[Snyk] Fix for 1 vulnerabilities #297
Security Report
You have successfully remediated 67 vulnerabilities, but introduced 25 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
WS-2021-0153Path to dependency file: /package.json Path to vulnerable library: /node_modules/ejs/package.json Dependency Hierarchy: -> webpack-cli-4.0.0.tgz (Root Library) -> init-1.1.3.tgz -> generators-1.3.1.tgz -> yeoman-environment-2.10.3.tgz -> mem-fs-editor-6.0.0.tgz -> ❌ ejs-2.7.4.tgz (Vulnerable Library) |
Critical | 9.8 | ejs-2.7.4.tgz | Upgrade to version: ejs - 3.1.6 | #245 |
CVE-2022-29078Path to dependency file: /package.json Path to vulnerable library: /node_modules/ejs/package.json Dependency Hierarchy: -> webpack-cli-4.0.0.tgz (Root Library) -> init-1.1.3.tgz -> generators-1.3.1.tgz -> yeoman-environment-2.10.3.tgz -> mem-fs-editor-6.0.0.tgz -> ❌ ejs-2.7.4.tgz (Vulnerable Library) |
Critical | 9.8 | ejs-2.7.4.tgz | Upgrade to version: ejs - v3.1.7 | None |
CVE-2020-7774Path to dependency file: /package.json Path to vulnerable library: /node_modules/cacache/node_modules/y18n/package.json Dependency Hierarchy: -> webpack-4.17.1.tgz (Root Library) -> uglifyjs-webpack-plugin-1.3.0.tgz -> cacache-10.0.4.tgz -> ❌ y18n-4.0.0.tgz (Vulnerable Library) |
Critical | 9.8 | y18n-4.0.0.tgz | Upgrade to version: 3.2.2, 4.0.1, 5.0.5 | #166 |
CVE-2020-13822Path to dependency file: /package.json Path to vulnerable library: /node_modules/elliptic/package.json Dependency Hierarchy: -> webpack-4.17.1.tgz (Root Library) -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.0.4.tgz -> ❌ elliptic-6.4.1.tgz (Vulnerable Library) |
High | 7.7 | elliptic-6.4.1.tgz | Upgrade to version: v6.5.3 | #131 |
WS-2021-0152Path to dependency file: /package.json Path to vulnerable library: /node_modules/color/node_modules/color-string/package.json Dependency Hierarchy: -> cssnano-4.1.0.tgz (Root Library) -> cssnano-preset-default-4.0.0.tgz -> postcss-colormin-4.0.1.tgz -> color-3.0.0.tgz -> ❌ color-string-1.5.3.tgz (Vulnerable Library) |
High | 7.5 | color-string-1.5.3.tgz | Upgrade to version: color-string - 1.5.5 | #231 |
CVE-2022-24999Path to dependency file: /package.json Path to vulnerable library: /node_modules/body-parser/node_modules/qs/package.json Dependency Hierarchy: -> body-parser-1.18.3.tgz (Root Library) -> ❌ qs-6.5.2.tgz (Vulnerable Library) |
High | 7.5 | qs-6.5.2.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | #292 |
CVE-2021-3807Path to dependency file: /package.json Path to vulnerable library: /node_modules/pretty-format/node_modules/ansi-regex/package.json Dependency Hierarchy: -> lint-staged-7.2.2.tgz (Root Library) -> jest-validate-23.5.0.tgz -> pretty-format-23.5.0.tgz -> ❌ ansi-regex-3.0.0.tgz (Vulnerable Library) |
High | 7.5 | ansi-regex-3.0.0.tgz | Upgrade to version: ansi-regex - 5.0.1,6.0.1 | #247 |
CVE-2021-29059Path to dependency file: /package.json Path to vulnerable library: /node_modules/is-svg/package.json Dependency Hierarchy: -> cssnano-4.1.0.tgz (Root Library) -> cssnano-preset-default-4.0.0.tgz -> postcss-svgo-4.0.0.tgz -> ❌ is-svg-3.0.0.tgz (Vulnerable Library) |
