[Snyk] Security upgrade copy-webpack-plugin from 5.0.2 to 5.0.5 #41
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
MSC-2023-16598Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> chokidar-2.1.5.tgz -> ❌ fsevents-1.2.7.tgz (Vulnerable Library) |
 Critical |
9.8 | fsevents-1.2.7.tgz | None | |
MSC-2023-16594Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ fsevents-1.2.8.tgz (Vulnerable Library) |
Critical |
9.8 | fsevents-1.2.8.tgz | None | |
CVE-2023-45311Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> chokidar-2.1.5.tgz -> ❌ fsevents-1.2.7.tgz (Vulnerable Library) |
Critical |
9.8 | fsevents-1.2.7.tgz | Upgrade to version: fsevents - 1.2.11 | None |
CVE-2023-45311Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ fsevents-1.2.8.tgz (Vulnerable Library) |
Critical |
9.8 | fsevents-1.2.8.tgz | Upgrade to version: fsevents - 1.2.11 | None |
CVE-2020-7788Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> chokidar-2.1.5.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> rc-1.2.8.tgz -> ❌ ini-1.3.5.tgz (Vulnerable Library) |
Critical |
9.8 | ini-1.3.5.tgz | Upgrade to version: v1.3.6 | None |
CVE-2020-7774Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> yargs-6.6.0.tgz -> ❌ y18n-3.2.1.tgz (Vulnerable Library) |
Critical |
9.8 | y18n-3.2.1.tgz | Upgrade to version: 3.2.2, 4.0.1, 5.0.5 | None |
CVE-2020-7746Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ chart.js-2.8.0.tgz (Vulnerable Library) |
Critical |
9.8 | chart.js-2.8.0.tgz | Upgrade to version: chart.js - 2.9.4 | None |
CVE-2021-37713Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> chokidar-2.1.5.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
 High |
8.6 | tar-4.4.8.tgz | Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 | None |
CVE-2021-37712Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> chokidar-2.1.5.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.6 | tar-4.4.8.tgz | Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 | None |
CVE-2021-37701Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> chokidar-2.1.5.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.6 | tar-4.4.8.tgz | Upgrade to version: tar - 4.4.16,5.0.8,6.1.7 | None |
CVE-2021-32804Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> chokidar-2.1.5.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.1 | tar-4.4.8.tgz | Upgrade to version: tar - 3.2.2, 4.4.14, 5.0.6, 6.1.1 | None |
CVE-2021-32803Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> chokidar-2.1.5.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.1 | tar-4.4.8.tgz | Upgrade to version: tar - 3.2.3, 4.4.15, 5.0.7, 6.1.2 | None |
CVE-2020-7660Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> copy-webpack-plugin-5.0.5.tgz (Root Library) -> ❌ serialize-javascript-2.1.2.tgz (Vulnerable Library) |
High |
8.1 | serialize-javascript-2.1.2.tgz | Upgrade to version: serialize-javascript - 3.1.0 | None |
CVE-2020-13822Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> node-libs-browser-2.0.0.tgz -> crypto-browserify-3.11.0.tgz -> create-ecdh-4.0.0.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library) |
High |
7.7 | elliptic-6.4.0.tgz | Upgrade to version: v6.5.3 | None |
CVE-2022-25901Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> superagent-5.0.2.tgz (Root Library) -> ❌ cookiejar-2.1.2.tgz (Vulnerable Library) |
High |
7.5 | cookiejar-2.1.2.tgz | Upgrade to version: cookiejar - 2.1.4 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> chokidar-2.1.5.tgz -> fsevents-1.2.7.tgz -> node-pre-gyp-0.10.3.tgz -> ❌ semver-5.6.0.tgz (Vulnerable Library) |
