Skip to content

Update dependency jsonwebtoken to v9#3

Open
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/jsonwebtoken-9.x
Open

Update dependency jsonwebtoken to v9#3
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/jsonwebtoken-9.x

Update dependency jsonwebtoken to v9

eafd901
Select commit
Loading
Failed to load commit list.
Renovate / Mend Security Check failed Apr 26, 2026 in 1h 10m 19s

Security Report

⛔ You have successfully resolved 3 findings, but introduced 7 new findings in this branch:

Finding Severity Exploit Maturity EPSS Vulnerable Library Direct Dependency Suggested Fix Reachability
CVE-2025-47935
Path to dependency file: /backend/package.json

Dependency Hierarchy:

->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library)
🔴 High (7.5) Not Defined < 1% Direct multer-1.4.5-lts.1.tgz multer-1.4.5-lts.1.tgz https://github.com/expressjs/multer.git - v2.0.0,multer - 2.0.0 Reachable
CVE-2025-47944
Path to dependency file: /backend/package.json

Dependency Hierarchy:

->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library)
🔴 High (7.5) Not Defined < 1% Direct multer-1.4.5-lts.1.tgz multer-1.4.5-lts.1.tgz multer - 2.0.0,https://github.com/expressjs/multer.git - v2.0.0 Reachable
CVE-2025-48997
Path to dependency file: /backend/package.json

Dependency Hierarchy:

->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library)
🔴 High (7.5) Not Defined < 1% Direct multer-1.4.5-lts.1.tgz multer-1.4.5-lts.1.tgz https://github.com/expressjs/multer.git - v2.0.1,multer - 2.0.1 Reachable
CVE-2025-7338
Path to dependency file: /backend/package.json

Dependency Hierarchy:

->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library)
🔴 High (7.5) Not Defined < 1% Direct multer-1.4.5-lts.1.tgz multer-1.4.5-lts.1.tgz https://github.com/expressjs/multer.git - v2.0.2,multer - 2.0.2 Reachable
CVE-2026-2359
Path to dependency file: /backend/package.json

Dependency Hierarchy:

->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library)
🔴 High (7.5) Not Defined < 1% Direct multer-1.4.5-lts.1.tgz multer-1.4.5-lts.1.tgz multer - 2.1.0,https://github.com/expressjs/multer.git - v2.1.0 Reachable
CVE-2026-3304
Path to dependency file: /backend/package.json

Dependency Hierarchy:

->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library)
🔴 High (7.5) Not Defined < 1% Direct multer-1.4.5-lts.1.tgz multer-1.4.5-lts.1.tgz https://github.com/expressjs/multer.git - v2.1.0,multer - 2.1.0 Reachable
CVE-2026-3520
Path to dependency file: /backend/package.json

Dependency Hierarchy:

->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library)
🔴 High (7.5) Not Defined < 1% Direct multer-1.4.5-lts.1.tgz multer-1.4.5-lts.1.tgz multer - 2.1.1,https://github.com/expressjs/multer.git - v2.1.1 Reachable

✅ Resolved findings:

Finding Vulnerable Library
CVE-2022-23541 jsonwebtoken-8.5.1.tgz
CVE-2022-23539 jsonwebtoken-8.5.1.tgz
CVE-2022-23540 jsonwebtoken-8.5.1.tgz

Remaining findings in base branch: 189

Base branch commit: a3ba1679b8965c9f00f5ca1f92a5800372757c57

Total libraries scanned: 2134

Scan token: 670de2d9a09c40ac8763bec06f4ad7ed