High | 7.5 | is-svg-3.0.0.tgz | Upgrade to version: is-svg - 4.3.0 | #237 |
CVE-2021-28092Path to dependency file: /package.json Path to vulnerable library: /node_modules/is-svg/package.json Dependency Hierarchy: -> cssnano-4.1.0.tgz (Root Library) -> cssnano-preset-default-4.0.0.tgz -> postcss-svgo-4.0.0.tgz -> ❌ is-svg-3.0.0.tgz (Vulnerable Library) |
High | 7.5 | is-svg-3.0.0.tgz | Upgrade to version: v4.2.2 | #208 |
CVE-2021-27290Path to dependency file: /package.json Path to vulnerable library: /node_modules/ssri/package.json Dependency Hierarchy: -> webpack-4.17.1.tgz (Root Library) -> uglifyjs-webpack-plugin-1.3.0.tgz -> cacache-10.0.4.tgz -> ❌ ssri-5.3.0.tgz (Vulnerable Library) |
High | 7.5 | ssri-5.3.0.tgz | Upgrade to version: ssri - 6.0.2,7.1.1,8.0.1 | #204 |
CVE-2021-23382Path to dependency file: /package.json Path to vulnerable library: /node_modules/postcss/package.json Dependency Hierarchy: -> css-loader-1.0.0.tgz (Root Library) -> ❌ postcss-6.0.23.tgz (Vulnerable Library) |
High | 7.5 | postcss-6.0.23.tgz | Upgrade to version: postcss - 8.2.13 | #206 |
CVE-2021-23382Path to dependency file: /package.json Path to vulnerable library: /node_modules/postcss-loader/node_modules/postcss/package.json Dependency Hierarchy: -> postcss-loader-3.0.0.tgz (Root Library) -> ❌ postcss-7.0.2.tgz (Vulnerable Library) |
High | 7.5 | postcss-7.0.2.tgz | Upgrade to version: postcss - 8.2.13 | #206 |
CVE-2021-23358Path to dependency file: /package.json Path to vulnerable library: /node_modules/underscore/package.json Dependency Hierarchy: -> sitemap-1.13.0.tgz (Root Library) -> ❌ underscore-1.7.0.tgz (Vulnerable Library) |
High | 7.2 | underscore-1.7.0.tgz | Upgrade to version: underscore - 1.12.1,1.13.0-2 | #207 |
CVE-2020-28498Path to dependency file: /package.json Path to vulnerable library: /node_modules/elliptic/package.json Dependency Hierarchy: -> webpack-4.17.1.tgz (Root Library) -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.0.4.tgz -> ❌ elliptic-6.4.1.tgz (Vulnerable Library) |
Medium | 6.8 | elliptic-6.4.1.tgz | Upgrade to version: v6.5.4 | #179 |
CVE-2023-28155Path to dependency file: /package.json Path to vulnerable library: /node_modules/request/package.json Dependency Hierarchy: -> node-sass-6.0.1.tgz (Root Library) -> ❌ request-2.88.2.tgz (Vulnerable Library) |
Medium | 6.1 | request-2.88.2.tgz | #296 | |
WS-2019-0427Path to dependency file: /package.json Path to vulnerable library: /node_modules/elliptic/package.json Dependency Hierarchy: -> webpack-4.17.1.tgz (Root Library) -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.0.4.tgz -> ❌ elliptic-6.4.1.tgz (Vulnerable Library) |
Medium | 5.9 | elliptic-6.4.1.tgz | Upgrade to version: v6.5.2 | #167 |
WS-2019-0424Path to dependency file: /package.json Path to vulnerable library: /node_modules/elliptic/package.json Dependency Hierarchy: -> webpack-4.17.1.tgz (Root Library) -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.0.4.tgz -> ❌ elliptic-6.4.1.tgz (Vulnerable Library) |
