Update dependency lodash to v4.17.23 (main) #237

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: gradle,sbt. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

gradle

/tmp/ws-scm/comms-router/test/demo-helper/play-helper/build.gradle

Step	Level	Description	Details
Preparing the project for scan	⚠Warn	One or more of the installations failed	failed running mend init script (mendDeps): NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED FAILURE: Build failed with an exception. * Where: Build file '/tmp/ws-scm/comms-router/test/demo-helper/play-helper/build.gradle' line: 2 * What went wrong: Plugin [id: 'play'] was not found in any o...

https://vonagecc.jfrog.io/artifactory

Step	Level	Description	Details
Checking registry connectivity	⚠Warn	Problem occurred while connecting to the private registry host server, private registry returned 401 - Unauthorized	{"errors":[{"code":"UNAUTHORIZED","message":"Invalid token, parse"}]}

https://vonagecc.jfrog.io/artifactory/maven

Step	Level	Description	Details
Checking registry connectivity	⚠Warn	Problem occurred while connecting to the private registry host server, private registry returned 401 - Unauthorized	{"errors":[{"code":"UNAUTHORIZED","message":"Invalid token, parse"}]}

You have successfully remediated 5 vulnerabilities, but introduced 60 new vulnerabilities in this branch.

❌ New vulnerabilities: > Partial results (40 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

