Update dependency @babel/core to ^7.4.4 #294
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2023-26136Path to dependency file: /packages/react-server-cli/package.json Path to vulnerable library: /packages/react-server-cli/node_modules/node-sass/node_modules/tough-cookie/package.json,/packages/react-server-cli/node_modules/node-gyp/node_modules/tough-cookie/package.json Dependency Hierarchy: -> node-sass-4.14.1.tgz (Root Library) -> request-2.88.2.tgz -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library) |
 Critical |
9.8 | tough-cookie-2.5.0.tgz | Upgrade to version: tough-cookie - 4.1.3 | #290 |
CVE-2023-26136Path to dependency file: /package.json Path to vulnerable library: /package.json,/packages/react-server-cli/node_modules/tough-cookie/package.json Dependency Hierarchy: -> less-2.7.3.tgz (Root Library) -> request-2.81.0.tgz -> ❌ tough-cookie-2.3.4.tgz (Vulnerable Library) |
Critical |
9.8 | tough-cookie-2.3.4.tgz | Upgrade to version: tough-cookie - 4.1.3 | #290 |
CVE-2023-26136Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-server-cli-file:packages/react-server-cli.tgz (Root Library) -> node-sass-4.11.0.tgz -> node-gyp-3.8.0.tgz -> request-2.88.0.tgz -> ❌ tough-cookie-2.4.3.tgz (Vulnerable Library) |
Critical |
9.8 | tough-cookie-2.4.3.tgz | Upgrade to version: tough-cookie - 4.1.3 | #290 |
CVE-2023-45133Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-server-cli-file:packages/react-server-cli.tgz (Root Library) -> core-7.4.3.tgz -> ❌ traverse-7.4.3.tgz (Vulnerable Library) |
 High |
8.8 | traverse-7.4.3.tgz | Upgrade to version: @babel/traverse - 7.23.2 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> babel-preset-react-server-file:packages/babel-preset-react-server.tgz (Root Library) -> preset-env-7.4.3.tgz -> core-js-compat-3.0.1.tgz -> ❌ semver-6.0.0.tgz (Vulnerable Library) |
High |
7.5 | semver-6.0.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> babel-preset-react-server-file:packages/babel-preset-react-server.tgz (Root Library) -> plugin-transform-runtime-7.4.3.tgz -> ❌ semver-5.7.0.tgz (Vulnerable Library) |
High |
7.5 | semver-5.7.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-25883Path to dependency file: /packages/react-server-cli/package.json Path to vulnerable library: /packages/react-server-cli/node_modules/node-gyp/node_modules/semver/package.json,/package.json Dependency Hierarchy: -> node-sass-4.14.1.tgz (Root Library) -> node-gyp-3.8.0.tgz -> ❌ semver-5.3.0.tgz (Vulnerable Library) |
High |
