Skip to content

Update dependency turbo-rails to v2#17

Open
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/turbo-rails-2.x-lockfile
Open

Update dependency turbo-rails to v2#17
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/turbo-rails-2.x-lockfile

[NEUTRAL] Update dependency turbo-rails to v2

f3fa4ad
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Oct 29, 2025 in 5m 10s

Security Report

The Security Check found 45 vulnerabilities.

Vulnerability Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2025-6545

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/pbkdf2/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> node-libs-browser-2.2.1.tgz

     -> crypto-browserify-3.12.0.tgz

       -> ❌ pbkdf2-3.1.2.tgz (Vulnerable Library)

Critical 9.3 Not Defined 0.2% Transitive pbkdf2-3.1.2.tgz webpack-4.46.0.tgz Transitive 3.1.3 #8
CVE-2025-9288

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/sha.js/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> node-libs-browser-2.2.1.tgz

     -> crypto-browserify-3.12.0.tgz

       -> browserify-sign-4.2.1.tgz

         -> create-hmac-1.1.7.tgz

           -> ❌ sha.js-2.4.11.tgz (Vulnerable Library)

Critical 9.1 Not Defined 0.0% Transitive sha.js-2.4.11.tgz webpack-4.46.0.tgz Transitive 2.4.12 #8
CVE-2025-9287

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/cipher-base/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> node-libs-browser-2.2.1.tgz

     -> crypto-browserify-3.12.0.tgz

       -> browserify-sign-4.2.1.tgz

         -> create-hmac-1.1.7.tgz

           -> ❌ cipher-base-1.0.4.tgz (Vulnerable Library)

Critical 9.1 Not Defined 0.2% Transitive cipher-base-1.0.4.tgz webpack-4.46.0.tgz Transitive cipher-base - 1.0.4 #8
CVE-2024-48949

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/elliptic/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> node-libs-browser-2.2.1.tgz

     -> crypto-browserify-3.12.0.tgz

       -> browserify-sign-4.2.1.tgz

         -> ❌ elliptic-6.5.4.tgz (Vulnerable Library)

Critical 9.1 Not Defined 0.1% Transitive elliptic-6.5.4.tgz webpack-4.46.0.tgz Transitive 6.5.6 #8
CVE-2024-49761

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem

Dependency Hierarchy:

-> ❌ rexml-3.2.6.gem (Vulnerable Library)

High 7.5 Not Defined 1.2% Direct rexml-3.2.6.gem rexml-3.2.6.gem 3.3.9 #21
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/watchpack/node_modules/braces/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> watchpack-1.7.5.tgz

     -> chokidar-3.5.3.tgz

       -> ❌ braces-3.0.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% Transitive braces-3.0.2.tgz webpack-4.46.0.tgz Transitive braces - 3.0.3 #8
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/braces/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> micromatch-3.1.10.tgz

     -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% Transitive braces-2.3.2.tgz webpack-4.46.0.tgz Transitive braces - 3.0.3 #8
CVE-2022-29970

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/sinatra-1.0.gem

Dependency Hierarchy:

-> resque-2.6.0.gem (Root Library)

   -> ❌ sinatra-1.0.gem (Vulnerable Library)

High 7.5 Not Defined 0.5% Transitive sinatra-1.0.gem resque-2.6.0.gem Transitive 2.2.0 None
CVE-2022-29970

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/sinatra-1.0.gem

Dependency Hierarchy:

-> resque-scheduler-4.10.2.gem (Root Library)

   -> resque-2.6.0.gem

     -> ❌ sinatra-1.0.gem (Vulnerable Library)

High 7.5 Not Defined 0.5% Transitive sinatra-1.0.gem resque-scheduler-4.10.2.gem Transitive 2.2.0 #6
CVE-2015-5147

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/redcarpet-3.2.3.gem

Dependency Hierarchy:

-> ❌ redcarpet-3.2.3.gem (Vulnerable Library)

High 7.3 Not Defined 1.2% Direct redcarpet-3.2.3.gem redcarpet-3.2.3.gem 3.3.2 #5
CVE-2020-11023

Path to dependency file: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html

Path to vulnerable library: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html

Dependency Hierarchy:

-> ❌ jquery-1.9.1.min.js (Vulnerable Library)

Medium 6.9 Proof of concept 27.7% Direct jquery-1.9.1.min.js jquery-1.9.1.min.js Replace or update the following files: offset.js, data.js, attributes.js, deprecated.js, selector.js, traversing.js, css.js, testinit.js, localfile.html, core.js, event.js, effects.js, wrap.js, ajax.js, manipulation.js, manipulation.js, dimensions.js, basic.js None
CVE-2020-11022

Path to dependency file: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html

Path to vulnerable library: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html

Dependency Hierarchy:

-> ❌ jquery-1.9.1.min.js (Vulnerable Library)

Medium 6.9 Proof of concept 22.5% Direct jquery-1.9.1.min.js jquery-1.9.1.min.js Replace or update the following files: offset.js, data.js, attributes.js, deprecated.js, selector.js, traversing.js, css.js, testinit.js, localfile.html, core.js, event.js, effects.js, wrap.js, ajax.js, manipulation.js, manipulation.js, dimensions.js, basic.js None
CVE-2025-6547

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/pbkdf2/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> node-libs-browser-2.2.1.tgz

     -> crypto-browserify-3.12.0.tgz

       -> ❌ pbkdf2-3.1.2.tgz (Vulnerable Library)

Medium 6.8 Not Defined 0.2% Transitive pbkdf2-3.1.2.tgz webpack-4.46.0.tgz Transitive 3.1.3 #8
CVE-2020-26298

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/redcarpet-3.2.3.gem

Dependency Hierarchy:

-> ❌ redcarpet-3.2.3.gem (Vulnerable Library)

Medium 6.8 Not Defined 0.3% Direct redcarpet-3.2.3.gem redcarpet-3.2.3.gem 3.5.1 #5
CVE-2023-46234

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/browserify-sign/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> node-libs-browser-2.2.1.tgz

     -> crypto-browserify-3.12.0.tgz

       -> ❌ browserify-sign-4.2.1.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.3% Transitive browserify-sign-4.2.1.tgz webpack-4.46.0.tgz Transitive 4.2.2 #8
CVE-2024-43788

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/webpack/package.json

Dependency Hierarchy:

-> ❌ webpack-4.46.0.tgz (Vulnerable Library)

Medium 6.4 Not Defined 0.6% Direct webpack-4.46.0.tgz webpack-4.46.0.tgz 5.94.0 #8
CVE-2019-11358

Path to dependency file: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html

Path to vulnerable library: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html

Dependency Hierarchy:

-> ❌ jquery-1.9.1.min.js (Vulnerable Library)

Medium 6.1 Proof of concept 2.8999999% Direct jquery-1.9.1.min.js jquery-1.9.1.min.js Replace or update the following files: core.js, core.js None
CVE-2015-9251

Path to dependency file: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html

Path to vulnerable library: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html

Dependency Hierarchy:

-> ❌ jquery-1.9.1.min.js (Vulnerable Library)

Medium 6.1 High 12.8% Direct jquery-1.9.1.min.js jquery-1.9.1.min.js Replace or update the following files: script.js, ajax.js, ajax.js None
CVE-2024-43398

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem

Dependency Hierarchy:

-> ❌ rexml-3.2.6.gem (Vulnerable Library)

Medium 5.9 Not Defined 2.6000001% Direct rexml-3.2.6.gem rexml-3.2.6.gem 3.3.6 #21
CVE-2024-21647

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/puma-6.4.0.gem

Dependency Hierarchy:

-> ❌ puma-6.4.0.gem (Vulnerable Library)

Medium 5.9 Not Defined 1.5% Direct puma-6.4.0.gem puma-6.4.0.gem 6.4.2 #9
CVE-2018-1000119

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/sinatra-1.0.gem

Dependency Hierarchy:

-> resque-2.6.0.gem (Root Library)

   -> ❌ sinatra-1.0.gem (Vulnerable Library)

Medium 5.9 Not Defined 0.4% Transitive sinatra-1.0.gem resque-2.6.0.gem Transitive Replace or update the following files: authenticity_token.rb, base.rb None
CVE-2018-1000119

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/sinatra-1.0.gem

Dependency Hierarchy:

