[Snyk] Fix for 1 vulnerabilities by attesch · Pull Request #345 · attesch/cezerin

Security Report

You have successfully remediated 108 vulnerabilities, but introduced 19 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue
CVE-2026-23950 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-gyp/node_modules/tar/package.json,/node_modules/cacache/node_modules/tar/package.json Dependency Hierarchy: -> node-sass-9.0.0.tgz (Root Library) -> node-gyp-8.4.1.tgz -> ❌ tar-6.2.1.tgz (Vulnerable Library)	High	8.8	`Transitive` tar-6.2.1.tgz	node-sass-9.0.0.tgz	`Transitive` 7.5.4	None
CVE-2018-11694 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	High	8.8	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#24
CVE-2026-24842 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-gyp/node_modules/tar/package.json,/node_modules/cacache/node_modules/tar/package.json Dependency Hierarchy: -> node-sass-9.0.0.tgz (Root Library) -> node-gyp-8.4.1.tgz -> ❌ tar-6.2.1.tgz (Vulnerable Library)	High	8.2	`Transitive` tar-6.2.1.tgz	node-sass-9.0.0.tgz	`Transitive` 7.5.7	None
CVE-2025-69873 Path to dependency file: /package.json Path to vulnerable library: /node_modules/ajv/package.json Dependency Hierarchy: -> mini-css-extract-plugin-2.4.5.tgz (Root Library) -> schema-utils-4.3.3.tgz -> ajv-keywords-5.1.0.tgz -> ❌ ajv-6.12.6.tgz (Vulnerable Library)	High	7.5	`Transitive` ajv-6.12.6.tgz	mini-css-extract-plugin-2.4.5.tgz		None
CVE-2024-4068 Path to dependency file: /package.json Path to vulnerable library: /node_modules/lint-staged/node_modules/braces/package.json Dependency Hierarchy: -> lint-staged-7.2.2.tgz (Root Library) -> micromatch-3.1.10.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library)	High	7.5	`Transitive` braces-2.3.2.tgz	lint-staged-7.2.2.tgz	`Transitive` braces - 3.0.3	None
CVE-2026-23745 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-gyp/node_modules/tar/package.json,/node_modules/cacache/node_modules/tar/package.json Dependency Hierarchy: -> node-sass-9.0.0.tgz (Root Library) -> node-gyp-8.4.1.tgz -> ❌ tar-6.2.1.tgz (Vulnerable Library)	High	7.1	`Transitive` tar-6.2.1.tgz	node-sass-9.0.0.tgz	`Transitive` https://github.com/isaacs/node-tar.git - v7.5.3	None
CVE-2019-6286 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Medium	6.5	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#36
CVE-2019-6283 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Medium	6.5	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#34
CVE-2018-20821 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Medium	6.5	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#32
CVE-2018-20190 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Medium	6.5	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6	#31
CVE-2018-19827 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Medium	5.6	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6	#39
CVE-2025-50537 Path to dependency file: /package.json Path to vulnerable library: /node_modules/eslint/package.json Dependency Hierarchy: -> ❌ eslint-9.0.0.tgz (Vulnerable Library)	Medium	5.5	`Direct` eslint-9.0.0.tgz	eslint-9.0.0.tgz	9.26.0	None
CVE-2024-4067 Path to dependency file: /package.json Path to vulnerable library: /node_modules/lint-staged/node_modules/micromatch/package.json Dependency Hierarchy: -> lint-staged-7.2.2.tgz (Root Library) -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)	Medium	5.3	`Transitive` micromatch-3.1.10.tgz	lint-staged-7.2.2.tgz	`Transitive` 4.0.8	None
CVE-2024-4067 Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/package.json Dependency Hierarchy: -> babel-cli-6.26.0.tgz (Root Library) -> chokidar-1.7.0.tgz -> anymatch-1.3.2.tgz -> ❌ micromatch-2.3.11.tgz (Vulnerable Library)	Medium	5.3	`Transitive` micromatch-2.3.11.tgz	babel-cli-6.26.0.tgz	`Transitive` 4.0.8	None
CVE-2025-68458 Path to dependency file: /package.json Path to vulnerable library: /node_modules/webpack/package.json Dependency Hierarchy: -> ❌ webpack-5.98.0.tgz (Vulnerable Library)	Low	3.7	`Direct` webpack-5.98.0.tgz	webpack-5.98.0.tgz	5.104.1	None
CVE-2025-68157 Path to dependency file: /package.json Path to vulnerable library: /node_modules/webpack/package.json Dependency Hierarchy: -> ❌ webpack-5.98.0.tgz (Vulnerable Library)	Low	3.7	`Direct` webpack-5.98.0.tgz	webpack-5.98.0.tgz	5.104.0	None
CVE-2018-19839 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Low	3.7	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#40
CVE-2018-19797 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-9.0.0.tgz (Vulnerable Library)	Low	3.7	`Direct` node-sass-9.0.0.tgz	node-sass-9.0.0.tgz	Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	#38
CVE-2021-23358 Path to dependency file: /package.json Path to vulnerable library: /node_modules/underscore/package.json Dependency Hierarchy: -> sitemap-1.13.0.tgz (Root Library) -> ❌ underscore-1.7.0.tgz (Vulnerable Library)	Low	3.3	`Transitive` underscore-1.7.0.tgz	sitemap-1.13.0.tgz	`Transitive` 1.12.1	#207