7.5 | semver-5.3.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2023-46234Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-server-cli-file:packages/react-server-cli.tgz (Root Library) -> node-libs-browser-2.2.0.tgz -> crypto-browserify-3.12.0.tgz -> ❌ browserify-sign-4.0.4.tgz (Vulnerable Library) |
 Medium |
6.5 | browserify-sign-4.0.4.tgz | Upgrade to version: browserify-sign - 4.2.2 | None |
CVE-2023-45857Path to dependency file: /packages/generator-react-server/package.json Path to vulnerable library: /packages/generator-react-server/node_modules/axios/package.json Dependency Hierarchy: -> yeoman-generator-0.24.1.tgz (Root Library) -> yeoman-test-1.9.1.tgz -> yeoman-environment-2.10.3.tgz -> npm-api-1.0.1.tgz -> paged-request-2.0.2.tgz -> ❌ axios-0.21.4.tgz (Vulnerable Library) |
Medium |
6.5 | axios-0.21.4.tgz | Upgrade to version: axios - 1.6.0 | #291 |
CVE-2023-5115Path to dependency file: /packages/react-server-website/deployment/requirements.txt Path to vulnerable library: /packages/react-server-website/deployment/requirements.txt Dependency Hierarchy: -> ansible-4.10.0.tar.gz (Root Library) -> ❌ ansible-core-2.11.12.tar.gz (Vulnerable Library) |
Medium |
6.3 | ansible-core-2.11.12.tar.gz | Upgrade to version: ansible-core - 2.16.0 | None |
CVE-2022-33987Path to dependency file: /packages/generator-react-server/package.json Path to vulnerable library: /packages/generator-react-server/node_modules/got/package.json Dependency Hierarchy: -> yeoman-generator-0.24.1.tgz (Root Library) -> github-username-2.1.0.tgz -> gh-got-2.4.0.tgz -> ❌ got-5.6.0.tgz (Vulnerable Library) |
Medium |
5.3 | got-5.6.0.tgz | Upgrade to version: got - 11.8.5,12.1.0 | #225 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2022-0235 | node-fetch-1.7.3.tgz |
| CVE-2017-20165 | debug-2.2.0.tgz |
| CVE-2022-0144 | shelljs-0.8.4.tgz |
| CVE-2017-15010 | tough-cookie-2.3.2.tgz |
| CVE-2019-6284 | node-sass-v4.13.1 |
| CVE-2022-24785 | moment-2.29.1.tgz |
| CVE-2022-0155 | follow-redirects-1.14.1.tgz |
| CVE-2019-16777 | npm-6.9.0.tgz |
| CVE-2018-16492 | extend-3.0.0.tgz |
| CVE-2019-16775 | npm-4.6.1.tgz |
| CVE-2021-44906 | minimist-0.2.1.tgz |
| CVE-2019-10744 | lodash-1.0.2.tgz |
| CVE-2022-37603 | loader-utils-2.0.0.tgz |
| CVE-2018-21270 | stringstream-0.0.5.tgz |
| CVE-2022-2217 | parse-url-5.0.1.tgz |
| CVE-2018-19797 | node-sass-v4.13.1 |
| CVE-2019-6283 | node-sass-v4.13.1 |
| WS-2022-0239 | parse-url-5.0.1.tgz |
| CVE-2018-19827 | node-sass-v4.13.1 |
| CVE-2020-15366 | ajv-4.11.4.tgz |
| CVE-2019-10744 | lodash.template-4.4.0.tgz |
| WS-2020-0163 | marked-0.6.2.tgz |
| CVE-2022-0624 | parse-path-4.0.1.tgz |
| CVE-2021-23362 | hosted-git-info-2.4.2.tgz |
| CVE-2018-20190 | node-sass-v4.13.1 |
| CVE-2020-7754 | npm-user-validate-0.1.5.tgz |
