Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DefectDojo global reimport enhancement support #179

Merged
merged 4 commits into from
Jun 27, 2022
Merged

Add DefectDojo global reimport enhancement support #179

merged 4 commits into from
Jun 27, 2022

Conversation

yangsec888
Copy link
Contributor

This PR is related to backend code change below:

Signed-off-by: Sam Li2 [email protected]

@yangsec888 yangsec888 mentioned this pull request Jun 22, 2022
Merged
sonatype-lift[bot]
sonatype-lift bot reviewed Jun 22, 2022
View reviewed changes
package-lock.json Outdated
@@ -12546,11 +28617,12 @@
"vue-debounce": {
"version": "2.6.0",
"resolved": "https://registry.npmjs.org/vue-debounce/-/vue-debounce-2.6.0.tgz",
"integrity": "sha512-afSu/LSIyZv7HjLqqmFwgp4k2OhAGIEa8XVH1MYw/qyf6ly7fJbyfUVOagbFRXP4yl61J0ujMVB31DRY0US6RA=="
"integrity": "sha512-afSu/LSIyZv7HjLqqmFwgp4k2OhAGIEa8XVH1MYw/qyf6ly7fJbyfUVOagbFRXP4yl61J0ujMVB31DRY0US6RA==",
"requires": {}
},
"vue-easy-pie-chart": {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Severe OSS Vulnerability:

pkg:npm/vue-easy-pie-chart@git%2Bssh://git%40github.jparrowsec.cn/DependencyTrack/vue-easy-pie-chart.git%23e9a3bcb67b8156bcc422d160f522584a21ab0ff6

0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components
    pkg:npm/[email protected]
      SEVERE Vulnerabilities (1)

        [sonatype-2019-0454] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

        vue - Cross-Site Scripting (XSS)

        The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

        CVSS Score: 6.1

        CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

        CWE: CWE-79

Reply with "@sonatype-lift help" for more info.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.

When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

@yangsec888 yangsec888 mentioned this pull request Jun 22, 2022
Merged
@nscuro
Copy link
Member

nscuro commented Jun 27, 2022

Thanks for the PR @yangsec888! Could you please rebase the PR with the current master? Looks like it's carrying some unrelated changes in Alerts.vue.

Sam Li2 and others added 4 commits June 27, 2022 17:19
@yangsec888
Copy link
Contributor Author

Sorry I messed up the changes. It should be clean-up now. Please check it out again when you have the chance @nscuro

@nscuro nscuro added this to the 4.6 milestone Jun 27, 2022
@nscuro nscuro merged commit 640e17c into DependencyTrack:master Jun 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sonatype-lift sonatype-lift[bot] sonatype-lift[bot] left review comments

@nscuro nscuro nscuro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.6
Development

Successfully merging this pull request may close these issues.
2 participants
@yangsec888 @nscuro