[Snyk] Security upgrade browser-sync from 2.26.4 to 3.0.0 #149

Security Report

You have successfully remediated 36 vulnerabilities, but introduced 18 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
MSC-2023-16598 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> gulp-4.0.0.tgz (Root Library) -> glob-watcher-5.0.3.tgz -> chokidar-2.1.2.tgz -> ❌ fsevents-1.2.7.tgz (Vulnerable Library)	Critical	9.8	fsevents-1.2.7.tgz		None
CVE-2023-45311 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> gulp-4.0.0.tgz (Root Library) -> glob-watcher-5.0.3.tgz -> chokidar-2.1.2.tgz -> ❌ fsevents-1.2.7.tgz (Vulnerable Library)	Critical	9.8	fsevents-1.2.7.tgz	Upgrade to version: fsevents - 1.2.11	None
CVE-2023-26136 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> request-2.88.0.tgz (Root Library) -> ❌ tough-cookie-2.4.3.tgz (Vulnerable Library)	Critical	9.8	tough-cookie-2.4.3.tgz	Upgrade to version: tough-cookie - 4.1.3	None
CVE-2021-3918 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> request-2.88.0.tgz (Root Library) -> http-signature-1.2.0.tgz -> jsprim-1.4.1.tgz -> ❌ json-schema-0.2.3.tgz (Vulnerable Library)	Critical	9.8	json-schema-0.2.3.tgz	Upgrade to version: json-schema - 0.4.0	#97
CVE-2020-7774 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> gulp-4.0.0.tgz (Root Library) -> gulp-cli-2.0.1.tgz -> yargs-7.1.0.tgz -> ❌ y18n-3.2.1.tgz (Vulnerable Library)	Critical	9.8	y18n-3.2.1.tgz	Upgrade to version: 3.2.2, 4.0.1, 5.0.5	#48
CVE-2020-28503 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> gulp-4.0.0.tgz (Root Library) -> gulp-cli-2.0.1.tgz -> ❌ copy-props-2.0.4.tgz (Vulnerable Library)	Critical	9.8	copy-props-2.0.4.tgz	Upgrade to version: copy-props - 2.0.5	#70
CVE-2020-36327 Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library)	High	8.8	bundler-2.0.1.gem	Upgrade to version: bundler - 2.2.10	None
CVE-2021-37713 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-2.1.0.tgz (Root Library) -> google-gax-0.25.6.tgz -> grpc-1.19.0.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library)	High	8.6	tar-4.4.8.tgz	Upgrade to version: tar - 4.4.18,5.0.10,6.1.9	#92
CVE-2021-37712 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-2.1.0.tgz (Root Library) -> google-gax-0.25.6.tgz -> grpc-1.19.0.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library)	High	8.6	tar-4.4.8.tgz	Upgrade to version: tar - 4.4.18,5.0.10,6.1.9	#87
CVE-2021-37701 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-2.1.0.tgz (Root Library) -> google-gax-0.25.6.tgz -> grpc-1.19.0.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library)	High	8.6	tar-4.4.8.tgz	Upgrade to version: tar - 4.4.16,5.0.8,6.1.7	#91
CVE-2021-32804 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-2.1.0.tgz (Root Library) -> google-gax-0.25.6.tgz -> grpc-1.19.0.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library)	High	8.1	tar-4.4.8.tgz	Upgrade to version: tar - 3.2.2, 4.4.14, 5.0.6, 6.1.1	#89
CVE-2021-32803 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-2.1.0.tgz (Root Library) -> google-gax-0.25.6.tgz -> grpc-1.19.0.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library)	High	8.1	tar-4.4.8.tgz	Upgrade to version: tar - 3.2.3, 4.4.15, 5.0.7, 6.1.2	#90
CVE-2019-3881 Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library)	High	7.8	bundler-2.0.1.gem	Upgrade to version: v2.1.0.pre.3	None
CVE-2022-25883 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> googleapis-39.2.0.tgz (Root Library) -> google-auth-library-3.1.2.tgz -> ❌ semver-5.6.0.tgz (Vulnerable Library)	High	7.5	semver-5.6.0.tgz	Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2	None
CVE-2022-25883 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-2.1.0.tgz (Root Library) -> google-gax-0.25.6.tgz -> ❌ semver-6.0.0.tgz (Vulnerable Library)	High	7.5	semver-6.0.0.tgz	Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2	None
CVE-2022-24999 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> request-2.88.0.tgz (Root Library) -> ❌ qs-6.5.2.tgz (Vulnerable Library)	High	7.5	qs-6.5.2.tgz	Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3	#134
CVE-2021-3803 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> cheerio-1.0.0-rc.2.tgz (Root Library) -> css-select-1.2.0.tgz -> ❌ nth-check-1.0.2.tgz (Vulnerable Library)	High	7.5	nth-check-1.0.2.tgz	Upgrade to version: nth-check - v2.0.1	#98
CVE-2021-43809 Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library)	High	7.3	bundler-2.0.1.gem	Upgrade to version: bundler - 2.2.33	None

