Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #30

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: package.json & package-lock.json to reduce vulnerabilities

81e189f
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #30

fix: package.json & package-lock.json to reduce vulnerabilities
81e189f
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / Mend Security Check failed Sep 24, 2024 in 1m 36s

Security Report

You have successfully remediated 99 vulnerabilities, but introduced 2 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-47068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-scripts-5.0.0.tgz (Root Library)

   -> workbox-webpack-plugin-6.6.0.tgz

     -> workbox-build-6.6.0.tgz

       -> ❌ rollup-2.79.1.tgz (Vulnerable Library)

Medium 6.1 rollup-2.79.1.tgz Upgrade to version: rollup - 3.29.5,4.22.4 None
CVE-2023-44270

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-scripts-5.0.0.tgz (Root Library)

   -> resolve-url-loader-4.0.0.tgz

     -> ❌ postcss-7.0.39.tgz (Vulnerable Library)

Medium 5.3 postcss-7.0.39.tgz Upgrade to version: postcss - 8.4.31 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2024-47068 rollup-1.32.1.tgz
CVE-2021-37712 tar-6.1.0.tgz
CVE-2022-24773 node-forge-0.10.0.tgz
CVE-2021-29060 color-string-1.5.4.tgz
CVE-2024-29415 ip-1.1.5.tgz
CVE-2021-23386 dns-packet-1.3.1.tgz
CVE-2022-37601 loader-utils-1.4.0.tgz
CVE-2021-32804 tar-6.1.0.tgz
CVE-2022-24772 node-forge-0.10.0.tgz
CVE-2022-24771 node-forge-0.10.0.tgz
CVE-2021-3807 ansi-regex-4.1.0.tgz
CVE-2023-26136 tough-cookie-3.0.1.tgz
CVE-2024-29180 webpack-dev-middleware-3.7.3.tgz
WS-2022-0008 node-forge-0.10.0.tgz
CVE-2024-37890 ws-7.4.3.tgz
CVE-2022-37603 loader-utils-1.4.0.tgz
CVE-2022-1650 eventsource-1.0.7.tgz
CVE-2022-0536 follow-redirects-1.13.2.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2022-0686 url-parse-1.5.1.tgz
CVE-2021-23364 browserslist-4.16.3.tgz
CVE-2022-24999 qs-6.5.2.tgz
CVE-2024-45590 body-parser-1.19.0.tgz
CVE-2021-37701 tar-6.1.0.tgz
CVE-2021-23382 postcss-7.0.21.tgz
CVE-2021-43138 async-2.6.3.tgz
CVE-2022-0512 url-parse-1.5.1.tgz
CVE-2021-23424 ansi-html-0.0.7.tgz
CVE-2022-25883 semver-5.7.1.tgz
CVE-2024-42460 elliptic-6.5.4.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2022-29078 ejs-2.7.4.tgz
CVE-2021-23368 postcss-8.2.6.tgz
CVE-2021-32640 ws-7.4.3.tgz
CVE-2024-43800 serve-static-1.14.1.tgz
CVE-2023-44270 postcss-7.0.21.tgz
CVE-2024-28863 tar-6.1.0.tgz
CVE-2022-25883 semver-7.0.0.tgz
CVE-2021-3777 tmpl-1.0.4.tgz
CVE-2024-28849 follow-redirects-1.13.2.tgz
CVE-2024-37890 ws-6.2.1.tgz
CVE-2021-23566 nanoid-3.1.20.tgz
CVE-2022-0155 follow-redirects-1.13.2.tgz
CVE-2024-43796 express-4.17.1.tgz
CVE-2022-24999 qs-6.7.0.tgz
CVE-2023-44270 postcss-8.2.6.tgz
CVE-2021-23368 postcss-7.0.21.tgz
CVE-2021-28092 is-svg-3.0.0.tgz
CVE-2021-44906 minimist-1.2.5.tgz
CVE-2024-4068 braces-2.3.2.tgz
CVE-2024-42459 elliptic-6.5.4.tgz
CVE-2022-46175 json5-1.0.1.tgz
CVE-2022-46175 json5-2.2.0.tgz
CVE-2024-43799 send-0.17.1.tgz
CVE-2024-42461 elliptic-6.5.4.tgz
CVE-2024-43788 webpack-4.44.2.tgz
CVE-2021-23436 immer-8.0.1.tgz
CVE-2021-3664 url-parse-1.5.1.tgz
CVE-2023-44270 postcss-7.0.35.tgz
CVE-2023-46234 browserify-sign-4.2.1.tgz
CVE-2023-26115 word-wrap-1.2.3.tgz
CVE-2021-27290 ssri-6.0.1.tgz
CVE-2022-37603 loader-utils-1.2.3.tgz
CVE-2021-23364 browserslist-4.14.2.tgz
CVE-2024-33883 ejs-2.7.4.tgz
CVE-2021-3757 immer-8.0.1.tgz
CVE-2022-25883 semver-6.3.0.tgz
CVE-2023-26136 tough-cookie-2.5.0.tgz
CVE-2024-45296 path-to-regexp-0.1.7.tgz
CVE-2021-32640 ws-6.2.1.tgz
CVE-2021-32803 tar-6.1.0.tgz
CVE-2021-29059 is-svg-3.0.0.tgz
CVE-2021-23382 postcss-7.0.35.tgz
CVE-2020-28469 glob-parent-3.1.0.tgz
CVE-2022-0691 url-parse-1.5.1.tgz
CVE-2021-23362 hosted-git-info-2.8.8.tgz
WS-2021-0153 ejs-2.7.4.tgz
CVE-2023-26159 follow-redirects-1.13.2.tgz
CVE-2024-4067 micromatch-4.0.2.tgz
CVE-2020-28469 glob-parent-5.1.1.tgz
CVE-2022-25883 semver-7.3.2.tgz
CVE-2024-27088 es5-ext-0.10.53.tgz
CVE-2024-29041 express-4.17.1.tgz
CVE-2022-0122 node-forge-0.10.0.tgz
CVE-2022-37601 loader-utils-1.2.3.tgz
CVE-2021-37713 tar-6.1.0.tgz
CVE-2021-42740 shell-quote-1.7.2.tgz
CVE-2024-4067 micromatch-3.1.10.tgz
CVE-2023-45133 traverse-7.12.17.tgz
CVE-2021-23368 postcss-7.0.35.tgz
CVE-2022-0639 url-parse-1.5.1.tgz
CVE-2024-4068 braces-3.0.2.tgz
CVE-2022-25858 terser-5.6.0.tgz
WS-2021-0152 color-string-1.5.4.tgz
CVE-2023-42282 ip-1.1.5.tgz
CVE-2021-23382 postcss-8.2.6.tgz
CVE-2022-3517 minimatch-3.0.4.tgz
CVE-2023-28155 request-2.88.2.tgz
CVE-2022-25858 terser-4.8.0.tgz

Base branch total remaining vulnerabilities: 104
Base branch commit: null


Total libraries scanned: 1287

Scan token: 76fd46c1bd61402cb7919ca4e568339e

View more details on Mend Bolt for GitHub