Skip to content

[Snyk] Security upgrade webpack from 4.17.1 to 5.0.0#337

Open
attesch wants to merge 1 commit into
masterfrom
snyk-fix-5692d8145216f65701d57b1c401bb6bc
Open

[Snyk] Security upgrade webpack from 4.17.1 to 5.0.0#337
attesch wants to merge 1 commit into
masterfrom
snyk-fix-5692d8145216f65701d57b1c401bb6bc

fix: package.json & package-lock.json to reduce vulnerabilities

75a4c7d
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Aug 26, 2025 in 1m 21s

Security Report

You have successfully remediated 50 vulnerabilities, but introduced 7 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-28154

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ webpack-5.0.0.tgz (Vulnerable Library)

Critical 9.8 webpack-5.0.0.tgz Upgrade to version: webpack - 5.76.0 None
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lint-staged-7.2.2.tgz (Root Library)

   -> micromatch-3.1.10.tgz

     -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 braces-2.3.2.tgz Upgrade to version: braces - 3.0.3 None
CVE-2024-43788

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ webpack-5.0.0.tgz (Vulnerable Library)

Medium 6.4 webpack-5.0.0.tgz Upgrade to version: webpack - 5.94.0 None
CVE-2024-11831

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> webpack-5.0.0.tgz (Root Library)

   -> terser-webpack-plugin-4.2.3.tgz

     -> ❌ serialize-javascript-5.0.1.tgz (Vulnerable Library)

Medium 5.4 serialize-javascript-5.0.1.tgz Upgrade to version: serialize-javascript - 6.0.2 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lint-staged-7.2.2.tgz (Root Library)

   -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

Medium 5.3 micromatch-3.1.10.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-cli-6.26.0.tgz (Root Library)

   -> chokidar-1.7.0.tgz

     -> anymatch-1.3.2.tgz

       -> ❌ micromatch-2.3.11.tgz (Vulnerable Library)

Medium 5.3 micromatch-2.3.11.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2021-23358

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sitemap-1.13.0.tgz (Root Library)

   -> ❌ underscore-1.7.0.tgz (Vulnerable Library)

Low 3.3 underscore-1.7.0.tgz Upgrade to version: underscore - 1.12.1 #207

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2018-19826 node-sass-v4.9.0
CVE-2018-11696 node-sass-v4.9.0
CVE-2018-20190 node-sass-v4.9.0
CVE-2020-7774 y18n-4.0.0.tgz
CVE-2024-11831 serialize-javascript-1.5.0.tgz
CVE-2020-7660 serialize-javascript-1.5.0.tgz
CVE-2018-20821 node-sass-v4.9.0
CVE-2018-11697 CSS::Sass-v3.4.12
CVE-2021-23369 handlebars-4.1.2.tgz
CVE-2018-19839 CSS::Sass-v3.4.12
CVE-2019-6284 node-sass-v4.9.0
CVE-2020-15366 ajv-6.5.2.tgz
WS-2020-0450 handlebars-4.1.2.tgz
CVE-2019-19919 handlebars-4.1.2.tgz
WS-2019-0605 node-sass-v4.9.0
CVE-2019-6286 node-sass-v4.9.0
CVE-2018-20822 node-sass-v4.9.0
CVE-2020-28498 elliptic-6.4.1.tgz
CVE-2020-13822 elliptic-6.4.1.tgz
CVE-2019-18797 node-sass-v4.9.0
CVE-2025-9288 sha.js-2.4.11.tgz
CVE-2024-43788 webpack-4.17.1.tgz
CVE-2019-6283 node-sass-v4.9.0
CVE-2018-11698 node-sass-v4.9.0
CVE-2018-11499 node-sass-v4.9.0
CVE-2021-23383 handlebars-4.1.2.tgz
CVE-2025-6545 pbkdf2-3.0.16.tgz
CVE-2024-42459 elliptic-6.4.1.tgz
CVE-2025-6547 pbkdf2-3.0.16.tgz
CVE-2024-42460 elliptic-6.4.1.tgz
WS-2019-0424 elliptic-6.4.1.tgz
CVE-2018-11693 node-sass-v4.9.0
CVE-2018-11694 node-sass-v4.9.0
CVE-2022-26592 node-sass-v4.9.0
CVE-2018-11697 node-sass-v4.9.0
CVE-2018-19838 node-sass-v4.9.0
CVE-2021-27290 ssri-5.3.0.tgz
CVE-2019-16769 serialize-javascript-1.5.0.tgz
CVE-2019-20920 handlebars-4.1.2.tgz
CVE-2019-20922 handlebars-4.1.2.tgz
CVE-2018-19827 node-sass-v4.9.0
WS-2019-0427 elliptic-6.4.1.tgz
CVE-2018-19837 node-sass-v4.9.0
CVE-2018-19797 node-sass-v4.9.0
CVE-2025-9287 cipher-base-1.0.4.tgz
CVE-2020-28469 glob-parent-3.1.0.tgz
CVE-2023-46234 browserify-sign-4.0.4.tgz
CVE-2024-48949 elliptic-6.4.1.tgz
CVE-2017-18869 chownr-1.0.1.tgz
CVE-2024-48948 elliptic-6.4.1.tgz

Base branch total remaining vulnerabilities: 209
Base branch commit: null


Total libraries scanned: 1199

Scan token: 8ee4be4dce8e4e3cb2b37a710d9550a0

View more details on Mend Bolt for GitHub