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-2018-19826	node-sass-v4.9.0
CVE-2021-32803	tar-2.2.2.tgz
CVE-2018-19797	CSS::Sass-v3.4.12
CVE-2018-11696	node-sass-v4.9.0
CVE-2018-20190	node-sass-v4.9.0
CVE-2024-42461	elliptic-6.4.1.tgz
CVE-2018-20822	node-sass-4.9.3.tgz
CVE-2021-3918	json-schema-0.2.3.tgz
CVE-2019-6286	node-sass-4.9.3.tgz
CVE-2025-14505	elliptic-6.4.1.tgz
CVE-2020-7774	y18n-4.0.0.tgz
CVE-2025-50537	eslint-5.4.0.tgz
CVE-2024-28863	tar-2.2.2.tgz
CVE-2021-33623	trim-newlines-1.0.0.tgz
CVE-2024-11831	serialize-javascript-1.5.0.tgz
CVE-2021-23343	path-parse-1.0.6.tgz
CVE-2020-7660	serialize-javascript-1.5.0.tgz
CVE-2019-6284	node-sass-4.9.3.tgz
CVE-2018-20821	node-sass-v4.9.0
CVE-2018-11696	node-sass-4.9.3.tgz
CVE-2018-11697	CSS::Sass-v3.4.12
CVE-2021-37701	tar-2.2.2.tgz
CVE-2021-23369	handlebars-4.1.2.tgz
CVE-2018-19839	CSS::Sass-v3.4.12
CVE-2019-6284	node-sass-v4.9.0
CVE-2020-15366	ajv-6.5.2.tgz
CVE-2026-23950	tar-2.2.2.tgz
WS-2020-0450	handlebars-4.1.2.tgz
CVE-2021-23368	postcss-7.0.2.tgz
CVE-2023-26136	tough-cookie-2.3.4.tgz
CVE-2019-19919	handlebars-4.1.2.tgz
CVE-2025-13465	lodash-4.17.10.tgz
WS-2019-0605	node-sass-v4.9.0
CVE-2019-6286	node-sass-v4.9.0
CVE-2018-20822	node-sass-v4.9.0
CVE-2020-28498	elliptic-6.4.1.tgz
CVE-2021-23337	lodash-4.17.10.tgz
CVE-2024-21538	cross-spawn-3.0.1.tgz
CVE-2020-24025	node-sass-4.9.3.tgz
CVE-2020-13822	elliptic-6.4.1.tgz
CVE-2026-23745	tar-2.2.2.tgz
CVE-2018-20190	node-sass-4.9.3.tgz
CVE-2019-18797	node-sass-v4.9.0
CVE-2020-28500	lodash-4.17.10.tgz
CVE-2018-19797	node-sass-4.9.3.tgz
CVE-2025-9288	sha.js-2.4.11.tgz
CVE-2024-43788	webpack-4.17.1.tgz
CVE-2018-20821	node-sass-4.9.3.tgz
CVE-2019-6283	node-sass-v4.9.0
CVE-2018-11698	node-sass-v4.9.0
CVE-2018-11499	node-sass-v4.9.0
CVE-2021-23383	handlebars-4.1.2.tgz
CVE-2025-6545	pbkdf2-3.0.16.tgz
CVE-2024-42459	elliptic-6.4.1.tgz
CVE-2025-6547	pbkdf2-3.0.16.tgz
CVE-2024-42460	elliptic-6.4.1.tgz
WS-2019-0424	elliptic-6.4.1.tgz
CVE-2018-11693	node-sass-v4.9.0
CVE-2018-11694	node-sass-v4.9.0
CVE-2025-69873	ajv-5.5.2.tgz
CVE-2022-26592	node-sass-v4.9.0
