[Snyk] Security upgrade browser-sync from 2.29.3 to 3.0.0 #117
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/findup-sync/node_modules/braces/package.json,/node_modules/liftoff/node_modules/braces/package.json,/node_modules/karma/node_modules/readdirp/node_modules/braces/package.json,/node_modules/gulp-load-plugins/node_modules/braces/package.json Dependency Hierarchy: -> karma-1.3.0.tgz (Root Library) -> chokidar-1.7.0.tgz -> readdirp-2.2.1.tgz -> micromatch-3.1.10.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library) |
 High |
7.5 | braces-2.3.2.tgz | Upgrade to version: braces - 3.0.3 | None |
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/expand-braces/node_modules/braces/package.json Dependency Hierarchy: -> karma-1.3.0.tgz (Root Library) -> expand-braces-0.1.2.tgz -> ❌ braces-0.1.5.tgz (Vulnerable Library) |
High |
7.5 | braces-0.1.5.tgz | Upgrade to version: braces - 3.0.3 | None |
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/download/node_modules/braces/package.json,/node_modules/karma/node_modules/braces/package.json,/node_modules/decompress/node_modules/braces/package.json Dependency Hierarchy: -> gulp-imagemin-3.4.0.tgz (Root Library) -> imagemin-jpegtran-5.0.2.tgz -> jpegtran-bin-3.2.0.tgz -> bin-build-2.2.0.tgz -> download-4.4.3.tgz -> vinyl-fs-2.4.4.tgz -> glob-stream-5.3.5.tgz -> micromatch-2.3.11.tgz -> ❌ braces-1.8.5.tgz (Vulnerable Library) |
High |
7.5 | braces-1.8.5.tgz | Upgrade to version: braces - 3.0.3 | None |
CVE-2024-3651Path to dependency file: /docs/requirements.txt Path to vulnerable library: /docs/requirements.txt Dependency Hierarchy: -> ❌ idna-2.1-py2.py3-none-any.whl (Vulnerable Library) |
High |
7.5 | idna-2.1-py2.py3-none-any.whl | Upgrade to version: idna - 3.7 | None |
CVE-2022-21681Path to dependency file: /package.json Path to vulnerable library: /node_modules/marked/package.json Dependency Hierarchy: -> gulp-notify-2.2.0.tgz (Root Library) -> node-notifier-4.6.1.tgz -> cli-usage-0.1.10.tgz -> ❌ marked-0.7.0.tgz (Vulnerable Library) |
High |
7.5 | marked-0.7.0.tgz | Upgrade to version: marked - 4.0.10 | None |
CVE-2022-21680Path to dependency file: /package.json Path to vulnerable library: /node_modules/marked/package.json Dependency Hierarchy: -> gulp-notify-2.2.0.tgz (Root Library) -> node-notifier-4.6.1.tgz -> cli-usage-0.1.10.tgz -> ❌ marked-0.7.0.tgz (Vulnerable Library) |
High |
7.5 | marked-0.7.0.tgz | Upgrade to version: marked - 4.0.10 | None |
CVE-2019-12410Path to dependency file: /docs/requirements.txt Path to vulnerable library: /docs/requirements.txt Dependency Hierarchy: -> ❌ arrow-0.7.0.tar.gz (Vulnerable Library) |
High |
7.5 | arrow-0.7.0.tar.gz | Upgrade to version: red-arrow - 0.15.1 | None |
CVE-2024-1135Path to dependency file: /tmp/ws-scm/lemur Path to vulnerable library: /tmp/ws-scm/lemur Dependency Hierarchy: -> ❌ gunicorn-19.7.1-py2.py3-none-any.whl (Vulnerable Library) |
High |
7.4 | gunicorn-19.7.1-py2.py3-none-any.whl | Upgrade to version: gunicorn - 22.0.0 | None |