-> resque-scheduler-4.10.2.gem (Root Library)

   -> resque-2.6.0.gem

     -> ❌ sinatra-1.0.gem (Vulnerable Library)

Medium 5.9 Not Defined 0.4% Transitive sinatra-1.0.gem resque-scheduler-4.10.2.gem Transitive Replace or update the following files: authenticity_token.rb, base.rb #6
CVE-2025-27219

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/cgi-0.4.1.gem

Dependency Hierarchy:

-> ❌ cgi-0.4.1.gem (Vulnerable Library)

Medium 5.8 Not Defined 0.5% Direct cgi-0.4.1.gem cgi-0.4.1.gem 0.4.2 None
CVE-2024-32887

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/sidekiq-7.2.0.gem

Dependency Hierarchy:

-> ❌ sidekiq-7.2.0.gem (Vulnerable Library)

Medium 5.5 Not Defined 0.3% Direct sidekiq-7.2.0.gem sidekiq-7.2.0.gem #20
CVE-2024-45614

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/puma-6.4.0.gem

Dependency Hierarchy:

-> ❌ puma-6.4.0.gem (Vulnerable Library)

Medium 5.4 Not Defined 0.5% Direct puma-6.4.0.gem puma-6.4.0.gem 6.4.3 #9
CVE-2024-21510

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/sinatra-1.0.gem

Dependency Hierarchy:

-> resque-2.6.0.gem (Root Library)

   -> ❌ sinatra-1.0.gem (Vulnerable Library)

Medium 5.4 Proof of concept 0.2% Transitive sinatra-1.0.gem resque-2.6.0.gem Transitive 4.1.0 None
CVE-2024-21510

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/sinatra-1.0.gem

Dependency Hierarchy:

-> resque-scheduler-4.10.2.gem (Root Library)

   -> resque-2.6.0.gem

     -> ❌ sinatra-1.0.gem (Vulnerable Library)

Medium 5.4 Proof of concept 0.2% Transitive sinatra-1.0.gem resque-scheduler-4.10.2.gem Transitive 4.1.0 #6
CVE-2024-11831

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/serialize-javascript/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> terser-webpack-plugin-1.4.5.tgz

     -> ❌ serialize-javascript-4.0.0.tgz (Vulnerable Library)

Medium 5.4 Not Defined 0.70000005% Transitive serialize-javascript-4.0.0.tgz webpack-4.46.0.tgz Transitive serialize-javascript - 6.0.2 #8
CVE-2025-61921

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/sinatra-1.0.gem

Dependency Hierarchy:

-> resque-2.6.0.gem (Root Library)

   -> ❌ sinatra-1.0.gem (Vulnerable Library)

Medium 5.3 Not Defined 0.1% Transitive sinatra-1.0.gem resque-2.6.0.gem Transitive 4.2.0 None
CVE-2025-61921

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/sinatra-1.0.gem

Dependency Hierarchy:

-> resque-scheduler-4.10.2.gem (Root Library)

   -> resque-2.6.0.gem

     -> ❌ sinatra-1.0.gem (Vulnerable Library)

Medium 5.3 Not Defined 0.1% Transitive sinatra-1.0.gem resque-scheduler-4.10.2.gem Transitive 4.2.0 #6
CVE-2024-43380

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/fugit-1.9.0.gem

Dependency Hierarchy:

-> resque-scheduler-4.10.2.gem (Root Library)

   -> rufus-scheduler-3.9.1.gem

     -> ❌ fugit-1.9.0.gem (Vulnerable Library)

Medium 5.3 Not Defined 0.2% Transitive fugit-1.9.0.gem resque-scheduler-4.10.2.gem Transitive 1.11.1 #6
CVE-2024-42460

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/elliptic/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> node-libs-browser-2.2.1.tgz

     -> crypto-browserify-3.12.0.tgz

       -> browserify-sign-4.2.1.tgz

         -> ❌ elliptic-6.5.4.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% Transitive elliptic-6.5.4.tgz webpack-4.46.0.tgz #8
CVE-2024-42459

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/elliptic/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> node-libs-browser-2.2.1.tgz

