Skip to content

[Snyk] Security upgrade lint-staged from 7.2.2 to 16.0.0#332

Open
attesch wants to merge 1 commit into
masterfrom
snyk-fix-ff59bcc8416e46a6e8e7fa293c9aaf5a
Open

[Snyk] Security upgrade lint-staged from 7.2.2 to 16.0.0#332
attesch wants to merge 1 commit into
masterfrom
snyk-fix-ff59bcc8416e46a6e8e7fa293c9aaf5a

fix: package.json & package-lock.json to reduce vulnerabilities

8214776
Select commit
Loading
Failed to load commit list.
This check has been archived and is scheduled for deletion. Learn more about checks retention
Mend Bolt for GitHub / WhiteSource Security Check failed May 13, 2025 in 2m 26s

Security Report

You have successfully remediated 28 vulnerabilities, but introduced 5 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> webpack-4.17.1.tgz (Root Library)

   -> micromatch-3.1.10.tgz

     -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 braces-2.3.2.tgz Upgrade to version: braces - 3.0.3 None
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-cli-6.26.0.tgz (Root Library)

   -> chokidar-1.7.0.tgz

     -> anymatch-1.3.2.tgz

       -> micromatch-2.3.11.tgz

         -> ❌ braces-1.8.5.tgz (Vulnerable Library)

High 7.5 braces-1.8.5.tgz Upgrade to version: braces - 3.0.3 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-cli-6.26.0.tgz (Root Library)

   -> chokidar-1.7.0.tgz

     -> anymatch-1.3.2.tgz

       -> ❌ micromatch-2.3.11.tgz (Vulnerable Library)

Medium 5.3 micromatch-2.3.11.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> webpack-4.17.1.tgz (Root Library)

   -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

Medium 5.3 micromatch-3.1.10.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2021-23358

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sitemap-1.13.0.tgz (Root Library)

   -> ❌ underscore-1.7.0.tgz (Vulnerable Library)

Low 3.3 underscore-1.7.0.tgz Upgrade to version: underscore.js - 1.12.1 #207

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2018-19826 node-sass-v4.9.0
CVE-2018-11696 node-sass-v4.9.0
CVE-2018-20190 node-sass-v4.9.0
CVE-2018-20821 node-sass-v4.9.0
CVE-2018-11697 CSS::Sass-v3.4.12
CVE-2021-23369 handlebars-4.1.2.tgz
CVE-2018-19839 CSS::Sass-v3.4.12
CVE-2019-6284 node-sass-v4.9.0
WS-2020-0450 handlebars-4.1.2.tgz
CVE-2019-19919 handlebars-4.1.2.tgz
WS-2019-0605 node-sass-v4.9.0
CVE-2019-6286 node-sass-v4.9.0
CVE-2018-20822 node-sass-v4.9.0
CVE-2019-18797 node-sass-v4.9.0
CVE-2019-6283 node-sass-v4.9.0
CVE-2018-11698 node-sass-v4.9.0
CVE-2018-11499 node-sass-v4.9.0
CVE-2021-23383 handlebars-4.1.2.tgz
CVE-2018-11693 node-sass-v4.9.0
CVE-2018-11694 node-sass-v4.9.0
CVE-2022-26592 node-sass-v4.9.0
CVE-2018-11697 node-sass-v4.9.0
CVE-2018-19838 node-sass-v4.9.0
CVE-2019-20920 handlebars-4.1.2.tgz
CVE-2019-20922 handlebars-4.1.2.tgz
CVE-2018-19827 node-sass-v4.9.0
CVE-2018-19837 node-sass-v4.9.0
CVE-2018-19797 node-sass-v4.9.0

Base branch total remaining vulnerabilities: 194
Base branch commit: null


Total libraries scanned: 1254

Scan token: d19f74af1d694959bf6a255bfc0776cd

View more details on Mend Bolt for GitHub