Skip to content

[Snyk] Fix for 22 vulnerabilities#333

Open
attesch wants to merge 1 commit into
masterfrom
snyk-fix-a58c44d66da049038986222e98386a1a
Open

[Snyk] Fix for 22 vulnerabilities#333
attesch wants to merge 1 commit into
masterfrom
snyk-fix-a58c44d66da049038986222e98386a1a

fix: package.json & package-lock.json to reduce vulnerabilities

b02e8ee
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Jun 3, 2025 in 2m 30s

Security Report

You have successfully remediated 76 vulnerabilities, but introduced 21 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2019-19919

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ handlebars-4.0.12.tgz (Vulnerable Library)

Critical 9.8 handlebars-4.0.12.tgz Upgrade to version: handlebars - 3.0.8,4.3.0 #187
CVE-2019-20920

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ handlebars-4.0.12.tgz (Vulnerable Library)

High 8.1 handlebars-4.0.12.tgz Upgrade to version: handlebars - 4.5.3 #196
WS-2020-0450

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ handlebars-4.0.12.tgz (Vulnerable Library)

High 7.5 handlebars-4.0.12.tgz Upgrade to version: handlebars - 4.6.0 #269
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lint-staged-7.2.2.tgz (Root Library)

   -> micromatch-3.1.10.tgz

     -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 braces-2.3.2.tgz Upgrade to version: braces - 3.0.3 None
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-cli-6.26.0.tgz (Root Library)

   -> chokidar-1.7.0.tgz

     -> anymatch-1.3.2.tgz

       -> micromatch-2.3.11.tgz

         -> ❌ braces-1.8.5.tgz (Vulnerable Library)

High 7.5 braces-1.8.5.tgz Upgrade to version: braces - 3.0.3 None
CVE-2019-20922

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ handlebars-4.0.12.tgz (Vulnerable Library)

High 7.5 handlebars-4.0.12.tgz Upgrade to version: handlebars - 4.4.5 #195
WS-2019-0064

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ handlebars-4.0.12.tgz (Vulnerable Library)

High 7.3 handlebars-4.0.12.tgz Upgrade to version: 3.0.7,4.0.14,4.1.2 #14
CVE-2019-6286

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #36
CVE-2019-6283

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #34
CVE-2018-20821

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #32
CVE-2018-20190

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6 #31
WS-2019-0103

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ handlebars-4.0.12.tgz (Vulnerable Library)

Medium 5.6 handlebars-4.0.12.tgz Upgrade to version: 4.1.0 #54
CVE-2021-23383

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ handlebars-4.0.12.tgz (Vulnerable Library)

Medium 5.6 handlebars-4.0.12.tgz Upgrade to version: handlebars - 4.7.7 #218
CVE-2021-23369

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ handlebars-4.0.12.tgz (Vulnerable Library)

Medium 5.6 handlebars-4.0.12.tgz Upgrade to version: com.github.jknack:handlebars:4.2.0, handlebars - 4.7.7 #201
CVE-2018-19827

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 5.6 node-sass-9.0.0.tgz Upgrade to version: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6 #39
CVE-2018-11694

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 5.6 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #24
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-cli-6.26.0.tgz (Root Library)

   -> chokidar-1.7.0.tgz

     -> anymatch-1.3.2.tgz

       -> ❌ micromatch-2.3.11.tgz (Vulnerable Library)

Medium 5.3 micromatch-2.3.11.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lint-staged-7.2.2.tgz (Root Library)

   -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

Medium 5.3 micromatch-3.1.10.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2018-19839

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Low 3.7 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #40
CVE-2018-19797

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Low 3.7 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #38
CVE-2021-23358

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sitemap-1.13.0.tgz (Root Library)

   -> ❌ underscore-1.7.0.tgz (Vulnerable Library)

