[Snyk] Fix for 2 vulnerabilities by attesch · Pull Request #344 · attesch/cezerin

Security Report

You have successfully remediated 79 vulnerabilities, but introduced 14 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue
CVE-2026-23950 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-gyp/node_modules/tar/package.json,/node_modules/make-fetch-happen/node_modules/tar/package.json Dependency Hierarchy: -> node-sass-9.0.0.tgz (Root Library) -> make-fetch-happen-10.2.1.tgz -> cacache-16.1.3.tgz -> ❌ tar-6.2.1.tgz (Vulnerable Library)	High	8.8	`Transitive` tar-6.2.1.tgz	node-sass-9.0.0.tgz	`Transitive` 7.5.4	None
CVE-2018-11694 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	High	8.8	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#24
CVE-2024-4068 Path to dependency file: /package.json Path to vulnerable library: /node_modules/watchpack/node_modules/braces/package.json,/node_modules/lint-staged/node_modules/braces/package.json,/node_modules/webpack/node_modules/braces/package.json Dependency Hierarchy: -> lint-staged-7.2.2.tgz (Root Library) -> micromatch-3.1.10.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library)	High	7.5	`Transitive` braces-2.3.2.tgz	lint-staged-7.2.2.tgz	`Transitive` braces - 3.0.3	None
CVE-2026-23745 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-gyp/node_modules/tar/package.json,/node_modules/make-fetch-happen/node_modules/tar/package.json Dependency Hierarchy: -> node-sass-9.0.0.tgz (Root Library) -> make-fetch-happen-10.2.1.tgz -> cacache-16.1.3.tgz -> ❌ tar-6.2.1.tgz (Vulnerable Library)	High	7.1	`Transitive` tar-6.2.1.tgz	node-sass-9.0.0.tgz	`Transitive` https://github.com/isaacs/node-tar.git - v7.5.3	None
CVE-2019-6286 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Medium	6.5	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#36
CVE-2019-6283 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Medium	6.5	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#34
CVE-2018-20821 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Medium	6.5	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#32
CVE-2018-20190 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Medium	6.5	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6	#31
CVE-2018-19827 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Medium	5.6	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6	#39
CVE-2024-4067 Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/package.json Dependency Hierarchy: -> babel-cli-6.26.0.tgz (Root Library) -> chokidar-1.7.0.tgz -> anymatch-1.3.2.tgz -> ❌ micromatch-2.3.11.tgz (Vulnerable Library)	Medium	5.3	`Transitive` micromatch-2.3.11.tgz	babel-cli-6.26.0.tgz	`Transitive` 4.0.8	None
CVE-2024-4067 Path to dependency file: /package.json Path to vulnerable library: /node_modules/watchpack/node_modules/micromatch/package.json,/node_modules/lint-staged/node_modules/micromatch/package.json,/node_modules/webpack/node_modules/micromatch/package.json Dependency Hierarchy: -> lint-staged-7.2.2.tgz (Root Library) -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)	Medium	5.3	`Transitive` micromatch-3.1.10.tgz	lint-staged-7.2.2.tgz	`Transitive` 4.0.8	None
CVE-2018-19839 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Low	3.7	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#40
CVE-2018-19797 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Low	3.7	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#38
CVE-2021-23358 Path to dependency file: /package.json Path to vulnerable library: /node_modules/underscore/package.json Dependency Hierarchy: -> sitemap-1.13.0.tgz (Root Library) -> ❌ underscore-1.7.0.tgz (Vulnerable Library)	Low	3.3	`Transitive` underscore-1.7.0.tgz	sitemap-1.13.0.tgz	`Transitive` 1.12.1	#207

