From d6cbc4ced26fa4967fcdacebd295aa79e8483026 Mon Sep 17 00:00:00 2001
From: nniknam1 <nniknam@andrew.cmu.edu>
Date: Sat, 25 Oct 2025 20:36:26 +0000
Subject: [PATCH] Added static analysis tool retire.js

---
 report.json | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 report.json

diff --git a/report.json b/report.json
new file mode 100644
index 0000000000..6d048ec18a
--- /dev/null
+++ b/report.json
@@ -0,0 +1 @@
+{"version":"5.3.0","start":"2025-10-25T20:31:32.718Z","data":[{"file":"/workspaces/nodebb-f25-nodegpt/node_modules/gaze/lib/helper.js","results":[{"version":"1.0.1","component":"lodash","detection":"filecontent","vulnerabilities":[{"info":["https://github.com/advisories/GHSA-fvqr-27wr-82fm","https://nvd.nist.gov/vuln/detail/CVE-2018-3721","https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a","https://hackerone.com/reports/310443","https://github.com/advisories/GHSA-fvqr-27wr-82fm","https://security.netapp.com/advisory/ntap-20190919-0004/","https://www.npmjs.com/advisories/577"],"below":"4.17.5","severity":"medium","identifiers":{"summary":"Prototype Pollution in lodash","CVE":["CVE-2018-3721"],"githubID":"GHSA-fvqr-27wr-82fm"},"cwe":["CWE-471","CWE-1321"]},{"info":["https://github.com/advisories/GHSA-4xc9-xhrj-v574","https://nvd.nist.gov/vuln/detail/CVE-2018-16487","https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad","https://hackerone.com/reports/380873","https://github.com/advisories/GHSA-4xc9-xhrj-v574","https://security.netapp.com/advisory/ntap-20190919-0004/","https://www.npmjs.com/advisories/782"],"below":"4.17.11","severity":"high","identifiers":{"summary":"Prototype Pollution in lodash","CVE":["CVE-2018-16487"],"githubID":"GHSA-4xc9-xhrj-v574"},"cwe":["CWE-400"]},{"info":["https://github.com/advisories/GHSA-jf85-cpcp-j695","https://nvd.nist.gov/vuln/detail/CVE-2019-10744","https://github.com/lodash/lodash/pull/4336","https://access.redhat.com/errata/RHSA-2019:3024","https://security.netapp.com/advisory/ntap-20191004-0005/","https://snyk.io/vuln/SNYK-JS-LODASH-450202","https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp;utm_medium=RSS","https://www.npmjs.com/advisories/1065","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"below":"4.17.12","severity":"high","identifiers":{"summary":"Prototype Pollution in lodash","CVE":["CVE-2019-10744"],"githubID":"GHSA-jf85-cpcp-j695"},"cwe":["CWE-1321","CWE-20"]},{"info":["https://github.com/advisories/GHSA-35jh-r3h4-6jhm","https://nvd.nist.gov/vuln/detail/CVE-2021-23337","https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c","https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf","https://github.com/lodash/lodash","https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851","https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851","https://security.netapp.com/advisory/ntap-20210312-0006/","https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929","https://snyk.io/vuln/SNYK-JS-LODASH-1040724","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"below":"4.17.21","severity":"high","identifiers":{"summary":"Command Injection in lodash","CVE":["CVE-2021-23337"],"githubID":"GHSA-35jh-r3h4-6jhm"},"cwe":["CWE-77","CWE-94"]}],"licenses":["MIT"]}]},{"file":"/workspaces/nodebb-f25-nodegpt/node_modules/mousetrap/tests/libs/jquery-1.7.2.min.js","results":[{"version":"1.7.2","component":"jquery","npmname":"jquery","detection":"filename","vulnerabilities":[{"info":["http://bugs.jquery.com/ticket/11290","http://research.insecurelabs.org/jquery/test/","https://nvd.nist.gov/vuln/detail/CVE-2012-6708"],"below":"1.9.0b1","severity":"medium","identifiers":{"summary":"Selector interpreted as HTML","CVE":["CVE-2012-6708"],"bug":"11290","githubID":"GHSA-2pqj-h3vj-pqgw"},"cwe":["CWE-64","CWE-79"]},{"info":["https://github.com/advisories/GHSA-q4m3-2j7h-f7xw","https://nvd.nist.gov/vuln/detail/CVE-2020-7656","https://research.insecurelabs.org/jquery/test/"],"below":"1.9.0","atOrAbove":"1.2.1","severity":"medium","identifiers":{"summary":"Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.\n\n\n## Recommendation\n\nUpgrade to version 1.9.0 or later.","CVE":["CVE-2020-7656"],"githubID":"GHSA-q4m3-2j7h-f7xw"},"cwe":["CWE-79"]},{"info":["http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/","http://research.insecurelabs.org/jquery/test/","https://bugs.jquery.com/ticket/11974","https://github.com/advisories/GHSA-rmxg-73gg-4p98","https://github.com/jquery/jquery/issues/2432","https://nvd.nist.gov/vuln/detail/CVE-2015-9251"],"below":"1.12.0","atOrAbove":"1.4.0","severity":"medium","identifiers":{"summary":"3rd party CORS request may execute","issue":"2432","CVE":["CVE-2015-9251"],"githubID":"GHSA-rmxg-73gg-4p98"},"cwe":["CWE-79"]},{"info":["https://github.com/jquery/jquery.com/issues/162"],"below":"2.999.999","severity":"low","identifiers":{"summary":"jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates","retid":"73","issue":"162"},"cwe":["CWE-1104"]},{"info":["https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/","https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b","https://nvd.nist.gov/vuln/detail/CVE-2019-11358"],"below":"3.4.0","atOrAbove":"1.1.4","severity":"medium","identifiers":{"summary":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution","CVE":["CVE-2019-11358"],"PR":"4333","githubID":"GHSA-6c3j-c64m-qhgq"},"cwe":["CWE-1321","CWE-79"]},{"info":["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"],"below":"3.5.0","atOrAbove":"1.0.3","severity":"medium","identifiers":{"summary":"passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.","CVE":["CVE-2020-11023"],"issue":"4647","githubID":"GHSA-jpcq-cgw6-v4j6"},"cwe":["CWE-79"]},{"info":["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"],"below":"3.5.0","atOrAbove":"1.2.0","severity":"medium","identifiers":{"summary":"Regex in its jQuery.htmlPrefilter sometimes may introduce XSS","CVE":["CVE-2020-11022"],"issue":"4642","githubID":"GHSA-gxr4-xjj5-5px2"},"cwe":["CWE-79"]}],"licenses":["MIT"]}]}],"messages":[],"errors":[],"time":39.543}