Medium | 5.9 | elliptic-6.4.1.tgz | Upgrade to version: GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105;Romano.Vue - 1.0.1;org.webjars.npm:elliptic - 6.5.4,6.3.3;VueJS.NetCore - 1.1.1;elliptic - 6.5.3;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;Fable.Template.Elmish.React - 0.1.6 | #114 |
CVE-2023-26115Path to dependency file: /package.json Path to vulnerable library: /node_modules/word-wrap/package.json Dependency Hierarchy: -> eslint-7.0.0.tgz (Root Library) -> optionator-0.9.1.tgz -> ❌ word-wrap-1.2.3.tgz (Vulnerable Library) |
Medium | 5.3 | word-wrap-1.2.3.tgz | None | |
CVE-2022-33987Path to dependency file: /package.json Path to vulnerable library: /node_modules/gh-got/node_modules/got/package.json Dependency Hierarchy: -> webpack-cli-4.0.0.tgz (Root Library) -> init-1.1.3.tgz -> generators-1.3.1.tgz -> yeoman-generator-4.13.0.tgz -> github-username-3.0.0.tgz -> gh-got-5.0.0.tgz -> ❌ got-6.7.1.tgz (Vulnerable Library) |
Medium | 5.3 | got-6.7.1.tgz | Upgrade to version: got - 11.8.5,12.1.0 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /node_modules/@babel/helper-create-class-features-plugin/node_modules/semver/package.json,/node_modules/@babel/helper-compilation-targets/node_modules/semver/package.json,/node_modules/yeoman-generator/node_modules/make-dir/node_modules/semver/package.json,/node_modules/editions/node_modules/semver/package.json,/node_modules/@babel/core/node_modules/semver/package.json Dependency Hierarchy: -> webpack-cli-4.0.0.tgz (Root Library) -> init-1.1.3.tgz -> generators-1.3.1.tgz -> yeoman-generator-4.13.0.tgz -> istextorbinary-2.6.0.tgz -> editions-2.3.1.tgz -> ❌ semver-6.3.0.tgz (Vulnerable Library) |
Medium | 5.3 | semver-6.3.0.tgz | Upgrade to version: semver - 7.5.2 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /node_modules/semver/package.json Dependency Hierarchy: -> babel-preset-env-1.7.0.tgz (Root Library) -> ❌ semver-5.5.0.tgz (Vulnerable Library) |
Medium | 5.3 | semver-5.5.0.tgz | Upgrade to version: semver - 7.5.2 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /node_modules/@babel/register/node_modules/semver/package.json,/node_modules/yeoman-generator/node_modules/cross-spawn/node_modules/semver/package.json Dependency Hierarchy: -> webpack-cli-4.0.0.tgz (Root Library) -> init-1.1.3.tgz -> generators-1.3.1.tgz -> yeoman-generator-4.13.0.tgz -> cross-spawn-6.0.5.tgz -> ❌ semver-5.7.1.tgz (Vulnerable Library) |
Medium | 5.3 | semver-5.7.1.tgz | Upgrade to version: semver - 7.5.2 | None |
CVE-2021-32640Path to dependency file: /package.json Path to vulnerable library: /node_modules/ws/package.json Dependency Hierarchy: -> ❌ ws-6.0.0.tgz (Vulnerable Library) |
Medium | 5.3 | ws-6.0.0.tgz | Upgrade to version: 5.2.3,6.2.2,7.4.6 | #229 |
CVE-2021-29060Path to dependency file: /package.json Path to vulnerable library: /node_modules/color/node_modules/color-string/package.json Dependency Hierarchy: -> cssnano-4.1.0.tgz (Root Library) -> cssnano-preset-default-4.0.0.tgz -> postcss-colormin-4.0.1.tgz -> color-3.0.0.tgz -> ❌ color-string-1.5.3.tgz (Vulnerable Library) |