| CVE-2022-3517 | minimatch-2.0.10.tgz |
| CVE-2015-9251 | jquery-1.7.1.min.js |
| CVE-2021-27515 | url-parse-1.4.6.tgz |
| WS-2019-0425 | mocha-3.5.3.tgz |
| CVE-2017-16032 | brace-expansion-1.1.6.tgz |
| CVE-2020-15168 | node-fetch-2.3.0.tgz |
| CVE-2019-11358 | jquery-1.7.2.min.js |
| CVE-2021-29059 | is-svg-2.1.0.tgz |
| CVE-2021-43138 | async-2.6.3.tgz |
| CVE-2022-0512 | url-parse-1.5.1.tgz |
| CVE-2022-22984 | snyk-1.19.1.tgz |
| CVE-2020-7608 | yargs-parser-11.1.1.tgz |
| WS-2020-0180 | npm-user-validate-0.1.5.tgz |
| CVE-2018-11694 | node-sass-v4.13.1 |
| CVE-2020-7656 | jquery-1.7.1.min.js |
| CVE-2022-37601 | loader-utils-2.0.0.tgz |
| CVE-2021-23337 | lodash-1.0.2.tgz |
| CVE-2020-7608 | yargs-parser-8.1.0.tgz |
| WS-2019-0209 | marked-0.6.2.tgz |
| CVE-2022-3224 | parse-url-5.0.1.tgz |
| CVE-2019-11358 | jquery-1.11.1.js |
| CVE-2022-3517 | minimatch-0.2.14.tgz |
| CVE-2020-7608 | yargs-parser-10.1.0.tgz |
| WS-2018-0347 | eslint-3.19.0.tgz |
| CVE-2022-24999 | qs-2.3.3.tgz |
| CVE-2022-24999 | qs-6.7.0.tgz |
| CVE-2019-16776 | npm-4.6.1.tgz |
| CVE-2018-14732 | webpack-dev-server-1.16.5.tgz |
| CVE-2022-24441 | snyk-1.19.1.tgz |
| CVE-2018-16487 | lodash-2.4.1.js |
| CVE-2012-6708 | jquery-1.7.2.min.js |
| CVE-2018-3721 | lodash-2.4.1.js |
| CVE-2018-11698 | node-sass-v4.13.1 |
| CVE-2021-23369 | handlebars-4.1.2.tgz |
| CVE-2022-29244 | npm-4.6.1.tgz |
| CVE-2022-46175 | json5-2.2.0.tgz |
| CVE-2017-16137 | debug-2.2.0.tgz |
| CVE-2022-37614 | mockery-2.1.0.tgz |
| CVE-2020-11022 | jquery-1.7.1.min.js |
| CVE-2018-20676 | bootstrap-3.2.0.min.js |
| CVE-2017-16129 | superagent-1.8.4.tgz |
| CVE-2018-3737 | sshpk-1.11.0.tgz |
| CVE-2017-16138 | mime-1.3.4.tgz |
| WS-2020-0450 | handlebars-4.1.2.tgz |
| CVE-2021-3749 | axios-0.21.1.tgz |
| CVE-2019-10795 | undefsafe-0.0.3.tgz |
| CVE-2022-0639 | url-parse-1.4.6.tgz |
| CVE-2018-14040 | bootstrap-3.2.0.min.js |
| CVE-2020-11023 | jquery-1.7.1.min.js |
| CVE-2019-19919 | handlebars-4.1.2.tgz |
| WS-2020-0180 | npm-user-validate-1.0.0.tgz |
| CVE-2018-20822 | node-sass-v4.13.1 |
| CVE-2017-18077 | brace-expansion-1.1.6.tgz |
| CVE-2021-3664 | url-parse-1.4.6.tgz |
| CVE-2022-0691 | url-parse-1.4.6.tgz |
| CVE-2021-3807 | ansi-regex-5.0.0.tgz |
| CVE-2017-16042 | growl-1.9.2.tgz |
| WS-2019-0063 | js-yaml-3.7.0.tgz |
| CVE-2022-3517 | minimatch-3.0.2.tgz |
| CVE-2021-23337 | lodash-2.4.1.js |
| CVE-2020-8116 | dot-prop-3.0.0.tgz |
| CVE-2023-45857 | axios-0.21.1.tgz |
| CVE-2022-0691 | url-parse-1.5.1.tgz |
| CVE-2020-11022 | jquery-1.11.1.min.js |
| CVE-2021-29060 | color-string-0.3.0.tgz |
| WS-2022-0238 | parse-url-5.0.1.tgz |
| CVE-2018-20676 | bootstrap-3.3.7.tgz |