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
CVE-2022-2421	socket.io-parser-3.2.0.tgz
CVE-2021-23434	object-path-0.9.2.tgz
WS-2020-0091	http-proxy-1.15.2.tgz
CVE-2023-32732	grpc-v1.19.0
CVE-2023-33953	grpc-v1.19.0
CVE-2021-3805	object-path-0.9.2.tgz
WS-2020-0368	node-v7.6.0
CVE-2023-45857	axios-0.17.1.tgz
CVE-2018-7159	io.js
CVE-2020-15256	object-path-0.9.2.tgz
CVE-2020-28502	xmlhttprequest-ssl-1.5.5.tgz
CVE-2020-7793	ua-parser-js-0.7.17.tgz
CVE-2018-25032	node-v7.6.0
WS-2020-0443	socket.io-2.1.1.tgz
CVE-2021-27292	ua-parser-js-0.7.17.tgz
CVE-2018-17567	jekyll-v3.7.1
CVE-2022-37434	node-v7.6.0
CVE-2020-7608	yargs-parser-4.2.1.tgz
CVE-2021-31597	xmlhttprequest-ssl-1.5.5.tgz
CVE-2020-28168	axios-0.17.1.tgz
CVE-2021-3749	axios-0.17.1.tgz
CVE-2023-32731	grpc-v1.19.0
CVE-2022-0536	follow-redirects-1.7.0.tgz
CVE-2020-28481	socket.io-2.1.1.tgz
CVE-2020-14001	kramdown-REL_1_17_0
CVE-2022-24999	qs-6.2.3.tgz
CVE-2020-36048	engine.io-3.2.1.tgz
CVE-2022-2421	socket.io-parser-3.3.0.tgz
CVE-2020-36049	socket.io-parser-3.2.0.tgz
CVE-2021-32740	addressable-addressable-2.6.0
CVE-2020-36049	socket.io-parser-3.3.0.tgz
CVE-2020-1971	ring-fips-20180730
CVE-2022-0155	follow-redirects-1.7.0.tgz
CVE-2019-10742	axios-0.17.1.tgz
CVE-2020-7733	ua-parser-js-0.7.17.tgz
CVE-2022-41940	engine.io-3.2.1.tgz

Base branch total remaining vulnerabilities: 93
Base branch commit: null

Total libraries scanned: 739

Scan token: 85588a04c1ab4d79b93d86144c943078

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade browser-sync from 2.26.4 to 3.0.0 #149

[Snyk] Security upgrade browser-sync from 2.26.4 to 3.0.0 #149

Security Report

Re-running checks...

[Snyk] Security upgrade browser-sync from 2.26.4 to 3.0.0 #149

Are you sure you want to change the base?

fix: package.json & package-lock.json to reduce vulnerabilities

[Snyk] Security upgrade browser-sync from 2.26.4 to 3.0.0 #149

Security Report

Re-running checks...