[Snyk] Security upgrade gulp from 4.0.0 to 5.0.0 #155

Security Report

You have successfully remediated 16 vulnerabilities, but introduced 5 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
CVE-2020-36327 Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library)	High	8.8	bundler-2.0.1.gem	Upgrade to version: bundler - 2.2.10	None
CVE-2019-3881 Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library)	High	7.8	bundler-2.0.1.gem	Upgrade to version: v2.1.0.pre.3	None
CVE-2022-25883 Path to dependency file: /package.json Path to vulnerable library: /node_modules/google-gax/node_modules/semver/package.json Dependency Hierarchy: -> language-2.1.0.tgz (Root Library) -> google-gax-0.25.6.tgz -> ❌ semver-6.0.0.tgz (Vulnerable Library)	High	7.5	semver-6.0.0.tgz	Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2	None
CVE-2021-43809 Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library)	High	7.3	bundler-2.0.1.gem	Upgrade to version: bundler - 2.2.33	None
CVE-2024-29041 Path to dependency file: /package.json Path to vulnerable library: /node_modules/express/package.json Dependency Hierarchy: -> screenshot-util-1.1.13.tgz (Root Library) -> ❌ express-4.16.4.tgz (Vulnerable Library)	Medium	6.1	express-4.16.4.tgz	Upgrade to version: express - 4.19.0	None

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
CVE-2023-33953	grpc-v1.19.0
WS-2020-0368	node-v7.6.0
CVE-2018-17567	jekyll-v3.7.1
CVE-2023-45853	node-v7.6.0
CVE-2021-23343	path-parse-1.0.6.tgz
CVE-2021-32740	addressable-addressable-2.6.0
CVE-2020-1971	ring-fips-20180730
CVE-2023-32732	grpc-v1.19.0
CVE-2020-7608	yargs-parser-5.0.0.tgz
CVE-2024-27088	es5-ext-0.10.49.tgz
CVE-2018-7159	io.js
CVE-2018-25032	node-v7.6.0
CVE-2022-37434	node-v7.6.0
CVE-2023-32731	grpc-v1.19.0
CVE-2020-28503	copy-props-2.0.4.tgz
CVE-2020-14001	kramdown-REL_1_17_0

Base branch total remaining vulnerabilities: 113
Base branch commit: null

Total libraries scanned: 761

Scan token: b6aae35d7ef342de8459782cc5b3b4d0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade gulp from 4.0.0 to 5.0.0 #155

[Snyk] Security upgrade gulp from 4.0.0 to 5.0.0 #155

Security Report

Re-running checks...

[Snyk] Security upgrade gulp from 4.0.0 to 5.0.0 #155

Are you sure you want to change the base?

fix: package.json to reduce vulnerabilities

[Snyk] Security upgrade gulp from 4.0.0 to 5.0.0 #155

Security Report

Re-running checks...