| CVE-2020-28500 | lodash-1.0.2.tgz |
| CVE-2022-37599 | loader-utils-2.0.0.tgz |
| WS-2018-0103 | stringstream-0.0.5.tgz |
| CVE-2018-20677 | bootstrap-3.3.7.tgz |
| WS-2020-0042 | acorn-5.7.3.tgz |
| CVE-2019-8331 | bootstrap-3.2.0.min.js |
| CVE-2021-23382 | postcss-5.2.18.tgz |
| CVE-2019-6286 | node-sass-v4.13.1 |
| CVE-2022-0536 | follow-redirects-1.14.1.tgz |
| WS-2019-0339 | bin-links-1.1.2.tgz |
| CVE-2022-0639 | url-parse-1.5.1.tgz |
| WS-2022-0237 | parse-url-5.0.1.tgz |
| WS-2019-0338 | bin-links-1.1.2.tgz |
| CVE-2020-7677 | thenify-3.3.0.tgz |
| CVE-2022-21681 | marked-0.6.2.tgz |
| CVE-2021-3533 | ansible-4.0.0.tar.gz |
| CVE-2019-10744 | lodash.template-3.6.2.tgz |
| CVE-2015-9251 | jquery-1.11.1.js |
| CVE-2022-37601 | loader-utils-1.4.0.tgz |
| CVE-2022-2218 | parse-url-5.0.1.tgz |
| CVE-2016-10540 | minimatch-2.0.10.tgz |
| CVE-2017-20165 | debug-2.6.8.tgz |
| CVE-2021-3583 | ansible-core-2.11.1.tar.gz |
| CVE-2020-11023 | jquery-1.11.1.js |
| WS-2019-0032 | js-yaml-3.7.0.tgz |
| CVE-2019-1010266 | lodash-2.4.1.js |
| CVE-2021-33623 | trim-newlines-2.0.0.tgz |
| CVE-2021-23383 | handlebars-4.1.2.tgz |
| CVE-2018-14042 | bootstrap-3.3.7.tgz |
| CVE-2022-1650 | eventsource-1.1.0.tgz |
| CVE-2019-1010266 | lodash-1.0.2.tgz |
| CVE-2018-3750 | deep-extend-0.4.1.tgz |
| CVE-2022-21680 | marked-0.6.2.tgz |
| CVE-2022-21803 | nconf-0.7.2.tgz |
| CVE-2019-16775 | npm-6.9.0.tgz |
| CVE-2019-18797 | node-sass-v4.13.1 |
| CVE-2021-44906 | minimist-0.0.10.tgz |
| CVE-2016-10540 | minimatch-0.2.14.tgz |
| CVE-2016-10735 | bootstrap-3.3.7.tgz |
| CVE-2018-19839 | CSS::Sass-v3.6.0 |
| CVE-2018-14040 | bootstrap-3.3.7.tgz |
| CVE-2022-37603 | loader-utils-1.4.0.tgz |
| CVE-2015-9251 | jquery-1.7.2.min.js |
| CVE-2020-15095 | npm-6.9.0.tgz |
| CVE-2022-0686 | url-parse-1.5.1.tgz |
| CVE-2022-2216 | parse-url-5.0.1.tgz |
| CVE-2020-28503 | documentation-v3-archive |
| CVE-2022-40764 | snyk-1.19.1.tgz |
| CVE-2018-19838 | node-sass-v4.13.1 |
| WS-2019-0425 | mocha-1.21.5.js |
| CVE-2022-31129 | moment-2.29.1.tgz |
| CVE-2021-28092 | is-svg-2.1.0.tgz |
| CVE-2019-16777 | npm-4.6.1.tgz |
| CVE-2021-23382 | postcss-6.0.23.tgz |
| WS-2018-0107 | open-0.0.5.tgz |
| CVE-2020-11022 | jquery-1.11.1.js |
| CVE-2018-16487 | lodash-1.0.2.tgz |
| CVE-2018-14042 | bootstrap-3.2.0.min.js |
| CVE-2020-7598 | minimist-0.0.10.tgz |
| CVE-2019-10744 | lodash.merge-4.6.1.tgz |
| CVE-2022-3517 | minimatch-3.0.3.tgz |
| CVE-2022-24302 | paramiko-2.7.2-py2.py3-none-any.whl |
| CVE-2020-15168 | node-fetch-1.7.3.tgz |
| CVE-2018-11499 | node-sass-v4.13.1 |
| CVE-2022-0235 | node-fetch-2.3.0.tgz |
| CVE-2022-0235 | node-fetch-2.6.1.tgz |