WS-2020-0163Path to dependency file: /package.json Path to vulnerable library: /node_modules/marked/package.json Dependency Hierarchy: -> gulp-notify-2.2.0.tgz (Root Library) -> node-notifier-4.6.1.tgz -> cli-usage-0.1.10.tgz -> ❌ marked-0.7.0.tgz (Vulnerable Library) |
 Medium |
5.9 | marked-0.7.0.tgz | Upgrade to version: marked - 1.1.1 | None |
CVE-2020-14422Path to dependency file: /docs/requirements.txt Path to vulnerable library: /docs/requirements.txt Dependency Hierarchy: -> ❌ ipaddress-1.0.16.tar.gz (Vulnerable Library) |
Medium |
5.9 | ipaddress-1.0.16.tar.gz | Upgrade to version: v3.5.10,v3.6.12,v3.7.9,v3.8.4v3.9.0 | None |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/gulp-load-plugins/node_modules/micromatch/package.json,/node_modules/karma/node_modules/readdirp/node_modules/micromatch/package.json,/node_modules/findup-sync/node_modules/micromatch/package.json,/node_modules/liftoff/node_modules/micromatch/package.json Dependency Hierarchy: -> karma-1.3.0.tgz (Root Library) -> chokidar-1.7.0.tgz -> readdirp-2.2.1.tgz -> ❌ micromatch-3.1.10.tgz (Vulnerable Library) |
Medium |
5.3 | micromatch-3.1.10.tgz | Upgrade to version: micromatch - 4.0.8 | None |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/karma/node_modules/micromatch/package.json,/node_modules/decompress/node_modules/micromatch/package.json,/node_modules/download/node_modules/micromatch/package.json Dependency Hierarchy: -> gulp-imagemin-3.4.0.tgz (Root Library) -> imagemin-jpegtran-5.0.2.tgz -> jpegtran-bin-3.2.0.tgz -> bin-build-2.2.0.tgz -> download-4.4.3.tgz -> vinyl-fs-2.4.4.tgz -> glob-stream-5.3.5.tgz -> ❌ micromatch-2.3.11.tgz (Vulnerable Library) |
Medium |
5.3 | micromatch-2.3.11.tgz | Upgrade to version: micromatch - 4.0.8 | None |
CVE-2022-33987Path to dependency file: /package.json Path to vulnerable library: /node_modules/got/package.json Dependency Hierarchy: -> gulp-imagemin-3.4.0.tgz (Root Library) -> imagemin-jpegtran-5.0.2.tgz -> jpegtran-bin-3.2.0.tgz -> bin-build-2.2.0.tgz -> download-4.4.3.tgz -> ❌ got-5.6.0.tgz (Vulnerable Library) |
Medium |
5.3 | got-5.6.0.tgz | Upgrade to version: got - 11.8.5,12.1.0 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2022-2421 | socket.io-parser-3.2.0.tgz |
| CVE-2020-25659 | cryptography-1.3.2.tar.gz |
| WS-2020-0091 | http-proxy-1.15.2.tgz |
| CVE-2019-10744 | lodash-4.17.11.tgz |
| CVE-2019-10906 | Jinja2-2.10-py2.py3-none-any.whl |
| CVE-2022-40897 | setuptools-40.8.0-py2.py3-none-any.whl |
| CVE-2023-23934 | Werkzeug-0.15.1-py2.py3-none-any.whl |
| CVE-2022-25883 | semver-5.6.0.tgz |
| CVE-2024-34064 | Jinja2-2.10-py2.py3-none-any.whl |
| CVE-2021-3805 | object-path-0.9.2.tgz |
| CVE-2024-34069 | Werkzeug-0.15.1-py2.py3-none-any.whl |
| CVE-2024-49766 | Werkzeug-0.15.1-py2.py3-none-any.whl |
| WS-2019-0209 | marked-0.5.2.tgz |
| CVE-2022-21681 | marked-0.5.2.tgz |
| CVE-2021-20270 | Pygments-2.3.1-py2.py3-none-any.whl |
| CVE-2024-38355 | socket.io-2.1.1.tgz |