Vulnerability	Severity	CVSS Score	Exploit Maturity	EPSS	Vulnerable Library	Direct Library	Suggested Fix	Issue	Reachability
MSC-2023-16600 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ fsevents-1.2.4.tgz (Vulnerable Library)	Critical	9.8	High		`Transitive` fsevents-1.2.4.tgz	vue-lory-0.0.4.tgz		#110	Reachable
CVE-2023-45311 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ fsevents-1.2.4.tgz (Vulnerable Library)	Critical	9.8	Not Defined	0.4%	`Transitive` fsevents-1.2.4.tgz	vue-lory-0.0.4.tgz	`Transitive` 1.2.11	#110	Reachable
CVE-2026-27904 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> readdirp-2.1.0.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)	High	7.5	Not Defined	0.0%	`Transitive` minimatch-3.0.4.tgz	vue-lory-0.0.4.tgz	`Transitive` 3.1.4	#110	Reachable
CVE-2026-27903 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> readdirp-2.1.0.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)	High	7.5	Not Defined	0.0%	`Transitive` minimatch-3.0.4.tgz	vue-lory-0.0.4.tgz	`Transitive` https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v4.2.5,https://github.com/isaacs/minimatch.git - v6.2.2,https://github.com/isaacs/minimatch.git - v10.2.3,https://github.com/isaacs/minimatch.git - v5.1.8,https://github.com/isaacs/minimatch.git - v9.0.7,https://github.com/isaacs/minimatch.git - v7.4.8,https://github.com/isaacs/minimatch.git - v8.0.6	#110	Reachable
CVE-2026-26996 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> readdirp-2.1.0.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)	High	7.5	Not Defined	0.0%	`Transitive` minimatch-3.0.4.tgz	vue-lory-0.0.4.tgz	`Transitive` https://github.com/isaacs/minimatch.git - v10.2.1,https://github.com/isaacs/minimatch.git - v5.1.7,https://github.com/isaacs/minimatch.git - v4.2.4,https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v8.0.5,https://github.com/isaacs/minimatch.git - v9.0.6,https://github.com/isaacs/minimatch.git - v6.2.1,https://github.com/isaacs/minimatch.git - v7.4.7	#110	Reachable
CVE-2024-4068 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library)	High	7.5	Not Defined	0.2%	`Transitive` braces-2.3.2.tgz	vue-lory-0.0.4.tgz	`Transitive` braces - 3.0.3	#110	Reachable
CVE-2022-3517 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> readdirp-2.1.0.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)	High	7.5	Not Defined	0.5%	`Transitive` minimatch-3.0.4.tgz	vue-lory-0.0.4.tgz	`Transitive` minimatch - 3.0.5	#110	Reachable
CVE-2026-33750 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> readdirp-2.1.0.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)	Medium	6.5	Not Defined	0.1%	`Transitive` brace-expansion-1.1.11.tgz	vue-lory-0.0.4.tgz	`Transitive` https://github.com/juliangruber/brace-expansion.git - v2.0.3,https://github.com/juliangruber/brace-expansion.git - v3.0.2,https://github.com/juliangruber/brace-expansion.git - v5.0.5,https://github.com/juliangruber/brace-expansion.git - v1.1.13	#110	Reachable
CVE-2024-43788 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> ❌ webpack-2.7.0.tgz (Vulnerable Library)	Medium	6.4	Not Defined	1.8%	`Transitive` webpack-2.7.0.tgz	vue-lory-0.0.4.tgz	`Transitive` 5.94.0	#110	Reachable
CVE-2024-4067 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> anymatch-2.0.0.tgz -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)	Medium	5.3	Not Defined	0.1%	`Transitive` micromatch-3.1.10.tgz	vue-lory-0.0.4.tgz	`Transitive` 4.0.8	#110	Reachable
CVE-2022-25883 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> yargs-6.6.0.tgz -> read-pkg-up-1.0.1.tgz -> read-pkg-1.1.0.tgz -> normalize-package-data-2.4.0.tgz -> ❌ semver-5.5.0.tgz (Vulnerable Library)	Medium	5.3	Proof of concept	0.6%	`Transitive` semver-5.5.0.tgz	vue-lory-0.0.4.tgz	`Transitive` 5.7.2	#110	Reachable
CVE-2020-28469 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ glob-parent-3.1.0.tgz (Vulnerable Library)	Medium	5.3	Not Defined	0.9%	`Transitive` glob-parent-3.1.0.tgz	vue-lory-0.0.4.tgz	`Transitive` 5.1.2	#110	Reachable
CVE-2025-5889 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> readdirp-2.1.0.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)	Low	3.1	Proof of concept	0.0%	`Transitive` brace-expansion-1.1.11.tgz	vue-lory-0.0.4.tgz	`Transitive` 1.1.12	#110	Reachable
CVE-2025-69873 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> ❌ ajv-4.11.8.tgz (Vulnerable Library)	Low	2.9	Not Defined	0.0%	`Transitive` ajv-4.11.8.tgz	vue-lory-0.0.4.tgz	`Transitive` https://github.com/ajv-validator/ajv.git - v8.18.0,https://github.com/ajv-validator/ajv.git - v6.14.0	#110	Reachable
CVE-2025-6545 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> ❌ pbkdf2-3.0.16.tgz (Vulnerable Library)	Critical	10.0	Not Defined	0.1%	`Transitive` pbkdf2-3.0.16.tgz	vue-lory-0.0.4.tgz	`Transitive` 3.1.3	#110	Unreachable
CVE-2021-44906 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> mkdirp-0.5.1.tgz -> ❌ minimist-0.0.8.tgz (Vulnerable Library)	Critical	9.8	Not Defined	0.9%	`Transitive` minimist-0.0.8.tgz	vue-lory-0.0.4.tgz	`Transitive` 1.2.6	#110	Unreachable
CVE-2021-44906 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> rc-1.2.7.tgz -> ❌ minimist-1.2.0.tgz (Vulnerable Library)	Critical	9.8	Not Defined	0.9%	`Transitive` minimist-1.2.0.tgz	vue-lory-0.0.4.tgz	`Transitive` 1.2.6	#110	Unreachable
CVE-2024-48949 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> create-ecdh-4.0.3.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library)	Critical	9.1	Not Defined	0.3%	`Transitive` elliptic-6.4.0.tgz	vue-lory-0.0.4.tgz	`Transitive` 6.5.6	#110	Unreachable
CVE-2026-23950 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library)	High	8.8	Not Defined	0.0%	`Transitive` tar-4.4.1.tgz	vue-lory-0.0.4.tgz	`Transitive` 7.5.4	#110	Unreachable
