Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade node-sass from 4.14.1 to 7.0.2 #89

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: package.json & package-lock.json to reduce vulnerabilities

f38c744
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade node-sass from 4.14.1 to 7.0.2 #89

fix: package.json & package-lock.json to reduce vulnerabilities
f38c744
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Dec 19, 2023 in 16m 34s

Security Report

You have successfully remediated 42 vulnerabilities, but introduced 10 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2018-19827

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-7.0.2.tgz (Vulnerable Library)

High 8.8 node-sass-7.0.2.tgz Upgrade to version: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6 #33
CVE-2018-11694

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-7.0.2.tgz (Vulnerable Library)

High 8.8 node-sass-7.0.2.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #35
CVE-2021-23337

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> node-sass-7.0.2.tgz (Root Library)

   -> ❌ lodash-4.17.20.tgz (Vulnerable Library)

High 7.2 lodash-4.17.20.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 None
CVE-2019-6286

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-7.0.2.tgz (Vulnerable Library)

Medium 6.5 node-sass-7.0.2.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #25
CVE-2019-6283

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-7.0.2.tgz (Vulnerable Library)

Medium 6.5 node-sass-7.0.2.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #29
CVE-2018-20821

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-7.0.2.tgz (Vulnerable Library)

Medium 6.5 node-sass-7.0.2.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #27
CVE-2018-20190

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-7.0.2.tgz (Vulnerable Library)

Medium 6.5 node-sass-7.0.2.tgz Upgrade to version: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6 #31
CVE-2018-19839

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-7.0.2.tgz (Vulnerable Library)

Medium 6.5 node-sass-7.0.2.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #32
CVE-2018-19797

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-sass-7.0.2.tgz (Vulnerable Library)

Medium 6.5 node-sass-7.0.2.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #39
CVE-2020-28500

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> node-sass-7.0.2.tgz (Root Library)

   -> ❌ lodash-4.17.20.tgz (Vulnerable Library)

Medium 5.3 lodash-4.17.20.tgz Upgrade to version: lodash - 4.17.21 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2018-11694 node-sass-4.14.1.tgz
CVE-2019-6284 opennms-opennms-source-26.0.0-1
CVE-2018-19826 opennms-opennms-source-26.0.0-1
WS-2022-0167 svelte-3.31.0.tgz
CVE-2018-11698 opennms-opennms-source-26.0.0-1
CVE-2021-32803 tar-2.2.2.tgz
CVE-2018-20821 node-sass-4.14.1.tgz
CVE-2021-37712 tar-2.2.2.tgz
WS-2019-0605 CSS::Sass-v3.4.11
CVE-2018-19839 CSS::Sass-v3.4.11
CVE-2020-24025 node-sass-4.14.1.tgz
CVE-2021-37713 tar-2.2.2.tgz
CVE-2020-7774 y18n-4.0.0.tgz
CVE-2019-6286 opennms-opennms-source-26.0.0-1
CVE-2018-19797 node-sass-4.14.1.tgz
CVE-2020-28469 glob-parent-5.1.1.tgz
CVE-2019-18797 opennms-opennms-source-26.0.0-1
CVE-2018-20821 opennms-opennms-source-26.0.0-1
CVE-2019-6286 node-sass-4.14.1.tgz
CVE-2018-11694 opennms-opennms-source-26.0.0-1
CVE-2018-19827 opennms-opennms-source-26.0.0-1
CVE-2019-6283 opennms-opennms-source-26.0.0-1
CVE-2018-20190 node-sass-4.14.1.tgz
CVE-2019-6284 node-sass-4.14.1.tgz
CVE-2018-19827 node-sass-4.14.1.tgz
CVE-2021-32804 tar-2.2.2.tgz
CVE-2018-19839 node-sass-4.14.1.tgz
CVE-2022-25875 svelte-3.31.0.tgz
CVE-2018-20190 opennms-opennms-source-26.0.0-1
CVE-2019-6283 node-sass-4.14.1.tgz
CVE-2022-25758 scss-tokenizer-0.2.3.tgz
CVE-2018-11499 opennms-opennms-source-26.0.0-1
CVE-2018-11697 opennms-opennms-source-26.0.0-1
CVE-2018-19838 opennms-opennms-source-26.0.0-1
CVE-2022-26592 opennms-opennms-source-26.0.0-1
CVE-2018-20822 opennms-opennms-source-26.0.0-1
CVE-2021-37701 tar-2.2.2.tgz
CVE-2018-19797 opennms-opennms-source-26.0.0-1
CVE-2023-26136 tough-cookie-2.5.0.tgz
CVE-2023-28155 request-2.88.2.tgz
CVE-2018-11697 CSS::Sass-v3.4.11
CVE-2022-25858 terser-4.8.0.tgz

Base branch total remaining vulnerabilities: 45
Base branch commit: null


Total libraries scanned: 221

Scan token: 4dbe8b5afaf04613ae868891fdc6cf99

View more details on Mend Bolt for GitHub