2026-2391 qs-6.11.0.tgz
CVE-2025-13466 body-parser-1.20.2.tgz
CVE-2025-48997 multer-1.4.5-lts.1.tgz
CVE-2024-21538 cross-spawn-7.0.3.tgz
CVE-2025-47935 multer-1.4.5-lts.1.tgz
CVE-2026-42338 ip-address-9.0.5.tgz
CVE-02026-20261 on-headers-1.0.2.tgz
CVE-2026-33940 handlebars-4.7.7.tgz
CVE-2026-2359 multer-1.4.5-lts.1.tgz
CVE-2025-59436 ip-2.0.1.tgz
CVE-587792-470342 on-finished-2.3.0.tgz
CVE-2025-15284 qs-6.5.3.tgz
CVE-2024-45590 body-parser-1.20.2.tgz
CVE-2025-56200 validator-13.12.0.tgz
CVE-2025-59343 tar-fs-2.1.1.tgz
CVE-2026-2391 qs-6.5.3.tgz
CVE-2024-4067 micromatch-4.0.7.tgz
CVE-2017-18214 moment-2.0.0.tgz
CVE-2026-27837 dottie-2.0.6.tgz
CVE-2024-29415 ip-2.0.1.tgz
CVE-2021-32822 hbs-4.2.0.tgz
CVE-2024-43796 express-4.19.2.tgz
CVE-2026-3304 multer-1.4.5-lts.1.tgz
CVE-2026-2950 lodash-4.17.21.tgz
CVE-2025-5889 brace-expansion-2.0.1.tgz
CVE-2024-45296 path-to-regexp-0.1.7.tgz
CVE-2026-27904 minimatch-9.0.5.tgz
CVE-607537-903744 ajv-6.12.6.tgz
CVE-2026-33937 handlebars-4.7.7.tgz
CVE-2022-25881 http-cache-semantics-3.8.1.tgz
CVE-2026-27904 minimatch-5.1.6.tgz
CVE-2026-27904 minimatch-3.1.2.tgz
CVE-121740-819191 lodash-4.17.21.tgz
CVE-2026-33916 handlebars-4.7.7.tgz
CVE-2025-7339 on-headers-1.0.2.tgz
CVE-2026-33750 brace-expansion-1.1.11.tgz
CVE-2026-4800 lodash-4.17.21.tgz
CVE-2026-3520 multer-1.4.5-lts.1.tgz
CVE-2024-52798 path-to-regexp-0.1.7.tgz
CVE-2024-43800 serve-static-1.15.0.tgz
CVE-2025-59437 ip-2.0.1.tgz

Base branch total remaining vulnerabilities: 157
Base branch commit: null


Total libraries scanned: 976

Scan token: a4ef2ce1b017401fa82ed3c378934b26