[Snyk] Security upgrade webpack from 4.17.1 to 5.0.0#343
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue |
|---|---|---|---|---|---|---|
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/lint-staged/node_modules/braces/package.json Dependency Hierarchy: -> lint-staged-7.2.2.tgz (Root Library) -> micromatch-3.1.10.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library) |
 High |
7.5 | Transitive braces-2.3.2.tgz |
lint-staged-7.2.2.tgz | Transitive braces - 3.0.3 |
None |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/lint-staged/node_modules/micromatch/package.json Dependency Hierarchy: -> lint-staged-7.2.2.tgz (Root Library) -> ❌ micromatch-3.1.10.tgz (Vulnerable Library) |
 Medium |
5.3 | Transitive micromatch-3.1.10.tgz |
lint-staged-7.2.2.tgz | Transitive 4.0.8 |
None |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/package.json Dependency Hierarchy: -> babel-cli-6.26.0.tgz (Root Library) -> chokidar-1.7.0.tgz -> anymatch-1.3.2.tgz -> ❌ micromatch-2.3.11.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive micromatch-2.3.11.tgz |
babel-cli-6.26.0.tgz | Transitive 4.0.8 |
None |
CVE-2021-23358Path to dependency file: /package.json Path to vulnerable library: /node_modules/underscore/package.json Dependency Hierarchy: -> sitemap-1.13.0.tgz (Root Library) -> ❌ underscore-1.7.0.tgz (Vulnerable Library) |
 Low |
3.3 | Transitive underscore-1.7.0.tgz |
sitemap-1.13.0.tgz | Transitive 1.12.1 |
#207 |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2018-19826 | node-sass-v4.9.0 |
| CVE-2018-19797 | CSS::Sass-v3.4.12 |
| CVE-2018-11696 | node-sass-v4.9.0 |
| CVE-2018-20190 | node-sass-v4.9.0 |
| CVE-2024-42461 | elliptic-6.4.1.tgz |
| CVE-2020-7774 | y18n-4.0.0.tgz |
| CVE-2024-11831 | serialize-javascript-1.5.0.tgz |
| CVE-2020-7660 | serialize-javascript-1.5.0.tgz |
| CVE-2018-20821 | node-sass-v4.9.0 |
| CVE-2018-11697 | CSS::Sass-v3.4.12 |
| CVE-2021-23369 | handlebars-4.1.2.tgz |
| CVE-2018-19839 | CSS::Sass-v3.4.12 |
| CVE-2019-6284 | node-sass-v4.9.0 |
| WS-2020-0450 | handlebars-4.1.2.tgz |
| CVE-2019-19919 | handlebars-4.1.2.tgz |
| WS-2019-0605 | node-sass-v4.9.0 |
| CVE-2019-6286 | node-sass-v4.9.0 |
| CVE-2018-20822 | node-sass-v4.9.0 |
| CVE-2020-28498 | elliptic-6.4.1.tgz |
| CVE-2020-13822 | elliptic-6.4.1.tgz |
| CVE-2019-18797 | node-sass-v4.9.0 |
| CVE-2025-9288 | sha.js-2.4.11.tgz |
| CVE-2024-43788 | webpack-4.17.1.tgz |
| CVE-2019-6283 | node-sass-v4.9.0 |
| CVE-2018-11698 | node-sass-v4.9.0 |
| CVE-2018-11499 | node-sass-v4.9.0 |
| CVE-2021-23383 | handlebars-4.1.2.tgz |
| CVE-2025-6545 | pbkdf2-3.0.16.tgz |
| CVE-2024-42459 | elliptic-6.4.1.tgz |
| CVE-2025-6547 | pbkdf2-3.0.16.tgz |
| CVE-2024-42460 | elliptic-6.4.1.tgz |
| WS-2019-0424 | elliptic-6.4.1.tgz |
| CVE-2018-11693 | node-sass-v4.9.0 |
| CVE-2018-11694 | node-sass-v4.9.0 |
| CVE-2022-26592 | node-sass-v4.9.0 |
| CVE-2018-11697 | node-sass-v4.9.0 |
| CVE-2018-19838 | node-sass-v4.9.0 |
| CVE-2021-27290 | ssri-5.3.0.tgz |
| CVE-2019-16769 | serialize-javascript-1.5.0.tgz |
| CVE-2019-20920 | handlebars-4.1.2.tgz |
| CVE-2019-20922 | handlebars-4.1.2.tgz |
| CVE-2018-19827 | node-sass-v4.9.0 |
| WS-2019-0427 | elliptic-6.4.1.tgz |
| CVE-2018-19837 | node-sass-v4.9.0 |
| CVE-2018-19827 | CSS::Sass-v3.4.12 |
| CVE-2018-19797 | node-sass-v4.9.0 |
| CVE-2025-9287 | cipher-base-1.0.4.tgz |
| CVE-2020-28469 | glob-parent-3.1.0.tgz |
| CVE-2023-46234 | browserify-sign-4.0.4.tgz |
| CVE-2024-48949 | elliptic-6.4.1.tgz |
| CVE-2017-18869 | chownr-1.0.1.tgz |
| CVE-2024-48948 | elliptic-6.4.1.tgz |
Base branch total remaining vulnerabilities: 222
Base branch commit: null
Total libraries scanned: 1191
Scan token: 60d75b3a6b7a4481be6129e788fc9656