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-2018-19826	node-sass-v4.9.0
CVE-2021-32803	tar-2.2.2.tgz
CVE-2022-37620	html-minifier-3.5.17.tgz
CVE-2018-19797	CSS::Sass-v3.4.12
CVE-2018-11696	node-sass-v4.9.0
CVE-2018-20190	node-sass-v4.9.0
CVE-2022-37601	loader-utils-1.1.0.tgz
CVE-2018-20822	node-sass-4.9.3.tgz
CVE-2021-3918	json-schema-0.2.3.tgz
CVE-2019-6286	node-sass-4.9.3.tgz
CVE-2024-28863	tar-2.2.2.tgz
CVE-2021-33623	trim-newlines-1.0.0.tgz
CVE-2021-23343	path-parse-1.0.6.tgz
CVE-2019-6284	node-sass-4.9.3.tgz
CVE-2018-20821	node-sass-v4.9.0
CVE-2018-11696	node-sass-4.9.3.tgz
CVE-2018-11697	CSS::Sass-v3.4.12
CVE-2021-37701	tar-2.2.2.tgz
CVE-2021-23369	handlebars-4.1.2.tgz
CVE-2018-19839	CSS::Sass-v3.4.12
CVE-2019-6284	node-sass-v4.9.0
CVE-2020-15366	ajv-6.5.2.tgz
WS-2020-0450	handlebars-4.1.2.tgz
CVE-2023-26136	tough-cookie-2.3.4.tgz
CVE-2019-19919	handlebars-4.1.2.tgz
WS-2019-0605	node-sass-v4.9.0
CVE-2019-6286	node-sass-v4.9.0
CVE-2018-20822	node-sass-v4.9.0
CVE-2021-23337	lodash-4.17.10.tgz
CVE-2024-21538	cross-spawn-3.0.1.tgz
CVE-2020-24025	node-sass-4.9.3.tgz
CVE-2018-20190	node-sass-4.9.3.tgz
CVE-2019-18797	node-sass-v4.9.0
CVE-2020-28500	lodash-4.17.10.tgz
CVE-2018-19797	node-sass-4.9.3.tgz
CVE-2022-37603	loader-utils-1.1.0.tgz
CVE-2018-20821	node-sass-4.9.3.tgz
CVE-2019-6283	node-sass-v4.9.0
CVE-2018-11698	node-sass-v4.9.0
CVE-2018-11499	node-sass-v4.9.0
CVE-2021-23383	handlebars-4.1.2.tgz
CVE-2018-11693	node-sass-v4.9.0
CVE-2018-11694	node-sass-v4.9.0
CVE-2022-37601	loader-utils-0.2.17.tgz
CVE-2022-26592	node-sass-v4.9.0
CVE-2022-25758	scss-tokenizer-0.2.3.tgz
CVE-2018-11697	node-sass-4.9.3.tgz
CVE-2019-10744	lodash.merge-4.6.1.tgz
CVE-2018-11697	node-sass-v4.9.0
CVE-2018-19838	node-sass-v4.9.0
CVE-2018-19827	node-sass-4.9.3.tgz
CVE-2022-25883	semver-5.3.0.tgz
CVE-2019-6283	node-sass-4.9.3.tgz
CVE-2023-28155	request-2.87.0.tgz
CVE-2018-11693	node-sass-4.9.3.tgz
CVE-2019-20920	handlebars-4.1.2.tgz
CVE-2020-7608	yargs-parser-5.0.0.tgz
CVE-2018-19837	node-sass-4.9.3.tgz
CVE-2019-20922	handlebars-4.1.2.tgz
CVE-2018-19827	node-sass-v4.9.0
CVE-2018-19837	node-sass-v4.9.0
CVE-2019-18797	node-sass-4.9.3.tgz
CVE-2018-19827	CSS::Sass-v3.4.12
CVE-2018-19839	node-sass-4.9.3.tgz
CVE-2018-19838	node-sass-4.9.3.tgz
CVE-2018-19797	node-sass-v4.9.0
CVE-2025-7783	form-data-2.3.2.tgz
CVE-2018-11694	node-sass-4.9.3.tgz
CVE-2020-8203	lodash-4.17.10.tgz
CVE-2021-37712	tar-2.2.2.tgz
CVE-2021-37713	tar-2.2.2.tgz
CVE-2019-15657	eslint-utils-1.3.1.tgz
WS-2019-0180	lodash.mergewith-4.6.1.tgz
CVE-2020-15366	ajv-5.5.2.tgz
CVE-2018-11499	node-sass-4.9.3.tgz
CVE-2023-45133	traverse-7.0.0-beta.44.tgz
CVE-2021-32804	tar-2.2.2.tgz
CVE-2019-10744	lodash.mergewith-4.6.1.tgz
CVE-2022-37599	loader-utils-1.1.0.tgz

Base branch total remaining vulnerabilities: 224
Base branch commit: null

Total libraries scanned: 1417

Scan token: c75a6c54953844aebba21db798d96b6e

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 2 vulnerabilities#344

[Snyk] Fix for 2 vulnerabilities#344
attesch wants to merge 1 commit into
masterfrom
snyk-fix-c4b04fddb6e0e4f8d626b697674e9a5f

Uh oh!

Security Report

Re-running checks...

fix: package.json to reduce vulnerabilities

Uh oh!

Security Report

Re-running checks...