CVE-2022-25758	scss-tokenizer-0.2.3.tgz
CVE-2018-11697	node-sass-4.9.3.tgz
CVE-2019-10744	lodash.merge-4.6.1.tgz
CVE-2018-11697	node-sass-v4.9.0
CVE-2018-19838	node-sass-v4.9.0
CVE-2018-19827	node-sass-4.9.3.tgz
CVE-2022-25883	semver-5.3.0.tgz
CVE-2019-6283	node-sass-4.9.3.tgz
CVE-2023-28155	request-2.87.0.tgz
CVE-2021-27290	ssri-5.3.0.tgz
CVE-2025-69873	ajv-6.5.2.tgz
CVE-2019-16769	serialize-javascript-1.5.0.tgz
CVE-2018-11693	node-sass-4.9.3.tgz
CVE-2019-20920	handlebars-4.1.2.tgz
CVE-2020-7608	yargs-parser-5.0.0.tgz
WS-2025-0006	elliptic-6.4.1.tgz
CVE-2018-19837	node-sass-4.9.3.tgz
CVE-2019-20922	handlebars-4.1.2.tgz
CVE-2018-19827	node-sass-v4.9.0
WS-2019-0427	elliptic-6.4.1.tgz
CVE-2018-19837	node-sass-v4.9.0
CVE-2019-18797	node-sass-4.9.3.tgz
CVE-2018-19827	CSS::Sass-v3.4.12
CVE-2018-19839	node-sass-4.9.3.tgz
CVE-2021-23382	postcss-7.0.2.tgz
CVE-2023-44270	postcss-7.0.2.tgz
CVE-2018-19838	node-sass-4.9.3.tgz
CVE-2018-19797	node-sass-v4.9.0
CVE-2025-7783	form-data-2.3.2.tgz
CVE-2025-9287	cipher-base-1.0.4.tgz
CVE-2018-11694	node-sass-4.9.3.tgz
CVE-2020-28469	glob-parent-3.1.0.tgz
CVE-2020-8203	lodash-4.17.10.tgz
CVE-2023-46234	browserify-sign-4.0.4.tgz
CVE-2021-37712	tar-2.2.2.tgz
CVE-2021-37713	tar-2.2.2.tgz
CVE-2019-15657	eslint-utils-1.3.1.tgz
WS-2019-0180	lodash.mergewith-4.6.1.tgz
CVE-2020-15366	ajv-5.5.2.tgz
CVE-2018-11499	node-sass-4.9.3.tgz
CVE-2021-32804	tar-2.2.2.tgz
CVE-2026-24842	tar-2.2.2.tgz
CVE-2019-10744	lodash.mergewith-4.6.1.tgz
WS-2020-0042	acorn-5.7.1.tgz
CVE-2024-48949	elliptic-6.4.1.tgz
CVE-2017-18869	chownr-1.0.1.tgz
CVE-2024-48948	elliptic-6.4.1.tgz

Base branch total remaining vulnerabilities: 239
Base branch commit: null

Total libraries scanned: 1262

Scan token: 109b472725c640be9f97bc68553b47a4

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 1 vulnerabilities#345

[Snyk] Fix for 1 vulnerabilities#345
attesch wants to merge 1 commit into
masterfrom
snyk-fix-6c78e42869a50ac84b7aa394d42c58ac

Uh oh!

Security Report

Re-running checks...

fix: package.json & package-lock.json to reduce vulnerabilities

Uh oh!

Security Report

Re-running checks...