Update Build Tools #379
Update Build Tools #379
Security Report
❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
Scan Details Report
npm
https://amplearning.jfrog.io/artifactory/api/npm/amplify-npm
| Step | Level | Description | Details |
|---|---|---|---|
| Setting the scanner configuration | ⚠Warn | Failure to set private registries, due to an issue with the configuration provided by the user | no "registry" field corresponding to this url was found in the .npmrc files |
2 new vulnerabilities were introduced in this branch.❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|
CVE-2025-2306Path to dependency file: /package.json Path to vulnerable library: /node_modules/mongoose/package.json Dependency Hierarchy: -> ❌ mongoose-8.5.2.tgz (Vulnerable Library) |
 Critical |
9.4 | mongoose-8.5.2.tgz | Upgrade to version: mongoose -6.13.6,7.8.4,8.9.5 | #402 | |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/package.json Dependency Hierarchy: -> sass-1.85.1.tgz (Root Library) -> @parcel/watcher-2.5.1.tgz -> ❌ micromatch-4.0.5.tgz (Vulnerable Library) |
 Medium |
5.3 | micromatch-4.0.5.tgz | Upgrade to version: micromatch - 4.0.8 | None |
Base branch total remaining vulnerabilities: 15
Base branch commit: d78fa6c704e955e6c8c8cfced0439e66cf72809e
Total libraries scanned: 663
Scan token: fdc97ca2621e47f787a28a08af6f4a67