| WS-2020-0127 | npm-registry-fetch-3.9.0.tgz |
| CVE-2019-11358 | jquery-1.11.1.min.js |
| CVE-2018-20821 | node-sass-v4.13.1 |
| CVE-2021-44906 | minimist-1.2.5.tgz |
| CVE-2021-23807 | jsonpointer-4.1.0.tgz |
| CVE-2020-28500 | lodash-2.4.1.js |
| CVE-2012-6708 | jquery-1.7.1.min.js |
| CVE-2018-11697 | node-sass-v4.13.1 |
| CVE-2019-20920 | handlebars-4.1.2.tgz |
| CVE-2020-8203 | lodash-1.0.2.tgz |
| CVE-2020-7608 | yargs-parser-9.0.2.tgz |
| CVE-2019-20922 | handlebars-4.1.2.tgz |
| CVE-2021-3664 | url-parse-1.5.1.tgz |
| CVE-2020-11022 | jquery-1.7.2.min.js |
| CVE-2020-7788 | ini-1.3.4.tgz |
| CVE-2017-16137 | debug-2.6.8.tgz |
| CVE-2018-11697 | CSS::Sass-v3.6.0 |
| WS-2021-0152 | color-string-0.3.0.tgz |
| CVE-2020-28503 | copy-props-1.6.0.tgz |
| CVE-2022-37598 | uglify-js-3.5.6.tgz |
| CVE-2022-33987 | got-3.3.1.tgz |
| CVE-2022-0512 | url-parse-1.4.6.tgz |
| WS-2019-0310 | https-proxy-agent-2.2.1.tgz |
| CVE-2022-25901 | cookiejar-2.0.6.tgz |
| CVE-2018-20677 | bootstrap-3.2.0.min.js |
| CVE-2021-23382 | postcss-7.0.35.tgz |
| CVE-2020-8203 | lodash-2.4.1.js |
| CVE-2021-25949 | set-getter-0.1.0.tgz |
| CVE-2022-0722 | parse-url-5.0.1.tgz |
| WS-2018-0590 | diff-3.2.0.tgz |
| WS-2021-0638 | mocha-3.5.3.tgz |
| CVE-2018-3721 | lodash-1.0.2.tgz |
| CVE-2022-29078 | ejs-3.1.6.tgz |
| CVE-2015-9251 | jquery-1.11.1.min.js |
| CVE-2019-8331 | bootstrap-3.3.7.tgz |
| WS-2019-0307 | mem-1.1.0.tgz |
| CVE-2020-7754 | npm-user-validate-1.0.0.tgz |
| CVE-2020-8116 | dot-prop-4.1.1.tgz |
| CVE-2019-12043 | remarkable-1.7.1.js |
| CVE-2018-19826 | node-sass-v4.13.1 |
| CVE-2016-10735 | bootstrap-3.2.0.min.js |
| CVE-2019-15657 | eslint-utils-1.3.1.tgz |
| CVE-2020-15366 | ajv-5.5.2.tgz |
| CVE-2022-25881 | http-cache-semantics-3.8.1.tgz |
| CVE-2020-15095 | npm-4.6.1.tgz |
| CVE-2020-7656 | jquery-1.7.2.min.js |
| CVE-2017-1000048 | qs-2.3.3.tgz |
| CVE-2019-12041 | remarkable-1.7.1.js |
| CVE-2022-0686 | url-parse-1.4.6.tgz |
| CVE-2022-2900 | parse-url-5.0.1.tgz |
| CVE-2023-26136 | tough-cookie-2.3.2.tgz |
| CVE-2020-11023 | jquery-1.11.1.min.js |
| CVE-2021-23368 | postcss-7.0.35.tgz |
| CVE-2021-3620 | ansible-core-2.11.1.tar.gz |
| CVE-2020-11023 | jquery-1.7.2.min.js |
| CVE-2019-16776 | npm-6.9.0.tgz |
| CVE-2022-1650 | eventsource-0.1.6.tgz |
| CVE-2017-18869 | chownr-1.0.1.tgz |
| CVE-2020-7608 | yargs-parser-2.4.1.tgz |
| CVE-2022-29244 | npm-6.9.0.tgz |
| CVE-2021-23425 | trim-off-newlines-1.0.1.tgz |
| CVE-2022-25858 | terser-4.8.0.tgz |
Base branch total remaining vulnerabilities: 369
Base branch commit: null
Total libraries scanned: 1916
Scan token: 1d9112a0e77a4f53b51b2beba793c626