[Snyk] Security upgrade workbox-webpack-plugin from 3.4.1 to 7.4.0 by attesch · Pull Request #340 · attesch/cezerin

Security Report

You have successfully remediated 28 vulnerabilities, but introduced 12 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue
CVE-2019-19919 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ handlebars-4.0.11.tgz (Vulnerable Library)	Critical	9.8	`Direct` handlebars-4.0.11.tgz	handlebars-4.0.11.tgz	4.3.0	#187
CVE-2019-20920 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ handlebars-4.0.11.tgz (Vulnerable Library)	High	8.1	`Direct` handlebars-4.0.11.tgz	handlebars-4.0.11.tgz	4.5.3	#196
WS-2020-0450 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ handlebars-4.0.11.tgz (Vulnerable Library)	High	7.5	`Direct` handlebars-4.0.11.tgz	handlebars-4.0.11.tgz	4.1.2-0	#269
CVE-2024-4068 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> lint-staged-7.2.2.tgz (Root Library) -> micromatch-3.1.10.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library)	High	7.5	`Transitive` braces-2.3.2.tgz	lint-staged-7.2.2.tgz	`Transitive` braces - 3.0.3	None
CVE-2019-20922 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ handlebars-4.0.11.tgz (Vulnerable Library)	High	7.5	`Direct` handlebars-4.0.11.tgz	handlebars-4.0.11.tgz	4.4.5	#195
WS-2019-0064 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ handlebars-4.0.11.tgz (Vulnerable Library)	High	7.3	`Direct` handlebars-4.0.11.tgz	handlebars-4.0.11.tgz	4.0.14	#14
WS-2019-0103 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ handlebars-4.0.11.tgz (Vulnerable Library)	Medium	5.6	`Direct` handlebars-4.0.11.tgz	handlebars-4.0.11.tgz	4.0.13	#54
CVE-2021-23383 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ handlebars-4.0.11.tgz (Vulnerable Library)	Medium	5.6	`Direct` handlebars-4.0.11.tgz	handlebars-4.0.11.tgz	4.1.2-0	#218
CVE-2021-23369 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ handlebars-4.0.11.tgz (Vulnerable Library)	Medium	5.6	`Direct` handlebars-4.0.11.tgz	handlebars-4.0.11.tgz	4.1.2-0	#201
CVE-2024-4067 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> babel-cli-6.26.0.tgz (Root Library) -> chokidar-1.7.0.tgz -> anymatch-1.3.2.tgz -> ❌ micromatch-2.3.11.tgz (Vulnerable Library)	Medium	5.3	`Transitive` micromatch-2.3.11.tgz	babel-cli-6.26.0.tgz	`Transitive` 4.0.8	None
CVE-2024-4067 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> lint-staged-7.2.2.tgz (Root Library) -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)	Medium	5.3	`Transitive` micromatch-3.1.10.tgz	lint-staged-7.2.2.tgz	`Transitive` 4.0.8	None
CVE-2021-23358 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> sitemap-1.13.0.tgz (Root Library) -> ❌ underscore-1.7.0.tgz (Vulnerable Library)	Low	3.3	`Transitive` underscore-1.7.0.tgz	sitemap-1.13.0.tgz	`Transitive` 1.12.1	#207

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-2018-19826	node-sass-v4.9.0
CVE-2018-11696	node-sass-v4.9.0
CVE-2018-20190	node-sass-v4.9.0
CVE-2018-20821	node-sass-v4.9.0
CVE-2018-11697	CSS::Sass-v3.4.12
CVE-2021-23369	handlebars-4.1.2.tgz
CVE-2018-19839	CSS::Sass-v3.4.12
CVE-2019-6284	node-sass-v4.9.0
WS-2020-0450	handlebars-4.1.2.tgz
CVE-2019-19919	handlebars-4.1.2.tgz
WS-2019-0605	node-sass-v4.9.0
CVE-2019-6286	node-sass-v4.9.0
CVE-2018-20822	node-sass-v4.9.0
CVE-2019-18797	node-sass-v4.9.0
CVE-2019-6283	node-sass-v4.9.0
CVE-2018-11698	node-sass-v4.9.0
CVE-2018-11499	node-sass-v4.9.0
CVE-2021-23383	handlebars-4.1.2.tgz
CVE-2018-11693	node-sass-v4.9.0
CVE-2018-11694	node-sass-v4.9.0
CVE-2022-26592	node-sass-v4.9.0
CVE-2018-11697	node-sass-v4.9.0
CVE-2018-19838	node-sass-v4.9.0
CVE-2019-20920	handlebars-4.1.2.tgz
CVE-2019-20922	handlebars-4.1.2.tgz
CVE-2018-19827	node-sass-v4.9.0
CVE-2018-19837	node-sass-v4.9.0
CVE-2018-19797	node-sass-v4.9.0

Base branch total remaining vulnerabilities: 212
Base branch commit: null

Total libraries scanned: 1268

Scan token: 5ff3e81228fa421e8fb8b9fcfabd83cf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade workbox-webpack-plugin from 3.4.1 to 7.4.0#340

[Snyk] Security upgrade workbox-webpack-plugin from 3.4.1 to 7.4.0#340
attesch wants to merge 1 commit into
masterfrom
snyk-fix-0de158f01d8bfc6d1f462826c46a1a0b

Uh oh!

Security Report

Re-running checks...

fix: package.json to reduce vulnerabilities

Uh oh!

Security Report

Re-running checks...