Update dependency react-scripts to v4 #15
Security Report
You have successfully remediated 53 vulnerabilities, but introduced 8 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
WS-2021-0153Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> workbox-webpack-plugin-5.1.4.tgz -> workbox-build-5.1.4.tgz -> rollup-plugin-off-main-thread-1.4.2.tgz -> ❌ ejs-2.7.4.tgz (Vulnerable Library) |
Critical | 9.8 | ejs-2.7.4.tgz | Upgrade to version: ejs - 3.1.6 | None |
CVE-2022-37601Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ loader-utils-2.0.0.tgz (Vulnerable Library) |
Critical | 9.8 | loader-utils-2.0.0.tgz | Upgrade to version: loader-utils - 1.4.1,2.0.3 | None |
CVE-2022-29078Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> workbox-webpack-plugin-5.1.4.tgz -> workbox-build-5.1.4.tgz -> rollup-plugin-off-main-thread-1.4.2.tgz -> ❌ ejs-2.7.4.tgz (Vulnerable Library) |
Critical | 9.8 | ejs-2.7.4.tgz | Upgrade to version: ejs - v3.1.7 | None |
CVE-2021-3757Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ immer-8.0.1.tgz (Vulnerable Library) |
Critical | 9.8 | immer-8.0.1.tgz | Upgrade to version: immer - 9.0.6 | None |
CVE-2021-23436Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ immer-8.0.1.tgz (Vulnerable Library) |
Critical | 9.8 | immer-8.0.1.tgz | Upgrade to version: immer - 9.0.6 | None |
CVE-2022-37603Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ loader-utils-2.0.0.tgz (Vulnerable Library) |
High | 7.5 | loader-utils-2.0.0.tgz | Upgrade to version: loader-utils - 1.4.2,2.0.4,3.2.1 | None |
CVE-2022-37599Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ loader-utils-2.0.0.tgz (Vulnerable Library) |
High | 7.5 | loader-utils-2.0.0.tgz | Upgrade to version: loader-utils - 1.4.2,2.0.4,3.2.1 | None |
CVE-2021-23364Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ browserslist-4.14.2.tgz (Vulnerable Library) |
Medium | 5.3 | browserslist-4.14.2.tgz | Upgrade to version: browserslist - 4.16.5 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2022-0512 | url-parse-1.1.9.tgz |
CVE-2020-8124 | url-parse-1.1.9.tgz |
CVE-2022-0868 | urijs-1.19.6.tgz |
CVE-2022-0613 | urijs-1.19.6.tgz |
CVE-2022-0512 | url-parse-1.5.1.tgz |
CVE-2022-37620 | html-minifier-3.5.3.tgz |
CVE-2018-6342 | react-dev-utils-3.1.1.tgz |
CVE-2017-16099 | no-case-2.3.1.tgz |
CVE-2022-1243 | urijs-1.19.6.tgz |
CVE-2022-1233 | urijs-1.19.6.tgz |
CVE-2022-0613 | urijs-1.18.12.tgz |
CVE-2022-24999 | qs-6.5.0.tgz |
CVE-2018-3774 | url-parse-1.1.9.tgz |
CVE-2018-14732 | webpack-dev-server-2.11.3.tgz |
CVE-2017-16118 | forwarded-0.1.0.tgz |
CVE-2022-0691 | url-parse-1.5.1.tgz |
CVE-2022-0639 | url-parse-1.1.9.tgz |
CVE-2022-24723 | urijs-1.18.12.tgz |
CVE-2020-28499 | merge-1.2.1.tgz |
WS-2018-0347 | eslint-4.4.1.tgz |
WS-2019-0063 | js-yaml-3.9.1.tgz |
CVE-2022-0639 | url-parse-1.5.1.tgz |
CVE-2022-0691 | url-parse-1.1.9.tgz |
CVE-2022-37598 | uglify-js-3.4.10.tgz |
CVE-2021-23382 | postcss-5.2.17.tgz |
CVE-2021-27516 | urijs-1.18.12.tgz |
WS-2019-0017 | clean-css-4.1.7.tgz |
CVE-2020-15366 | ajv-5.2.2.tgz |
CVE-2022-0686 | url-parse-1.5.1.tgz |
CVE-2021-23382 | postcss-6.0.23.tgz |
CVE-2021-3647 | urijs-1.18.12.tgz |
CVE-2022-24723 | urijs-1.19.6.tgz |
CVE-2022-0868 | urijs-1.18.12.tgz |
WS-2017-3757 | content-type-parser-1.0.1.tgz |
CVE-2020-26291 | urijs-1.18.12.tgz |
CVE-2021-3664 | url-parse-1.1.9.tgz |
WS-2019-0032 | js-yaml-3.9.1.tgz |
CVE-2017-16138 | mime-1.3.6.tgz |
CVE-2021-24033 | react-dev-utils-3.1.1.tgz |
WS-2018-0589 | nwmatcher-1.4.1.tgz |
CVE-2021-24033 | react-dev-utils-5.0.3.tgz |
CVE-2021-3664 | url-parse-1.5.1.tgz |
CVE-2021-3647 | urijs-1.19.6.tgz |
CVE-2022-0686 | url-parse-1.1.9.tgz |
CVE-2018-14732 | webpack-dev-server-2.7.1.tgz |
CVE-2021-27515 | url-parse-1.1.9.tgz |
CVE-2021-23382 | postcss-6.0.9.tgz |
CVE-2020-15366 | ajv-5.5.2.tgz |
CVE-2022-37598 | uglify-js-3.13.5.tgz |
CVE-2022-37620 | html-minifier-3.5.21.tgz |
WS-2018-0590 | diff-3.3.0.tgz |
CVE-2022-1243 | urijs-1.18.12.tgz |
CVE-2022-1233 | urijs-1.18.12.tgz |
Base branch total remaining vulnerabilities: 381
Base branch commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f
Total libraries scanned: 4952
Scan token: 6cc0f88826b94d48a66eae8c4a80df87