     -> crypto-browserify-3.12.0.tgz

       -> browserify-sign-4.2.1.tgz

         -> ❌ elliptic-6.5.4.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% Transitive elliptic-6.5.4.tgz webpack-4.46.0.tgz #8
CVE-2024-41946

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem

Dependency Hierarchy:

-> ❌ rexml-3.2.6.gem (Vulnerable Library)

Medium 5.3 Not Defined 0.8% Direct rexml-3.2.6.gem rexml-3.2.6.gem 3.3.2 #21
CVE-2024-41123

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem

Dependency Hierarchy:

-> ❌ rexml-3.2.6.gem (Vulnerable Library)

Medium 5.3 Not Defined 0.3% Direct rexml-3.2.6.gem rexml-3.2.6.gem 3.3.2 #21
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/micromatch/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% Transitive micromatch-3.1.10.tgz webpack-4.46.0.tgz Transitive 4.0.8 #8
CVE-2024-35176

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem

Dependency Hierarchy:

-> ❌ rexml-3.2.6.gem (Vulnerable Library)

Medium 5.3 Not Defined 6.5% Direct rexml-3.2.6.gem rexml-3.2.6.gem 3.2.7 #21
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/semver/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> terser-webpack-plugin-1.4.5.tgz

     -> find-cache-dir-2.1.0.tgz

       -> make-dir-2.1.0.tgz

         -> ❌ semver-5.7.1.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.3% Transitive semver-5.7.1.tgz webpack-4.46.0.tgz Transitive 5.7.2 #8
CVE-2020-28469

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/glob-parent/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> watchpack-1.7.5.tgz

     -> watchpack-chokidar2-2.0.1.tgz

       -> chokidar-2.1.8.tgz

         -> ❌ glob-parent-3.1.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.9% Transitive glob-parent-3.1.0.tgz webpack-4.46.0.tgz Transitive 5.1.2 #8
CVE-2018-7212

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/sinatra-1.0.gem

Dependency Hierarchy:

-> resque-2.6.0.gem (Root Library)

   -> ❌ sinatra-1.0.gem (Vulnerable Library)

Medium 5.3 Not Defined 0.3% Transitive sinatra-1.0.gem resque-2.6.0.gem Transitive 2.0.1 None
CVE-2018-7212

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/sinatra-1.0.gem

Dependency Hierarchy:

-> resque-scheduler-4.10.2.gem (Root Library)

   -> resque-2.6.0.gem

     -> ❌ sinatra-1.0.gem (Vulnerable Library)

Medium 5.3 Not Defined 0.3% Transitive sinatra-1.0.gem resque-scheduler-4.10.2.gem Transitive 2.0.1 #6
CVE-2024-48948

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/elliptic/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> node-libs-browser-2.2.1.tgz

     -> crypto-browserify-3.12.0.tgz

       -> browserify-sign-4.2.1.tgz

         -> ❌ elliptic-6.5.4.tgz (Vulnerable Library)

Medium 4.8 Not Defined 0.1% Transitive elliptic-6.5.4.tgz webpack-4.46.0.tgz Transitive elliptic - 6.6.0 #8
CVE-2024-39908

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem

Dependency Hierarchy:

-> ❌ rexml-3.2.6.gem (Vulnerable Library)

Medium 4.3 Not Defined 6.3% Direct rexml-3.2.6.gem rexml-3.2.6.gem 3.3.2 #21
CVE-2025-27220

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/cgi-0.4.1.gem

Dependency Hierarchy:

-> ❌ cgi-0.4.1.gem (Vulnerable Library)

Medium 4.0 Not Defined 0.3% Direct cgi-0.4.1.gem cgi-0.4.1.gem 0.4.2 None
CVE-2025-5889

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/brace-expansion/package.json

Dependency Hierarchy:

-> webpack-4.46.0.tgz (Root Library)

   -> terser-webpack-plugin-1.4.5.tgz

     -> cacache-12.0.4.tgz

       -> glob-7.2.3.tgz

         -> minimatch-3.1.2.tgz

           -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)

Low 3.1 Proof of concept 0.0% Transitive brace-expansion-1.1.11.tgz webpack-4.46.0.tgz Transitive 1.1.12 #8

Total libraries scanned: 518
Scan token: d44952da37204e3ba11c8e3f8aac27e7