Update dependency react-scripts to v3.4.4 - autoclosed #27
Security Report
You have successfully remediated 78 vulnerabilities, but introduced 10 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2022-24772Path to dependency file: /ui/package.json Path to vulnerable library: /ui/package.json Dependency Hierarchy: -> react-scripts-3.4.4.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> selfsigned-1.10.14.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High | 7.5 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | None |
CVE-2022-24771Path to dependency file: /ui/package.json Path to vulnerable library: /ui/package.json Dependency Hierarchy: -> react-scripts-3.4.4.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> selfsigned-1.10.14.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High | 7.5 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | None |
CVE-2021-23382Path to dependency file: /ui/package.json Path to vulnerable library: /ui/package.json Dependency Hierarchy: -> react-scripts-3.4.4.tgz (Root Library) -> postcss-safe-parser-4.0.1.tgz -> ❌ postcss-7.0.21.tgz (Vulnerable Library) |
High | 7.5 | postcss-7.0.21.tgz | Upgrade to version: postcss - 8.2.13 | None |
WS-2022-0008Path to dependency file: /ui/package.json Path to vulnerable library: /ui/package.json Dependency Hierarchy: -> react-scripts-3.4.4.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> selfsigned-1.10.14.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium | 6.6 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | None |
CVE-2023-45857Path to dependency file: /ui/package.json Path to vulnerable library: /ui/package.json Dependency Hierarchy: -> ❌ axios-0.19.0.tgz (Vulnerable Library) |
Medium | 6.5 | axios-0.19.0.tgz | Upgrade to version: axios - 1.6.0 | #19 |
CVE-2022-0122Path to dependency file: /ui/package.json Path to vulnerable library: /ui/package.json Dependency Hierarchy: -> react-scripts-3.4.4.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> selfsigned-1.10.14.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium | 6.1 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | None |
CVE-2021-24033Path to dependency file: /ui/package.json Path to vulnerable library: /ui/package.json Dependency Hierarchy: -> react-scripts-3.4.4.tgz (Root Library) -> ❌ react-dev-utils-10.2.1.tgz (Vulnerable Library) |
Medium | 5.6 | react-dev-utils-10.2.1.tgz | Upgrade to version: react-dev-utils-11.0.4 | None |
CVE-2022-24773Path to dependency file: /ui/package.json Path to vulnerable library: /ui/package.json Dependency Hierarchy: -> react-scripts-3.4.4.tgz (Root Library) -> webpack-dev-server-3.11.0.tgz -> selfsigned-1.10.14.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium | 5.3 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | None |
CVE-2021-23368Path to dependency file: /ui/package.json Path to vulnerable library: /ui/package.json Dependency Hierarchy: -> react-scripts-3.4.4.tgz (Root Library) -> postcss-safe-parser-4.0.1.tgz -> ❌ postcss-7.0.21.tgz (Vulnerable Library) |
Medium | 5.3 | postcss-7.0.21.tgz | Upgrade to version: postcss -8.2.10 | None |
CVE-2021-23364Path to dependency file: /ui/package.json Path to vulnerable library: /ui/package.json Dependency Hierarchy: -> react-scripts-3.4.4.tgz (Root Library) -> react-dev-utils-10.2.1.tgz -> ❌ browserslist-4.10.0.tgz (Vulnerable Library) |
