Skip to content

Black Duck SCA PR Test#1

Open
bd-madhusud wants to merge 3 commits intomainfrom
bd-pr-test
Open

Black Duck SCA PR Test#1
bd-madhusud wants to merge 3 commits intomainfrom
bd-pr-test

Conversation

@bd-madhusud
Copy link
Contributor

@bd-madhusud bd-madhusud commented Oct 25, 2025

No description provided.

@github-actions
Copy link

github-actions bot commented Oct 25, 2025

Auto-generated PR comment (Black Duck SCA)

❌ Found dependencies violating policy!

Policies Violated Dependency License(s) Vulnerabilities Short Term Recommended Upgrade Long Term Recommended Upgrade Resolved / Filtered Out
all_security_vulns
Critical_With Overall_Score_GE 7
all_match_types
all_components_vulns		 Mongoose
(mongoose/4.13.6)
nodejs-npm/node_modules/mongoose/package.json:4
nodejs-npm/package-lock.json:7178
nodejs-npm/package-lock.json:25
nodejs-npm/package-lock.json:21308
nodejs-npm/package-lock.json:7179
nodejs-npm/package-lock.json:21309
nodejs-npm/package.json:26		 MIT License ❌   BDSA-2024-9220 HIGH CVSS 8.7
❌   BDSA-2023-1810 CRITICAL CVSS 9.0
❌   BDSA-2025-0243 HIGH CVSS 7.1
❌   BDSA-2019-3194 MEDIUM CVSS 5.9
❌   BDSA-2022-2650 MEDIUM CVSS 6.3		 4.13.21 (5 known vulnerabilities) 8.19.2 (0 known vulnerabilities)
all_security_vulns
Critical_With Overall_Score_GE 7
all_match_types
all_components_vulns		 Lodash
(lodash/4.17.4)
nodejs-npm/node_modules/lodash/package.json:3
nodejs-npm/node_modules/mongoose/node_modules/mongodb/yarn.lock:226
nodejs-npm/node_modules/mongoose/node_modules/mongodb/yarn.lock:294
nodejs-npm/node_modules/mongoose/node_modules/mongodb/yarn.lock:242
nodejs-npm/node_modules/mongoose/node_modules/mongodb/yarn.lock:275
nodejs-npm/node_modules/mongoose/node_modules/mongodb/yarn.lock:308
nodejs-npm/node_modules/mongoose/node_modules/mongodb/yarn.lock:1948
nodejs-npm/node_modules/mongoose/node_modules/mongodb/yarn.lock:316
nodejs-npm/node_modules/mongoose/node_modules/mongodb/yarn.lock:1950
nodejs-npm/node_modules/mongoose/node_modules/mongodb-core/yarn.lock:1491
nodejs-npm/node_modules/mongoose/node_modules/mongodb-core/yarn.lock:195
nodejs-npm/node_modules/mongoose/node_modules/mongodb-core/yarn.lock:179
nodejs-npm/node_modules/mongoose/node_modules/mongodb-core/yarn.lock:228
nodejs-npm/node_modules/mongoose/node_modules/mongodb-core/yarn.lock:1493
nodejs-npm/node_modules/mongoose/node_modules/mongodb-core/yarn.lock:261
nodejs-npm/node_modules/mongoose/node_modules/mongodb-core/yarn.lock:247
nodejs-npm/node_modules/mongoose/node_modules/mongodb-core/yarn.lock:269
nodejs-npm/node_modules/mongodb-core/yarn.lock:977
nodejs-npm/node_modules/mongodb-core/yarn.lock:2953
nodejs-npm/node_modules/mongodb-core/yarn.lock:1933
nodejs-npm/node_modules/registry-auth-token/yarn.lock:976
nodejs-npm/node_modules/registry-auth-token/yarn.lock:975
nodejs-npm/node_modules/uri-js/yarn.lock:593
nodejs-npm/node_modules/uri-js/yarn.lock:229
nodejs-npm/node_modules/uri-js/yarn.lock:182
nodejs-npm/node_modules/uri-js/yarn.lock:1271
nodejs-npm/node_modules/uri-js/yarn.lock:552
nodejs-npm/node_modules/uri-js/yarn.lock:104
nodejs-npm/node_modules/uri-js/yarn.lock:585
nodejs-npm/node_modules/uri-js/yarn.lock:154
nodejs-npm/node_modules/uri-js/yarn.lock:138
nodejs-npm/node_modules/uri-js/yarn.lock:571
nodejs-npm/node_modules/uri-js/yarn.lock:317
nodejs-npm/node_modules/upath/package.json:52
nodejs-npm/node_modules/map-visit/package.json:33
nodejs-npm/package-lock.json:6671
nodejs-npm/package-lock.json:6672
nodejs-npm/package-lock.json:22
nodejs-npm/package-lock.json:20898
nodejs-npm/package-lock.json:20899
nodejs-npm/package.json:25		 MIT License ❌   BDSA-2017-3875 MEDIUM CVSS 4.8
❌   BDSA-2020-1674 HIGH CVSS 8.8
❌   BDSA-2018-3818 HIGH CVSS 7.4
❌   BDSA-2019-3842 HIGH CVSS 7.1
❌   BDSA-2019-2112 HIGH CVSS 8.8
❌   BDSA-2020-4901 HIGH CVSS 7.3
❌   BDSA-2021-0375 MEDIUM CVSS 6.7
❌   BDSA-2018-1301 MEDIUM CVSS 4.6
❌   BDSA-2020-3839 HIGH CVSS 8.5
❌   BDSA-2019-0330 LOW CVSS 2.7
❌   BDSA-2020-2147 MEDIUM CVSS 5.9
❌   BDSA-2021-0392 HIGH CVSS 8.8		 4.17.21 (0 known vulnerabilities) 4.17.21 (0 known vulnerabilities)
all_security_vulns
Critical_With Overall_Score_GE 7
all_match_types
all_components_vulns		 jQuery
(jquery/2.2.4)
nodejs-npm/node_modules/jquery/package.json:5
nodejs-npm/node_modules/jquery/package.json:10
nodejs-npm/package-lock.json:21
nodejs-npm/package-lock.json:5833
nodejs-npm/package-lock.json:5834
nodejs-npm/package-lock.json:20222
nodejs-npm/package-lock.json:20223
nodejs-npm/package.json:24		 MIT License ❌   BDSA-2014-0063 HIGH CVSS 8.4
❌   BDSA-2017-2930 HIGH CVSS 8.1
❌   BDSA-2020-0964 HIGH CVSS 8.6
❌   BDSA-2020-0686 HIGH CVSS 8.6
❌   BDSA-2019-1138 MEDIUM CVSS 5.1
❌   BDSA-2021-3651 LOW CVSS 3.0		 3.7.1 (0 known vulnerabilities)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bd-madhusud