CVE-2025-9288 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> create-hash-1.2.0.tgz -> ❌ sha.js-2.4.11.tgz (Vulnerable Library)	High	8.7	Not Defined	0.0%	`Transitive` sha.js-2.4.11.tgz	vue-lory-0.0.4.tgz	`Transitive` 2.4.12	#110	Unreachable
CVE-2025-9287 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> create-hash-1.2.0.tgz -> ❌ cipher-base-1.0.4.tgz (Vulnerable Library)	High	8.7	Not Defined	0.1%	`Transitive` cipher-base-1.0.4.tgz	vue-lory-0.0.4.tgz	`Transitive` cipher-base - 1.0.4	#110	Unreachable
WS-2025-0006 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> create-ecdh-4.0.3.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library)	High	8.6	Not Defined		`Transitive` elliptic-6.4.0.tgz	vue-lory-0.0.4.tgz	`Transitive` 6.6.1	#110	Unreachable
CVE-2026-24842 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library)	High	8.2	Not Defined	0.0%	`Transitive` tar-4.4.1.tgz	vue-lory-0.0.4.tgz	`Transitive` 7.5.7	#110	Unreachable
CVE-2021-37713 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library)	High	8.2	Not Defined	0.3%	`Transitive` tar-4.4.1.tgz	vue-lory-0.0.4.tgz	`Transitive` 4.4.18	#110	Unreachable
CVE-2021-37712 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library)	High	8.2	Not Defined	0.1%	`Transitive` tar-4.4.1.tgz	vue-lory-0.0.4.tgz	`Transitive` tar - 5.0.10,tar - 4.4.18,tar - 6.1.9	#110	Unreachable
CVE-2021-37701 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library)	High	8.2	Not Defined	0.1%	`Transitive` tar-4.4.1.tgz	vue-lory-0.0.4.tgz	`Transitive` 4.4.16	#110	Unreachable
CVE-2021-32804 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library)	High	8.2	Not Defined	85.0%	`Transitive` tar-4.4.1.tgz	vue-lory-0.0.4.tgz	`Transitive` 4.4.14	#110	Unreachable
CVE-2021-32803 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library)	High	8.2	Not Defined	0.2%	`Transitive` tar-4.4.1.tgz	vue-lory-0.0.4.tgz	`Transitive` 4.4.15	#110	Unreachable
CVE-2021-43138 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> ❌ async-2.6.1.tgz (Vulnerable Library)	High	7.8	Not Defined	0.70000005%	`Transitive` async-2.6.1.tgz	vue-lory-0.0.4.tgz	`Transitive` 2.6.4	#110	Unreachable
CVE-2020-13822 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> create-ecdh-4.0.3.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library)	High	7.7	Not Defined	0.2%	`Transitive` elliptic-6.4.0.tgz	vue-lory-0.0.4.tgz	`Transitive` 6.5.3	#110	Unreachable
WS-2020-0042 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> ❌ acorn-5.7.1.tgz (Vulnerable Library)	High	7.5	Not Defined		`Transitive` acorn-5.7.1.tgz	vue-lory-0.0.4.tgz	`Transitive` 5.7.4	#110	Unreachable
CVE-2022-38900 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> source-map-resolve-0.5.2.tgz -> ❌ decode-uri-component-0.2.0.tgz (Vulnerable Library)	High	7.5	Not Defined	0.6%	`Transitive` decode-uri-component-0.2.0.tgz	vue-lory-0.0.4.tgz	`Transitive` decode-uri-component - 0.2.1	#110	Unreachable
CVE-2019-20149 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> anymatch-2.0.0.tgz -> micromatch-3.1.10.tgz -> ❌ kind-of-6.0.2.tgz (Vulnerable Library)	High	7.5	Not Defined	0.2%	`Transitive` kind-of-6.0.2.tgz	vue-lory-0.0.4.tgz	`Transitive` 6.0.3	#110	Unreachable
CVE-2018-20834 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library)	High	7.5	Not Defined	0.70000005%	`Transitive` tar-4.4.1.tgz	vue-lory-0.0.4.tgz	`Transitive` 4.4.2	#110	Unreachable
CVE-2021-23440 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> ❌ set-value-2.0.0.tgz (Vulnerable Library)	High	7.3	Not Defined	0.1%	`Transitive` set-value-2.0.0.tgz	vue-lory-0.0.4.tgz	`Transitive` 2.0.1	#110	Unreachable
CVE-2021-23440 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> union-value-1.0.0.tgz -> ❌ set-value-0.4.3.tgz (Vulnerable Library)	High	7.3	Not Defined	0.1%	`Transitive` set-value-0.4.3.tgz	vue-lory-0.0.4.tgz	`Transitive` 2.0.1	#110	Unreachable
CVE-2020-7788 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> rc-1.2.7.tgz -> ❌ ini-1.3.5.tgz (Vulnerable Library)	High	7.3	Proof of concept	0.3%	`Transitive` ini-1.3.5.tgz	vue-lory-0.0.4.tgz	`Transitive` 1.3.6	#110	Unreachable
CVE-2020-7774 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> yargs-6.6.0.tgz -> ❌ y18n-3.2.1.tgz (Vulnerable Library)	High	7.3	Proof of concept	0.5%	`Transitive` y18n-3.2.1.tgz	vue-lory-0.0.4.tgz	`Transitive` 3.2.2	#110	Unreachable
CVE-2026-31802 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library)	High	7.1	Not Defined	0.0%	`Transitive` tar-4.4.1.tgz	vue-lory-0.0.4.tgz	`Transitive` https://github.com/isaacs/node-tar.git - v7.5.11	#110	Unreachable
CVE-2026-29786 Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library)	High	7.1	Not Defined	0.0%	`Transitive` tar-4.4.1.tgz	vue-lory-0.0.4.tgz	`Transitive` https://github.com/isaacs/node-tar.git - v7.5.10	#110	Unreachable

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-2025-13465	lodash-4.17.10.tgz
CVE-2020-8203	lodash-4.17.10.tgz
CVE-2021-23337	lodash-4.17.10.tgz
CVE-2026-2950	lodash-4.17.10.tgz
CVE-2020-28500	lodash-4.17.10.tgz

Base branch total remaining vulnerabilities: 179
Base branch commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Total libraries scanned: 539

Scan token: 0499ff0ffc6141ebaedf2890c16ebf31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency lodash to v4.17.23 (main) #237

Uh oh!

Update dependency lodash to v4.17.23 (main) #237

Uh oh!

Security Report

gradle

/tmp/ws-scm/comms-router/test/demo-helper/play-helper/build.gradle

https://vonagecc.jfrog.io/artifactory

https://vonagecc.jfrog.io/artifactory/maven

Re-running checks...

Update dependency lodash to v4.17.23 (main) #237

Are you sure you want to change the base?