[Snyk] Fix for 83 vulnerabilities #172

Security Report

You have successfully remediated 7 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
CVE-2024-37890 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> gatsby-5.4.0.tgz (Root Library) -> socket.io-client-4.5.4.tgz -> engine.io-client-6.2.3.tgz -> ❌ ws-8.2.3.tgz (Vulnerable Library)	High	7.5	ws-8.2.3.tgz	Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1	None
CVE-2024-29180 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> gatsby-5.4.0.tgz (Root Library) -> ❌ webpack-dev-middleware-4.3.0.tgz (Vulnerable Library)	High	7.4	webpack-dev-middleware-4.3.0.tgz	Upgrade to version: webpack-dev-middleware - 5.3.4,6.1.2,7.1.0	None
CVE-2024-38355 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> gatsby-5.4.0.tgz (Root Library) -> ❌ socket.io-4.5.4.tgz (Vulnerable Library)	High	7.3	socket.io-4.5.4.tgz	Upgrade to version: socket.io - 2.5.1,4.6.2	None
CVE-2023-45857 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> gatsby-5.4.0.tgz (Root Library) -> ❌ axios-0.21.4.tgz (Vulnerable Library)	Medium	6.5	axios-0.21.4.tgz	Upgrade to version: axios - 1.6.0	None
CVE-2023-31125 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> gatsby-5.4.0.tgz (Root Library) -> socket.io-4.5.4.tgz -> ❌ engine.io-6.2.1.tgz (Vulnerable Library)	Medium	6.5	engine.io-6.2.1.tgz	Upgrade to version: engine.io - 6.4.2	None
CVE-2023-34238 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ gatsby-5.4.0.tgz (Vulnerable Library)	Medium	5.3	gatsby-5.4.0.tgz	Upgrade to version: gatsby - 4.25.7,5.9.1	None

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
CVE-2020-7733	ua-parser-js-0.7.18.tgz
CVE-2022-0235	node-fetch-1.7.3.tgz
CVE-2021-23358	underscore-1.9.1.tgz
CVE-2020-15168	node-fetch-1.7.3.tgz
CVE-2020-7793	ua-parser-js-0.7.18.tgz
CVE-2021-27292	ua-parser-js-0.7.18.tgz
CVE-2022-3517	minimatch-3.0.4.tgz

Base branch total remaining vulnerabilities: 7
Base branch commit: null

Total libraries scanned: 1342

Scan token: 8923d715e08343169eed10341c165ef6

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 83 vulnerabilities #172

[Snyk] Fix for 83 vulnerabilities #172

Security Report

Re-running checks...

[Snyk] Fix for 83 vulnerabilities #172

Are you sure you want to change the base?

fix: package.json & package-lock.json to reduce vulnerabilities

[Snyk] Fix for 83 vulnerabilities #172

Security Report

Re-running checks...