Skip to content

[Snyk] Fix for 2 vulnerabilities#335

Open
attesch wants to merge 1 commit into
masterfrom
snyk-fix-2f5b214993b3d20a83f9e2a88ea43eea
Open

[Snyk] Fix for 2 vulnerabilities#335
attesch wants to merge 1 commit into
masterfrom
snyk-fix-2f5b214993b3d20a83f9e2a88ea43eea

fix: package.json & package-lock.json to reduce vulnerabilities

56590c0
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Jul 22, 2025 in 9m 7s

Security Report

You have successfully remediated 71 vulnerabilities, but introduced 15 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-45133

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-eslint-8.2.6.tgz (Root Library)

   -> ❌ traverse-7.0.0-beta.44.tgz (Vulnerable Library)

Critical 9.3 traverse-7.0.0-beta.44.tgz Upgrade to version: @babel/traverse - 7.23.2 #312
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lint-staged-7.2.2.tgz (Root Library)

   -> micromatch-3.1.10.tgz

     -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 braces-2.3.2.tgz Upgrade to version: braces - 3.0.3 None
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-cli-6.26.0.tgz (Root Library)

   -> chokidar-1.7.0.tgz

     -> anymatch-1.3.2.tgz

       -> micromatch-2.3.11.tgz

         -> ❌ braces-1.8.5.tgz (Vulnerable Library)

High 7.5 braces-1.8.5.tgz Upgrade to version: braces - 3.0.3 None
CVE-2019-6286

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #36
CVE-2019-6283

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #34
CVE-2018-20821

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #32
CVE-2018-20190

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 6.5 node-sass-9.0.0.tgz Upgrade to version: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6 #31
CVE-2018-19827

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 5.6 node-sass-9.0.0.tgz Upgrade to version: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6 #39
CVE-2018-11694

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Medium 5.6 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #24
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-cli-6.26.0.tgz (Root Library)

   -> chokidar-1.7.0.tgz

     -> anymatch-1.3.2.tgz

       -> ❌ micromatch-2.3.11.tgz (Vulnerable Library)

Medium 5.3 micromatch-2.3.11.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lint-staged-7.2.2.tgz (Root Library)

   -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

Medium 5.3 micromatch-3.1.10.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2018-1109

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-cli-6.26.0.tgz (Root Library)

   -> chokidar-1.7.0.tgz

     -> anymatch-1.3.2.tgz

       -> micromatch-2.3.11.tgz

         -> ❌ braces-1.8.5.tgz (Vulnerable Library)

Medium 5.3 braces-1.8.5.tgz optimize regex: Replace or update the following file: parsers.js #158
CVE-2018-19839

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Low 3.7 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #40
CVE-2018-19797

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-9.0.0.tgz (Vulnerable Library)

Low 3.7 node-sass-9.0.0.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #38
CVE-2021-23358

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sitemap-1.13.0.tgz (Root Library)

   -> ❌ underscore-1.7.0.tgz (Vulnerable Library)

Low 3.3 underscore-1.7.0.tgz Upgrade to version: underscore - 1.12.1 #207

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2018-19826 node-sass-v4.9.0
CVE-2021-32803 tar-2.2.2.tgz
CVE-2018-11696 node-sass-v4.9.0
CVE-2018-20190 node-sass-v4.9.0
CVE-2018-20822 node-sass-4.9.3.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2019-6286 node-sass-4.9.3.tgz
CVE-2024-28863 tar-2.2.2.tgz
CVE-2021-33623 trim-newlines-1.0.0.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2019-6284 node-sass-4.9.3.tgz
CVE-2018-20821 node-sass-v4.9.0
CVE-2018-11696 node-sass-4.9.3.tgz
CVE-2018-11697 CSS::Sass-v3.4.12
CVE-2021-37701 tar-2.2.2.tgz
CVE-2021-23369 handlebars-4.1.2.tgz
CVE-2018-19839 CSS::Sass-v3.4.12
CVE-2019-6284 node-sass-v4.9.0
WS-2020-0450 handlebars-4.1.2.tgz
CVE-2023-26136 tough-cookie-2.3.4.tgz
CVE-2019-19919 handlebars-4.1.2.tgz
WS-2019-0605 node-sass-v4.9.0
CVE-2019-6286 node-sass-v4.9.0
CVE-2018-20822 node-sass-v4.9.0
CVE-2021-23337 lodash-4.17.10.tgz
CVE-2024-21538 cross-spawn-3.0.1.tgz
CVE-2020-24025 node-sass-4.9.3.tgz
CVE-2018-20190 node-sass-4.9.3.tgz
CVE-2019-18797 node-sass-v4.9.0
CVE-2020-28500 lodash-4.17.10.tgz
CVE-2018-19797 node-sass-4.9.3.tgz
CVE-2018-20821 node-sass-4.9.3.tgz
CVE-2019-6283 node-sass-v4.9.0
CVE-2018-11698 node-sass-v4.9.0
CVE-2018-11499 node-sass-v4.9.0
CVE-2021-23383 handlebars-4.1.2.tgz
CVE-2019-1010266 lodash-4.17.10.tgz
CVE-2018-11693 node-sass-v4.9.0
CVE-2018-11694 node-sass-v4.9.0
CVE-2018-16487 lodash-4.17.10.tgz
CVE-2019-13173 fstream-1.0.11.tgz
CVE-2022-26592 node-sass-v4.9.0
CVE-2022-25758 scss-tokenizer-0.2.3.tgz
CVE-2018-11697 node-sass-4.9.3.tgz
CVE-2018-11697 node-sass-v4.9.0
CVE-2018-19838 node-sass-v4.9.0
CVE-2018-19827 node-sass-4.9.3.tgz
CVE-2022-25883 semver-5.3.0.tgz
CVE-2019-6283 node-sass-4.9.3.tgz
CVE-2023-28155 request-2.87.0.tgz
CVE-2018-11693 node-sass-4.9.3.tgz
CVE-2019-20920 handlebars-4.1.2.tgz
CVE-2020-7608 yargs-parser-5.0.0.tgz
CVE-2018-19837 node-sass-4.9.3.tgz
CVE-2019-20922 handlebars-4.1.2.tgz
CVE-2018-19827 node-sass-v4.9.0
CVE-2018-19837 node-sass-v4.9.0
CVE-2019-18797 node-sass-4.9.3.tgz
CVE-2018-19839 node-sass-4.9.3.tgz
CVE-2018-19838 node-sass-4.9.3.tgz
CVE-2018-19797 node-sass-v4.9.0
CVE-2018-11694 node-sass-4.9.3.tgz
CVE-2020-8203 lodash-4.17.10.tgz
CVE-2021-37712 tar-2.2.2.tgz
CVE-2021-37713 tar-2.2.2.tgz
WS-2019-0180 lodash.mergewith-4.6.1.tgz
CVE-2020-15366 ajv-5.5.2.tgz
CVE-2018-11499 node-sass-4.9.3.tgz
CVE-2021-32804 tar-2.2.2.tgz
CVE-2019-10744 lodash.mergewith-4.6.1.tgz
CVE-2019-10744 lodash-4.17.10.tgz

Base branch total remaining vulnerabilities: 201
Base branch commit: null


Total libraries scanned: 1323

Scan token: a0049c4b12324df5affb39f6483987d5

View more details on Mend Bolt for GitHub