| CVE-2019-11324 | urllib3-1.24.1-py2.py3-none-any.whl |
| CVE-2019-14322 | Werkzeug-0.15.1-py2.py3-none-any.whl |
| CVE-2022-23491 | certifi-2019.3.9-py2.py3-none-any.whl |
| CVE-2020-28168 | axios-0.17.1.tgz |
| CVE-2019-10746 | mixin-deep-1.3.1.tgz |
| CVE-2021-3918 | json-schema-0.2.3.tgz |
| CVE-2022-0536 | follow-redirects-1.7.0.tgz |
| CVE-2022-24999 | qs-6.5.2.tgz |
| CVE-2023-2650 | cryptography-2.6.1-cp27-cp27mu-manylinux1_x86_64.whl |
| WS-2020-0163 | marked-0.5.2.tgz |
| CVE-2021-23337 | lodash-4.17.11.tgz |
| CVE-2018-1000656 | Flask-0.10.1.tar.gz |
| CVE-2021-23343 | path-parse-1.0.6.tgz |
| CVE-2022-2421 | socket.io-parser-3.3.0.tgz |
| CVE-2020-36049 | socket.io-parser-3.2.0.tgz |
| CVE-2023-37920 | certifi-2019.3.9-py2.py3-none-any.whl |
| CVE-2023-45311 | fsevents-1.2.7.tgz |
| CVE-2020-36049 | socket.io-parser-3.3.0.tgz |
| CVE-2022-0155 | follow-redirects-1.7.0.tgz |
| CVE-2024-47764 | cookie-0.3.1.tgz |
| CVE-2019-10742 | axios-0.17.1.tgz |
| CVE-2020-8203 | lodash-4.17.11.tgz |
| CVE-2020-36242 | cryptography-2.6.1-cp27-cp27mu-manylinux1_x86_64.whl |
| WS-2017-0115 | angular-v1.4.9 |
| CVE-2021-23434 | object-path-0.9.2.tgz |
| CVE-2024-6345 | setuptools-40.8.0-py2.py3-none-any.whl |
| CVE-2021-37701 | tar-4.4.8.tgz |
| CVE-2021-44906 | minimist-0.2.0.tgz |
| CVE-2024-43799 | send-0.16.2.tgz |
| CVE-2020-28500 | lodash-4.17.11.tgz |
| CVE-2023-3446 | cryptography-2.6.1-cp27-cp27mu-manylinux1_x86_64.whl |
| CVE-2022-33987 | got-5.7.1.tgz |
| CVE-2019-10747 | set-value-0.4.3.tgz |
| CVE-2023-45857 | axios-0.17.1.tgz |
| WS-2017-0268 | angular-v1.4.9 |
| CVE-2022-38900 | decode-uri-component-0.2.0.tgz |
| CVE-2021-27291 | Pygments-2.3.1-py2.py3-none-any.whl |
| CVE-2020-15256 | object-path-0.9.2.tgz |
| CVE-2020-28502 | xmlhttprequest-ssl-1.5.5.tgz |
| CVE-2020-7793 | ua-parser-js-0.7.17.tgz |
| CVE-2023-25577 | Werkzeug-0.15.1-py2.py3-none-any.whl |
| CVE-2023-30861 | Flask-0.10.1.tar.gz |
| WS-2023-0439 | axios-0.17.1.tgz |
| CVE-2020-14422 | ipaddress-1.0.22-py2.py3-none-any.whl |
| CVE-2020-7598 | minimist-0.0.8.tgz |
| CVE-2021-23440 | set-value-2.0.0.tgz |
| CVE-2024-45590 | body-parser-1.18.3.tgz |
| CVE-2020-7774 | y18n-3.2.1.tgz |
| CVE-2021-3749 | axios-0.17.1.tgz |
| CVE-2016-9243 | cryptography-1.3.2.tar.gz |
| CVE-2024-49767 | Werkzeug-0.15.1-py2.py3-none-any.whl |
| CVE-2024-37891 | urllib3-1.24.1-py2.py3-none-any.whl |
| CVE-2024-43800 | serve-static-1.13.2.tgz |
| CVE-2024-37890 | ws-6.1.4.tgz |
| CVE-2023-38325 | cryptography-2.6.1-cp27-cp27mu-manylinux1_x86_64.whl |
| CVE-2020-7598 | minimist-0.2.0.tgz |
| CVE-2020-36048 | engine.io-3.2.1.tgz |
| CVE-2021-23362 | hosted-git-info-2.7.1.tgz |
| CVE-2020-26137 | urllib3-1.24.1-py2.py3-none-any.whl |
| CVE-2024-28849 | follow-redirects-1.7.0.tgz |
| CVE-2023-46136 | Werkzeug-0.15.1-py2.py3-none-any.whl |
| CVE-2024-3651 | idna-2.8-py2.py3-none-any.whl |
| CVE-2023-3446 | cryptography-1.3.2.tar.gz |
| CVE-2023-0286 | cryptography-2.6.1-cp27-cp27mu-manylinux1_x86_64.whl |
