Skip to content

[Snyk] Fix for 1 vulnerabilities#334

Open
attesch wants to merge 1 commit into
masterfrom
snyk-fix-987080774a4a7f8a83b7bdbaf84a1487
Open

[Snyk] Fix for 1 vulnerabilities#334
attesch wants to merge 1 commit into
masterfrom
snyk-fix-987080774a4a7f8a83b7bdbaf84a1487

fix: package.json & package-lock.json to reduce vulnerabilities

2cd7043
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Jun 18, 2025 in 4m 22s

Security Report

You have successfully remediated 82 vulnerabilities, but introduced 15 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> webpack-4.26.0.tgz (Root Library)

   -> micromatch-3.1.10.tgz

     -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 braces-2.3.2.tgz Upgrade to version: braces - 3.0.3 None
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-cli-6.26.0.tgz (Root Library)

   -> chokidar-1.7.0.tgz

     -> anymatch-1.3.2.tgz

       -> micromatch-2.3.11.tgz

         -> ❌ braces-1.8.5.tgz (Vulnerable Library)

High 7.5 braces-1.8.5.tgz Upgrade to version: braces - 3.0.3 None
CVE-2019-6286

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #36
CVE-2019-6283

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #34
CVE-2018-20821

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #32
CVE-2018-20190

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6 #31
CVE-2024-43788

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ webpack-4.26.0.tgz (Vulnerable Library)

Medium 6.4 webpack-4.26.0.tgz Upgrade to version: webpack - 5.94.0 None
CVE-2018-19827

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 5.6 node-sass-9.0.0.tgz Upgrade to version: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6 #39
CVE-2018-11694

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 5.6 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #24
CVE-2024-11831

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> webpack-4.26.0.tgz (Root Library)

   -> terser-webpack-plugin-1.4.6.tgz

     -> ❌ serialize-javascript-4.0.0.tgz (Vulnerable Library)

Medium 5.4 serialize-javascript-4.0.0.tgz Upgrade to version: serialize-javascript - 6.0.2 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> webpack-4.26.0.tgz (Root Library)

   -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

Medium 5.3 micromatch-3.1.10.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-cli-6.26.0.tgz (Root Library)

   -> chokidar-1.7.0.tgz

     -> anymatch-1.3.2.tgz

       -> ❌ micromatch-2.3.11.tgz (Vulnerable Library)

Medium 5.3 micromatch-2.3.11.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2018-19839

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Low 3.7 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #40
CVE-2018-19797

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Low 3.7 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #38
CVE-2021-23358

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sitemap-1.13.0.tgz (Root Library)

   -> ❌ underscore-1.7.0.tgz (Vulnerable Library)