Medium | 5.3 | browserslist-4.10.0.tgz | Upgrade to version: browserslist - 4.16.5 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2022-37598 | uglify-js-3.4.10.tgz |
CVE-2021-32640 | ws-5.2.2.tgz |
CVE-2020-7662 | websocket-extensions-0.1.3.tgz |
CVE-2020-7789 | node-notifier-5.4.3.tgz |
CVE-2020-8203 | lodash-4.17.15.tgz |
CVE-2021-23386 | dns-packet-1.3.1.tgz |
CVE-2022-24773 | node-forge-0.9.0.tgz |
CVE-2021-23337 | lodash-4.17.15.tgz |
CVE-2020-7693 | sockjs-0.3.19.tgz |
CVE-2021-3807 | ansi-regex-4.1.0.tgz |
CVE-2022-0691 | url-parse-1.4.7.tgz |
CVE-2021-3664 | url-parse-1.4.7.tgz |
MSC-2023-16609 | fsevents-1.2.9.tgz |
CVE-2021-24033 | react-dev-utils-9.0.4.tgz |
CVE-2022-0512 | url-parse-1.4.7.tgz |
CVE-2020-7788 | ini-1.3.5.tgz |
WS-2020-0091 | http-proxy-1.18.0.tgz |
CVE-2021-44906 | minimist-0.0.10.tgz |
CVE-2021-23369 | handlebars-4.4.1.tgz |
CVE-2020-36604 | hoek-8.2.5.tgz |
CVE-2022-0639 | url-parse-1.4.7.tgz |
CVE-2022-0122 | node-forge-0.9.0.tgz |
CVE-2021-23382 | postcss-7.0.18.tgz |
CVE-2022-46175 | json5-2.1.0.tgz |
CVE-2021-37712 | tar-4.4.8.tgz |
CVE-2023-45311 | fsevents-1.2.9.tgz |
CVE-2019-20922 | handlebars-4.4.1.tgz |
CVE-2022-1650 | eventsource-1.0.7.tgz |
CVE-2020-7660 | serialize-javascript-1.9.1.tgz |
CVE-2020-7774 | y18n-4.0.0.tgz |
CVE-2021-23364 | browserslist-4.7.0.tgz |
CVE-2021-23343 | path-parse-1.0.6.tgz |
WS-2019-0427 | elliptic-6.5.1.tgz |
WS-2022-0008 | node-forge-0.9.0.tgz |
CVE-2020-7608 | yargs-parser-10.1.0.tgz |
WS-2021-0152 | color-string-1.5.3.tgz |
CVE-2020-7598 | minimist-0.0.10.tgz |
CVE-2021-3777 | tmpl-1.0.4.tgz |
CVE-2020-7720 | node-forge-0.9.0.tgz |
CVE-2022-24999 | qs-6.7.0.tgz |
CVE-2021-28092 | is-svg-3.0.0.tgz |
CVE-2021-37701 | tar-4.4.8.tgz |
CVE-2020-15366 | ajv-6.10.2.tgz |
CVE-2021-37713 | tar-4.4.8.tgz |
CVE-2020-7598 | minimist-1.2.0.tgz |
CVE-2021-29060 | color-string-1.5.3.tgz |
CVE-2022-0686 | url-parse-1.4.7.tgz |
WS-2019-0424 | elliptic-6.5.1.tgz |
CVE-2022-25883 | semver-5.5.0.tgz |
CVE-2022-25858 | terser-3.17.0.tgz |
CVE-2020-28500 | lodash-4.17.15.tgz |
CVE-2021-27290 | ssri-6.0.1.tgz |
CVE-2022-38900 | decode-uri-component-0.2.0.tgz |
CVE-2022-25883 | semver-6.0.0.tgz |
CVE-2020-28498 | elliptic-6.5.1.tgz |
CVE-2020-8116 | dot-prop-4.2.0.tgz |
CVE-2019-16769 | serialize-javascript-1.9.1.tgz |
CVE-2021-29059 | is-svg-3.0.0.tgz |
CVE-2021-32640 | ws-6.2.1.tgz |
CVE-2021-23383 | handlebars-4.4.1.tgz |
CVE-2020-7598 | minimist-0.0.8.tgz |
CVE-2020-7608 | yargs-parser-13.1.1.tgz |
CVE-2021-32804 | tar-4.4.8.tgz |
CVE-2022-24771 | node-forge-0.9.0.tgz |
WS-2020-0450 | handlebars-4.4.1.tgz |
CVE-2021-44906 | minimist-1.2.0.tgz |
CVE-2023-46234 | browserify-sign-4.0.4.tgz |
CVE-2021-27515 | url-parse-1.4.7.tgz |
CVE-2022-25883 | semver-5.7.0.tgz |
CVE-2022-37620 | html-minifier-3.5.21.tgz |
CVE-2021-32803 | tar-4.4.8.tgz |
CVE-2021-26707 | merge-deep-3.0.2.tgz |
CVE-2021-23368 | postcss-7.0.18.tgz |
CVE-2019-20149 | kind-of-6.0.2.tgz |
CVE-2020-13822 | elliptic-6.5.1.tgz |
CVE-2019-20920 | handlebars-4.4.1.tgz |
CVE-2022-24772 | node-forge-0.9.0.tgz |
CVE-2021-44906 | minimist-0.0.8.tgz |
Base branch total remaining vulnerabilities: 118
Base branch commit: c86ac37edecda28046d3157739e16c0e14c30fce
Total libraries scanned: 1546
Scan token: 3fef27c60e0740298c8a35d50dec3ba5