| CVE-2019-20149 | kind-of-6.0.2.tgz |
| CVE-2020-14422 | ipaddress-1.0.16-py27-none-any.whl |
| CVE-2022-24999 | qs-6.4.0.tgz |
| CVE-2020-7733 | ua-parser-js-0.7.17.tgz |
| CVE-2021-44906 | minimist-0.0.8.tgz |
| CVE-2017-16137 | debug-3.2.6.tgz |
| CVE-2019-1010083 | Flask-0.10.1.tar.gz |
| CVE-2021-33503 | urllib3-1.24.1-py2.py3-none-any.whl |
| CVE-2023-0286 | cryptography-1.3.2.tar.gz |
| CVE-2018-25091 | urllib3-1.24.1-py2.py3-none-any.whl |
| WS-2017-0118 | angular-v1.4.9 |
| CVE-2020-7788 | ini-1.3.5.tgz |
| CVE-2023-43804 | urllib3-1.24.1-py2.py3-none-any.whl |
| CVE-2019-11236 | urllib3-1.24.1-py2.py3-none-any.whl |
| CVE-2023-26159 | follow-redirects-1.7.0.tgz |
| CVE-2024-22195 | Jinja2-2.10-py2.py3-none-any.whl |
| CVE-2020-7608 | yargs-parser-4.2.1.tgz |
| CVE-2021-37712 | tar-4.4.8.tgz |
| WS-2019-0024 | marked-0.5.2.tgz |
| CVE-2020-28481 | socket.io-2.1.1.tgz |
| MSC-2023-16598 | fsevents-1.2.7.tgz |
| CVE-2019-10747 | set-value-2.0.0.tgz |
| CVE-2022-24999 | qs-6.2.3.tgz |
| CVE-2020-28493 | Jinja2-2.10-py2.py3-none-any.whl |
| WS-2017-0117 | angular-v1.4.9 |
| CVE-2020-36242 | cryptography-1.3.2.tar.gz |
| CVE-2019-10744 | lodash.merge-4.6.1.tgz |
| CVE-2023-30861 | Flask-1.0.2-py2.py3-none-any.whl |
| CVE-2019-9740 | urllib3-1.24.1-py2.py3-none-any.whl |
| CVE-2023-45803 | urllib3-1.24.1-py2.py3-none-any.whl |
| CVE-2022-21680 | marked-0.5.2.tgz |
| CVE-2019-14806 | Werkzeug-0.15.1-py2.py3-none-any.whl |
| WS-2017-0116 | angular-v1.4.9 |
| CVE-2021-37713 | tar-4.4.8.tgz |
| CVE-2020-7598 | minimist-1.2.0.tgz |
| CVE-2023-50782 | cryptography-1.3.2.tar.gz |
| CVE-2020-7608 | yargs-parser-5.0.0.tgz |
| CVE-2020-8244 | bl-1.2.2.tgz |
| CVE-2020-25659 | cryptography-2.6.1-cp27-cp27mu-manylinux1_x86_64.whl |
| CVE-2024-3651 | idna-2.1-py2-none-any.whl |
| CVE-2024-27088 | es5-ext-0.10.49.tgz |
| CVE-2024-28863 | tar-4.4.8.tgz |
| CVE-2023-38325 | cryptography-1.3.2.tar.gz |
| CVE-2021-23440 | set-value-0.4.3.tgz |
| CVE-2021-32640 | ws-6.1.4.tgz |
| WS-2020-0443 | socket.io-2.1.1.tgz |
| WS-2017-0119 | angular-v1.4.9 |
| CVE-2021-27292 | ua-parser-js-0.7.17.tgz |
| CVE-2021-42771 | Babel-2.6.0-py2.py3-none-any.whl |
| CVE-2021-32804 | tar-4.4.8.tgz |
| CVE-2021-31597 | xmlhttprequest-ssl-1.5.5.tgz |
| CVE-2021-44906 | minimist-1.2.0.tgz |
| CVE-2022-40023 | Mako-1.0.8.tar.gz |
| WS-2019-0169 | marked-0.5.2.tgz |
| CVE-2023-23931 | cryptography-2.6.1-cp27-cp27mu-manylinux1_x86_64.whl |
| CVE-2022-25883 | semver-5.7.0.tgz |
| CVE-2021-32803 | tar-4.4.8.tgz |
| CVE-2023-4807 | cryptography-2.6.1-cp27-cp27mu-manylinux1_x86_64.whl |
| CVE-2023-50782 | cryptography-2.6.1-cp27-cp27mu-manylinux1_x86_64.whl |
| CVE-2023-2650 | cryptography-1.3.2.tar.gz |
| CVE-2022-3517 | minimatch-3.0.4.tgz |
| CVE-2024-37890 | ws-3.3.3.tgz |
| CVE-2022-41940 | engine.io-3.2.1.tgz |
Base branch total remaining vulnerabilities: 277
Base branch commit: null
Total libraries scanned: 1154
Scan token: 6f982dbbc8ce49f797bdffa0559c5db1