Medium | 5.3 | color-string-1.5.3.tgz | Upgrade to version: color-string - 1.5.5 | #233 |
CVE-2021-23368Path to dependency file: /package.json Path to vulnerable library: /node_modules/postcss-loader/node_modules/postcss/package.json Dependency Hierarchy: -> postcss-loader-3.0.0.tgz (Root Library) -> ❌ postcss-7.0.2.tgz (Vulnerable Library) |
Medium | 5.3 | postcss-7.0.2.tgz | Upgrade to version: postcss -8.2.10 | #210 |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2021-37713 | tar-4.4.9.tgz |
CVE-2018-20821 | node-sass-4.9.3.tgz |
CVE-2018-11698 | node-sass-4.9.3.tgz |
CVE-2021-32803 | tar-2.2.2.tgz |
CVE-2019-6283 | node-sass-v4.9.0 |
CVE-2018-11698 | node-sass-v4.9.0 |
CVE-2018-11499 | node-sass-v4.9.0 |
CVE-2021-23383 | handlebars-4.1.2.tgz |
CVE-2018-11696 | node-sass-v4.9.0 |
CVE-2018-20190 | node-sass-v4.9.0 |
CVE-2021-37701 | tar-4.4.9.tgz |
CVE-2018-20822 | node-sass-4.9.3.tgz |
CVE-2018-11693 | node-sass-v4.9.0 |
CVE-2019-6286 | node-sass-4.9.3.tgz |
CVE-2018-11694 | node-sass-v4.9.0 |
CVE-2021-32803 | tar-4.4.9.tgz |
CVE-2019-13173 | fstream-1.0.11.tgz |
CVE-2022-37598 | uglify-js-3.6.0.tgz |
CVE-2020-7608 | yargs-parser-10.1.0.tgz |
CVE-2019-6284 | node-sass-4.9.3.tgz |
CVE-2022-21191 | global-modules-path-2.1.0.tgz |
CVE-2018-11697 | node-sass-4.9.3.tgz |
CVE-2018-20821 | node-sass-v4.9.0 |
CVE-2018-11697 | node-sass-v4.9.0 |
CVE-2018-11696 | node-sass-4.9.3.tgz |
CVE-2018-19838 | node-sass-v4.9.0 |
CVE-2018-11697 | CSS::Sass-v3.4.12 |
CVE-2018-19827 | node-sass-4.9.3.tgz |
CVE-2021-37701 | tar-2.2.2.tgz |
CVE-2019-6283 | node-sass-4.9.3.tgz |
CVE-2023-28155 | request-2.87.0.tgz |
CVE-2021-23369 | handlebars-4.1.2.tgz |
CVE-2018-19839 | CSS::Sass-v3.4.12 |
CVE-2020-7598 | minimist-1.2.0.tgz |
CVE-2018-11693 | node-sass-4.9.3.tgz |
CVE-2019-20920 | handlebars-4.1.2.tgz |
CVE-2020-7608 | yargs-parser-5.0.0.tgz |
CVE-2019-6284 | node-sass-v4.9.0 |
CVE-2018-19837 | node-sass-4.9.3.tgz |
CVE-2019-20922 | handlebars-4.1.2.tgz |
CVE-2018-19827 | node-sass-v4.9.0 |
WS-2020-0450 | handlebars-4.1.2.tgz |
CVE-2018-19837 | node-sass-v4.9.0 |
CVE-2019-18797 | node-sass-4.9.3.tgz |
CVE-2018-19839 | node-sass-4.9.3.tgz |
CVE-2019-15599 | tree-kill-1.2.0.tgz |
CVE-2021-37712 | tar-4.4.9.tgz |
CVE-2021-32804 | tar-4.4.9.tgz |
CVE-2018-19838 | node-sass-4.9.3.tgz |
CVE-2018-19797 | node-sass-v4.9.0 |
CVE-2019-19919 | handlebars-4.1.2.tgz |
WS-2019-0605 | node-sass-v4.9.0 |
CVE-2018-11694 | node-sass-4.9.3.tgz |
CVE-2019-6286 | node-sass-v4.9.0 |
CVE-2018-20822 | node-sass-v4.9.0 |
CVE-2021-44906 | minimist-1.2.0.tgz |
WS-2019-0307 | mem-1.1.0.tgz |
CVE-2021-37712 | tar-2.2.2.tgz |
CVE-2021-37713 | tar-2.2.2.tgz |
CVE-2020-24025 | node-sass-4.9.3.tgz |
WS-2019-0180 | lodash.mergewith-4.6.1.tgz |
CVE-2018-11499 | node-sass-4.9.3.tgz |
CVE-2021-32804 | tar-2.2.2.tgz |
CVE-2018-20190 | node-sass-4.9.3.tgz |
CVE-2019-18797 | node-sass-v4.9.0 |
CVE-2019-10744 | lodash.mergewith-4.6.1.tgz |
CVE-2018-19797 | node-sass-4.9.3.tgz |
Base branch total remaining vulnerabilities: 141
Base branch commit: null
Total libraries scanned: 1559
Scan token: 6076987321a94b499e7c9ee384f767da