Low 3.3 underscore-1.7.0.tgz Upgrade to version: underscore.js - 1.12.1 #207

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2018-19826 node-sass-v4.9.0
CVE-2021-32803 tar-2.2.2.tgz
CVE-2022-37620 html-minifier-3.5.17.tgz
CVE-2018-11696 node-sass-v4.9.0
CVE-2018-20190 node-sass-v4.9.0
CVE-2022-37601 loader-utils-1.1.0.tgz
CVE-2018-20822 node-sass-4.9.3.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2019-6286 node-sass-4.9.3.tgz
CVE-2024-28863 tar-2.2.2.tgz
CVE-2021-33623 trim-newlines-1.0.0.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2019-6284 node-sass-4.9.3.tgz
CVE-2018-20821 node-sass-v4.9.0
CVE-2018-11696 node-sass-4.9.3.tgz
CVE-2018-11697 CSS::Sass-v3.4.12
CVE-2021-37701 tar-2.2.2.tgz
CVE-2021-23369 handlebars-4.1.2.tgz
CVE-2018-19839 CSS::Sass-v3.4.12
CVE-2019-6284 node-sass-v4.9.0
WS-2020-0450 handlebars-4.1.2.tgz
CVE-2023-26136 tough-cookie-2.3.4.tgz
CVE-2019-19919 handlebars-4.1.2.tgz
WS-2019-0605 node-sass-v4.9.0
CVE-2019-6286 node-sass-v4.9.0
CVE-2018-20822 node-sass-v4.9.0
CVE-2021-23337 lodash-4.17.10.tgz
CVE-2024-21538 cross-spawn-3.0.1.tgz
CVE-2020-24025 node-sass-4.9.3.tgz
CVE-2018-20190 node-sass-4.9.3.tgz
CVE-2019-18797 node-sass-v4.9.0
CVE-2020-28500 lodash-4.17.10.tgz
CVE-2018-19797 node-sass-4.9.3.tgz
CVE-2022-37603 loader-utils-1.1.0.tgz
CVE-2018-20821 node-sass-4.9.3.tgz
CVE-2019-6283 node-sass-v4.9.0
CVE-2018-11698 node-sass-v4.9.0
CVE-2018-11499 node-sass-v4.9.0
CVE-2021-23383 handlebars-4.1.2.tgz
CVE-2019-1010266 lodash-4.17.10.tgz
CVE-2018-11693 node-sass-v4.9.0
CVE-2018-11694 node-sass-v4.9.0
CVE-2022-37601 loader-utils-0.2.17.tgz
CVE-2018-16487 lodash-4.17.10.tgz
CVE-2019-13173 fstream-1.0.11.tgz
CVE-2022-26592 node-sass-v4.9.0
CVE-2022-25758 scss-tokenizer-0.2.3.tgz
CVE-2018-11697 node-sass-4.9.3.tgz
CVE-2018-11697 node-sass-v4.9.0
CVE-2018-19838 node-sass-v4.9.0
CVE-2018-19827 node-sass-4.9.3.tgz
CVE-2022-25883 semver-5.3.0.tgz
CVE-2019-6283 node-sass-4.9.3.tgz
CVE-2023-28155 request-2.87.0.tgz
CVE-2018-11693 node-sass-4.9.3.tgz
CVE-2019-20920 handlebars-4.1.2.tgz
CVE-2020-7608 yargs-parser-5.0.0.tgz
CVE-2018-19837 node-sass-4.9.3.tgz
CVE-2019-20922 handlebars-4.1.2.tgz
CVE-2018-19827 node-sass-v4.9.0
CVE-2018-19837 node-sass-v4.9.0
CVE-2019-18797 node-sass-4.9.3.tgz
CVE-2018-19839 node-sass-4.9.3.tgz
CVE-2019-15599 tree-kill-1.2.0.tgz
CVE-2018-19838 node-sass-4.9.3.tgz
CVE-2018-19797 node-sass-v4.9.0
CVE-2018-11694 node-sass-4.9.3.tgz
CVE-2020-8203 lodash-4.17.10.tgz
CVE-2021-37712 tar-2.2.2.tgz
CVE-2021-37713 tar-2.2.2.tgz
WS-2019-0180 lodash.mergewith-4.6.1.tgz
CVE-2020-15366 ajv-5.5.2.tgz
CVE-2018-11499 node-sass-4.9.3.tgz
CVE-2021-32804 tar-2.2.2.tgz
CVE-2019-10744 lodash.mergewith-4.6.1.tgz
CVE-2019-10744 lodash-4.17.10.tgz

Base branch total remaining vulnerabilities: 195
Base branch commit: null


Total libraries scanned: 1341

Scan token: 15778001bceb4b358167b5e6b3d6363b

View more details on Mend Bolt for GitHub