Skip to content

Removed sort-by package #962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dlymonkai merged 1 commit into from
Dec 8, 2025
Merged

Removed sort-by package #962

dlymonkai merged 1 commit into from
Dec 8, 2025

Conversation

@dlymonkai
Copy link
Contributor

@dlymonkai dlymonkai commented Dec 8, 2025
edited by atlassian bot
Loading

Overview

Jira Ticket Reference : MN-810

Removed sort-by package

Checklist before requesting a review

  • I have updated the unit tests based on the changes I made
  • I have updated the docs (TSDoc / README / global doc) to reflect my changes
  • I have updated the local app configs if needed
  • I have performed self-QA of my feature by testing the apps and packages and made sure that :
    • No regression or new bug has occurred
    • The acceptance criteria listed in the ticket are met
    • Self-QA was made on both desktop and mobile

@apiiro
Copy link

apiiro bot commented Dec 8, 2025

Workflows: "WORKFLOW-22 · Monk - Slack Alert and PR Comment - Vulnerable Dependency Found - Critical"
Policies: "SCA OSS Vulnerabilities - Critical Severity"

⚠️ Apiiro found 8 resolved risks - 8 critical ⚠️

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency object-path
  • Dependency: object-path : 0.6.0
  • Type: Sub-dependency
  • Insights: Adequately tested, No version 1, Popularity, Single maintainer, Sparse commits, Has vulnerabilities, Exploit POC, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2021-3805 Prototype Pollution in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-3805 Prototype Pollution Vulnerability in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-23434 Prototype Pollution in object-path 5.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2021-23434 Type Confusion Vulnerability in object-path Package 8.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2020-15256 Prototype pollution in object-path 7.7 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5
CVE-2020-15256 Prototype Pollution in object-path <= 0.11.4 9.8 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5

Remediation suggestions
object-path is a sub-dependency referenced by the following top-level dependencies:
- sort-by declared in apps/demo-app-video/package.json
- @monkvision/common declared in apps/demo-app-video/package.json
- @monkvision/network declared in apps/demo-app-video/package.json
- @monkvision/common-ui-web declared in apps/demo-app-video/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses object-path with version 0.11.8

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency object-path
  • Dependency: object-path : 0.6.0
  • Type: Sub-dependency
  • Insights: Adequately tested, No version 1, Popularity, Single maintainer, Sparse commits, Has vulnerabilities, Exploit POC, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2021-3805 Prototype Pollution in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-3805 Prototype Pollution Vulnerability in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-23434 Prototype Pollution in object-path 5.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2021-23434 Type Confusion Vulnerability in object-path Package 8.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2020-15256 Prototype pollution in object-path 7.7 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5
CVE-2020-15256 Prototype Pollution in object-path <= 0.11.4 9.8 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5

Remediation suggestions
object-path is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses object-path with version 0.11.8

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency object-path
  • Dependency: object-path : 0.6.0
  • Type: Sub-dependency
  • Insights: Adequately tested, No version 1, Popularity, Single maintainer, Sparse commits, Has vulnerabilities, Exploit POC, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2021-3805 Prototype Pollution in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-3805 Prototype Pollution Vulnerability in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-23434 Prototype Pollution in object-path 5.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2021-23434 Type Confusion Vulnerability in object-path Package 8.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2020-15256 Prototype pollution in object-path 7.7 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5
CVE-2020-15256 Prototype Pollution in object-path <= 0.11.4 9.8 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5

Remediation suggestions
object-path is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses object-path with version 0.11.8

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency object-path
  • Dependency: object-path : 0.6.0
  • Type: Sub-dependency
  • Insights: Adequately tested, No version 1, Popularity, Single maintainer, Sparse commits, Has vulnerabilities, Exploit POC, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2021-3805 Prototype Pollution in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-3805 Prototype Pollution Vulnerability in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-23434 Prototype Pollution in object-path 5.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2021-23434 Type Confusion Vulnerability in object-path Package 8.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2020-15256 Prototype pollution in object-path 7.7 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5
CVE-2020-15256 Prototype Pollution in object-path <= 0.11.4 9.8 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5

Remediation suggestions
object-path is a sub-dependency referenced by the following top-level dependencies:
- sort-by declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses object-path with version 0.11.8

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency object-path
  • Dependency: object-path : 0.6.0
  • Type: Sub-dependency
  • Insights: Adequately tested, No version 1, Popularity, Single maintainer, Sparse commits, Has vulnerabilities, Exploit POC, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2021-3805 Prototype Pollution in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-3805 Prototype Pollution Vulnerability in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-23434 Prototype Pollution in object-path 5.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2021-23434 Type Confusion Vulnerability in object-path Package 8.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2020-15256 Prototype pollution in object-path 7.7 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5
CVE-2020-15256 Prototype Pollution in object-path <= 0.11.4 9.8 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5

Remediation suggestions
object-path is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/network/package.json
Upgrade these top-level dependencies to a version that uses object-path with version 0.11.8

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency object-path
  • Dependency: object-path : 0.6.0
  • Type: Sub-dependency
  • Insights: Adequately tested, No version 1, Popularity, Single maintainer, Sparse commits, Has vulnerabilities, Exploit POC, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2021-3805 Prototype Pollution in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-3805 Prototype Pollution Vulnerability in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-23434 Prototype Pollution in object-path 5.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2021-23434 Type Confusion Vulnerability in object-path Package 8.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2020-15256 Prototype pollution in object-path 7.7 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5
CVE-2020-15256 Prototype Pollution in object-path <= 0.11.4 9.8 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5

Remediation suggestions
object-path is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses object-path with version 0.11.8

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency object-path
  • Dependency: object-path : 0.6.0
  • Type: Sub-dependency
  • Insights: Adequately tested, No version 1, Popularity, Single maintainer, Sparse commits, Has vulnerabilities, Exploit POC, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2021-3805 Prototype Pollution in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-3805 Prototype Pollution Vulnerability in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-23434 Prototype Pollution in object-path 5.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2021-23434 Type Confusion Vulnerability in object-path Package 8.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2020-15256 Prototype pollution in object-path 7.7 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5
CVE-2020-15256 Prototype Pollution in object-path <= 0.11.4 9.8 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5

Remediation suggestions
object-path is a sub-dependency referenced by the following top-level dependencies:
- sort-by declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses object-path with version 0.11.8

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency object-path
  • Dependency: object-path : 0.6.0
  • Type: Sub-dependency
  • Insights: Adequately tested, No version 1, Popularity, Single maintainer, Sparse commits, Has vulnerabilities, Exploit POC, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2021-3805 Prototype Pollution in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-3805 Prototype Pollution Vulnerability in object-path 7.5 Exploit POC Score: 0.00123
Percentile 32.1%		 0.11.8
CVE-2021-23434 Prototype Pollution in object-path 5.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2021-23434 Type Confusion Vulnerability in object-path Package 8.6 Exploit POC Score: 0.00062
Percentile 19.2%		 0.11.6
CVE-2020-15256 Prototype pollution in object-path 7.7 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5
CVE-2020-15256 Prototype Pollution in object-path <= 0.11.4 9.8 No exploit maturity data Score: 0.00175
Percentile 39.26%		 0.11.5

Remediation suggestions
object-path is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses object-path with version 0.11.8

Repository: monkjs

View in Apiiro

@dlymonkai dlymonkai merged commit d892427 into main Dec 8, 2025
5 checks passed
@dlymonkai dlymonkai deleted the fix/MN-810/sort-by-security-issue branch December 8, 2025 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dlymonkai