[Snyk] Fix for 1 vulnerabilities #147
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
MSC-2023-16598Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> chokidar-2.1.2.tgz -> ❌ fsevents-1.2.7.tgz (Vulnerable Library) |
 Critical |
9.8 | fsevents-1.2.7.tgz | None | |
CVE-2023-45311Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> chokidar-2.1.2.tgz -> ❌ fsevents-1.2.7.tgz (Vulnerable Library) |
Critical |
9.8 | fsevents-1.2.7.tgz | Upgrade to version: fsevents - 1.2.11 | None |
CVE-2023-26136Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> request-2.88.0.tgz (Root Library) -> ❌ tough-cookie-2.4.3.tgz (Vulnerable Library) |
Critical |
9.8 | tough-cookie-2.4.3.tgz | Upgrade to version: tough-cookie - 4.1.3 | None |
CVE-2021-3918Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> request-2.88.0.tgz (Root Library) -> http-signature-1.2.0.tgz -> jsprim-1.4.1.tgz -> ❌ json-schema-0.2.3.tgz (Vulnerable Library) |
Critical |
9.8 | json-schema-0.2.3.tgz | Upgrade to version: json-schema - 0.4.0 | #97 |
CVE-2020-7788Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> chokidar-2.1.2.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> rc-1.2.8.tgz -> ❌ ini-1.3.5.tgz (Vulnerable Library) |
Critical |
9.8 | ini-1.3.5.tgz | Upgrade to version: v1.3.6 | #50 |
CVE-2020-7774Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> yargs-6.4.0.tgz -> ❌ y18n-3.2.1.tgz (Vulnerable Library) |
Critical |
9.8 | y18n-3.2.1.tgz | Upgrade to version: 3.2.2, 4.0.1, 5.0.5 | #48 |
CVE-2020-28503Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> gulp-4.0.0.tgz (Root Library) -> gulp-cli-2.0.1.tgz -> ❌ copy-props-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | copy-props-2.0.4.tgz | Upgrade to version: copy-props - 2.0.5 | #70 |
CVE-2020-36327Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library) |
 High |
8.8 | bundler-2.0.1.gem | Upgrade to version: bundler - 2.2.10 | None |
CVE-2021-37713Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> chokidar-2.1.2.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.6 | tar-4.4.8.tgz | Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 | #92 |
CVE-2021-37712Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> chokidar-2.1.2.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.6 | tar-4.4.8.tgz | Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 | #87 |
CVE-2021-37701Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> chokidar-2.1.2.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.6 | tar-4.4.8.tgz | Upgrade to version: tar - 4.4.16,5.0.8,6.1.7 | #91 |
CVE-2021-32804Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> chokidar-2.1.2.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.1 | tar-4.4.8.tgz | Upgrade to version: tar - 3.2.2, 4.4.14, 5.0.6, 6.1.1 | #89 |
CVE-2021-32803Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> chokidar-2.1.2.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.1 | tar-4.4.8.tgz | Upgrade to version: tar - 3.2.3, 4.4.15, 5.0.7, 6.1.2 | #90 |
CVE-2019-3881Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library) |
High |
7.8 | bundler-2.0.1.gem | Upgrade to version: v2.1.0.pre.3 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> googleapis-39.2.0.tgz (Root Library) -> google-auth-library-3.1.2.tgz -> ❌ semver-5.6.0.tgz (Vulnerable Library) |
High |
7.5 | semver-5.6.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-24999Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> request-2.88.0.tgz (Root Library) -> ❌ qs-6.5.2.tgz (Vulnerable Library) |
High |
7.5 | qs-6.5.2.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | #134 |
CVE-2022-24772Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-3.0.0.tgz (Root Library) -> google-gax-1.15.4.tgz -> google-auth-library-5.10.1.tgz -> gtoken-4.1.4.tgz -> google-p12-pem-2.0.5.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #115 |
CVE-2022-24771Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-3.0.0.tgz (Root Library) -> google-gax-1.15.4.tgz -> google-auth-library-5.10.1.tgz -> gtoken-4.1.4.tgz -> google-p12-pem-2.0.5.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #116 |