Low 3.3 underscore-1.7.0.tgz Upgrade to version: underscore.js - 1.12.1 #207

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2018-19826 node-sass-v4.9.0
CVE-2021-32803 tar-2.2.2.tgz
CVE-2018-11696 node-sass-v4.9.0
CVE-2018-20190 node-sass-v4.9.0
CVE-2018-20822 node-sass-4.9.3.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2019-6286 node-sass-4.9.3.tgz
CVE-2020-7774 y18n-4.0.0.tgz
CVE-2024-28863 tar-2.2.2.tgz
CVE-2021-33623 trim-newlines-1.0.0.tgz
CVE-2024-11831 serialize-javascript-1.5.0.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2020-7660 serialize-javascript-1.5.0.tgz
CVE-2019-6284 node-sass-4.9.3.tgz
CVE-2018-20821 node-sass-v4.9.0
CVE-2018-11696 node-sass-4.9.3.tgz
CVE-2018-11697 CSS::Sass-v3.4.12
CVE-2021-37701 tar-2.2.2.tgz
CVE-2021-23369 handlebars-4.1.2.tgz
CVE-2018-19839 CSS::Sass-v3.4.12
CVE-2019-6284 node-sass-v4.9.0
CVE-2020-15366 ajv-6.5.2.tgz
WS-2020-0450 handlebars-4.1.2.tgz
CVE-2023-26136 tough-cookie-2.3.4.tgz
CVE-2019-19919 handlebars-4.1.2.tgz
WS-2019-0605 node-sass-v4.9.0
CVE-2019-6286 node-sass-v4.9.0
CVE-2020-7774 y18n-3.2.1.tgz
CVE-2018-20822 node-sass-v4.9.0
CVE-2021-23337 lodash-4.17.10.tgz
CVE-2024-21538 cross-spawn-3.0.1.tgz
CVE-2020-24025 node-sass-4.9.3.tgz
CVE-2018-20190 node-sass-4.9.3.tgz
CVE-2019-18797 node-sass-v4.9.0
CVE-2020-28500 lodash-4.17.10.tgz
CVE-2018-19797 node-sass-4.9.3.tgz
CVE-2024-43788 webpack-4.17.1.tgz
CVE-2018-20821 node-sass-4.9.3.tgz
CVE-2019-6283 node-sass-v4.9.0
CVE-2018-11698 node-sass-v4.9.0
CVE-2018-11499 node-sass-v4.9.0
CVE-2021-23383 handlebars-4.1.2.tgz
CVE-2019-1010266 lodash-4.17.10.tgz
CVE-2018-11693 node-sass-v4.9.0
CVE-2018-11694 node-sass-v4.9.0
CVE-2018-16487 lodash-4.17.10.tgz
CVE-2019-13173 fstream-1.0.11.tgz
CVE-2022-26592 node-sass-v4.9.0
CVE-2022-25758 scss-tokenizer-0.2.3.tgz
CVE-2018-11697 node-sass-4.9.3.tgz
CVE-2019-10744 lodash.merge-4.6.1.tgz
CVE-2018-11697 node-sass-v4.9.0
CVE-2018-19838 node-sass-v4.9.0
CVE-2018-19827 node-sass-4.9.3.tgz
CVE-2022-25883 semver-5.3.0.tgz
CVE-2019-6283 node-sass-4.9.3.tgz
CVE-2023-28155 request-2.87.0.tgz
CVE-2021-27290 ssri-5.3.0.tgz
CVE-2019-16769 serialize-javascript-1.5.0.tgz
CVE-2018-11693 node-sass-4.9.3.tgz
CVE-2019-20920 handlebars-4.1.2.tgz
CVE-2020-7608 yargs-parser-5.0.0.tgz
CVE-2018-19837 node-sass-4.9.3.tgz
CVE-2019-20922 handlebars-4.1.2.tgz
CVE-2018-19827 node-sass-v4.9.0
CVE-2018-19837 node-sass-v4.9.0
CVE-2019-18797 node-sass-4.9.3.tgz
CVE-2018-19839 node-sass-4.9.3.tgz
CVE-2018-19838 node-sass-4.9.3.tgz
CVE-2018-19797 node-sass-v4.9.0
CVE-2018-11694 node-sass-4.9.3.tgz
CVE-2020-8203 lodash-4.17.10.tgz
CVE-2021-37712 tar-2.2.2.tgz
CVE-2021-37713 tar-2.2.2.tgz
CVE-2019-15657 eslint-utils-1.3.1.tgz
WS-2019-0180 lodash.mergewith-4.6.1.tgz
CVE-2020-15366 ajv-5.5.2.tgz
CVE-2018-11499 node-sass-4.9.3.tgz
CVE-2021-32804 tar-2.2.2.tgz
CVE-2019-10744 lodash.mergewith-4.6.1.tgz
CVE-2019-10744 lodash-4.17.10.tgz
CVE-2017-18869 chownr-1.0.1.tgz

Base branch total remaining vulnerabilities: 196
Base branch commit: null


Total libraries scanned: 1359

Scan token: 1624ddd33283427b8869e3498a4e0e06

View more details on Mend Bolt for GitHub