CVE-2021-3803Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> cheerio-1.0.0-rc.2.tgz (Root Library) -> css-select-1.2.0.tgz -> ❌ nth-check-1.0.2.tgz (Vulnerable Library) |
High |
7.5 | nth-check-1.0.2.tgz | Upgrade to version: nth-check - v2.0.1 | #98 |
CVE-2021-27292Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> ❌ ua-parser-js-0.7.17.tgz (Vulnerable Library) |
High |
7.5 | ua-parser-js-0.7.17.tgz | Upgrade to version: ua-parser-js - 0.7.24 | #71 |
CVE-2021-23343Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> gulp-4.0.0.tgz (Root Library) -> gulp-cli-2.0.1.tgz -> liftoff-2.5.0.tgz -> resolve-1.10.0.tgz -> ❌ path-parse-1.0.6.tgz (Vulnerable Library) |
High |
7.5 | path-parse-1.0.6.tgz | Upgrade to version: path-parse - 1.0.7 | #75 |
CVE-2020-7793Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> ❌ ua-parser-js-0.7.17.tgz (Vulnerable Library) |
High |
7.5 | ua-parser-js-0.7.17.tgz | Upgrade to version: 0.7.23 | #60 |
CVE-2020-7733Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> ❌ ua-parser-js-0.7.17.tgz (Vulnerable Library) |
High |
7.5 | ua-parser-js-0.7.17.tgz | Upgrade to version: ua-parser-js - 0.7.22 | #44 |
CVE-2021-43809Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library) |
High |
7.3 | bundler-2.0.1.gem | Upgrade to version: bundler - 2.2.33 | None |
WS-2022-0008Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-3.0.0.tgz (Root Library) -> google-gax-1.15.4.tgz -> google-auth-library-5.10.1.tgz -> gtoken-4.1.4.tgz -> google-p12-pem-2.0.5.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
 Medium |
6.6 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | #101 |
CVE-2022-0155Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> localtunnel-1.9.1.tgz -> axios-0.17.1.tgz -> ❌ follow-redirects-1.7.0.tgz (Vulnerable Library) |
Medium |
6.5 | follow-redirects-1.7.0.tgz | Upgrade to version: follow-redirects - v1.14.7 | #104 |
CVE-2022-0122Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-3.0.0.tgz (Root Library) -> google-gax-1.15.4.tgz -> google-auth-library-5.10.1.tgz -> gtoken-4.1.4.tgz -> google-p12-pem-2.0.5.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium |
6.1 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | #99 |
CVE-2022-0536Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> localtunnel-1.9.1.tgz -> axios-0.17.1.tgz -> ❌ follow-redirects-1.7.0.tgz (Vulnerable Library) |
Medium |
5.9 | follow-redirects-1.7.0.tgz | Upgrade to version: follow-redirects - 1.14.8 | #105 |
CVE-2022-24773Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-3.0.0.tgz (Root Library) -> google-gax-1.15.4.tgz -> google-auth-library-5.10.1.tgz -> gtoken-4.1.4.tgz -> google-p12-pem-2.0.5.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium |
5.3 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #114 |
CVE-2021-32640Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> browser-sync-ui-2.26.4.tgz -> socket.io-client-2.2.0.tgz -> engine.io-client-3.3.2.tgz -> ❌ ws-6.1.4.tgz (Vulnerable Library) |
Medium |
5.3 | ws-6.1.4.tgz | Upgrade to version: 5.2.3,6.2.2,7.4.6 | #81 |
CVE-2021-23362Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> yargs-6.4.0.tgz -> read-pkg-up-1.0.1.tgz -> read-pkg-1.1.0.tgz -> normalize-package-data-2.5.0.tgz -> ❌ hosted-git-info-2.7.1.tgz (Vulnerable Library) |
Medium |
5.3 | hosted-git-info-2.7.1.tgz | Upgrade to version: hosted-git-info - 2.8.9,3.0.8 | #72 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2023-32732 | grpc-v1.19.0 |
| CVE-2023-33953 | grpc-v1.19.0 |
| WS-2020-0368 | node-v7.6.0 |
| CVE-2021-32640 | ws-6.2.0.tgz |
| CVE-2018-7159 | io.js |
| CVE-2018-25032 | node-v7.6.0 |
| CVE-2018-17567 | jekyll-v3.7.1 |
| CVE-2022-37434 | node-v7.6.0 |
| CVE-2023-32731 | grpc-v1.19.0 |
| CVE-2020-14001 | kramdown-REL_1_17_0 |
| CVE-2020-15168 | node-fetch-2.3.0.tgz |
| CVE-2020-7768 | grpc-js-0.3.6.tgz |
| CVE-2022-25878 | protobufjs-6.8.8.tgz |
| CVE-2021-32740 | addressable-addressable-2.6.0 |
| CVE-2022-25878 | protobufjs-5.0.3.tgz |
| CVE-2020-1971 | ring-fips-20180730 |
| CVE-2022-0235 | node-fetch-2.3.0.tgz |
| CVE-2020-7768 | grpc-1.19.0.tgz |
Base branch total remaining vulnerabilities: 85
Base branch commit: null
Total libraries scanned: 784
Scan token: 5595be38d17941f0976de0b384b4f503