High |
7.5 | semver-5.6.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.8.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ semver-5.7.0.tgz (Vulnerable Library) |
High |
7.5 | semver-5.7.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> set-default-browser-1.0.1.tgz (Root Library) -> meow-3.7.0.tgz -> normalize-package-data-2.3.8.tgz -> ❌ semver-5.3.0.tgz (Vulnerable Library) |
High |
7.5 | semver-5.3.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> superagent-5.0.2.tgz (Root Library) -> ❌ semver-6.0.0.tgz (Vulnerable Library) |
High |
7.5 | semver-6.0.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-24999Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> superagent-5.0.2.tgz (Root Library) -> ❌ qs-6.7.0.tgz (Vulnerable Library) |
High |
7.5 | qs-6.7.0.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | None |
CVE-2022-24999Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> express-4.16.4.tgz -> ❌ qs-6.5.2.tgz (Vulnerable Library) |
High |
7.5 | qs-6.5.2.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | None |
CVE-2021-3803Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> html-webpack-plugin-3.2.0.tgz (Root Library) -> pretty-error-2.1.1.tgz -> renderkid-2.0.3.tgz -> css-select-1.2.0.tgz -> ❌ nth-check-1.0.2.tgz (Vulnerable Library) |
High |
7.5 | nth-check-1.0.2.tgz | Upgrade to version: nth-check - v2.0.1 | None |
CVE-2021-33623Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> set-default-browser-1.0.1.tgz (Root Library) -> meow-3.7.0.tgz -> ❌ trim-newlines-1.0.0.tgz (Vulnerable Library) |
High |
7.5 | trim-newlines-1.0.0.tgz | Upgrade to version: trim-newlines - 3.0.1, 4.0.1 | None |
CVE-2021-27290Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> copy-webpack-plugin-5.0.5.tgz (Root Library) -> cacache-12.0.4.tgz -> ❌ ssri-6.0.1.tgz (Vulnerable Library) |
High |
7.5 | ssri-6.0.1.tgz | Upgrade to version: ssri - 6.0.2,7.1.1,8.0.1 | None |
CVE-2021-23424Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> ❌ ansi-html-0.0.7.tgz (Vulnerable Library) |
High |
7.5 | ansi-html-0.0.7.tgz | Upgrade to version: VueJS.NetCore - 1.1.1;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;Fable.Template.Elmish.React - 0.1.6;SAFE.Template - 3.0.1;GR.PageRender.Razor - 1.8.0;Envisia.DotNet.Templates - 3.0.1 | None |
CVE-2021-23382Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> css-loader-2.1.1.tgz (Root Library) -> ❌ postcss-7.0.14.tgz (Vulnerable Library) |
High |
7.5 | postcss-7.0.14.tgz | Upgrade to version: postcss - 8.2.13 | None |
CVE-2021-23343Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-select-2.4.2.tgz (Root Library) -> emotion-9.2.12.tgz -> babel-plugin-emotion-9.2.11.tgz -> babel-plugin-macros-2.5.1.tgz -> resolve-1.10.0.tgz -> ❌ path-parse-1.0.6.tgz (Vulnerable Library) |
High |
7.5 | path-parse-1.0.6.tgz | Upgrade to version: path-parse - 1.0.7 | None |
CVE-2020-7753Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-syntax-highlighter-10.2.1.tgz (Root Library) -> refractor-2.8.0.tgz -> hastscript-5.0.0.tgz -> comma-separated-tokens-1.0.5.tgz -> ❌ trim-0.0.1.tgz (Vulnerable Library) |
High |
7.5 | trim-0.0.1.tgz | Upgrade to version: trim - 0.0.3 | None |
CVE-2020-7662Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> sockjs-0.3.19.tgz -> faye-websocket-0.10.0.tgz -> websocket-driver-0.7.0.tgz -> ❌ websocket-extensions-0.1.3.tgz (Vulnerable Library) |
High |
7.5 | websocket-extensions-0.1.3.tgz | Upgrade to version: websocket-extensions - 0.1.4 | None |
CVE-2020-28498Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> node-libs-browser-2.0.0.tgz -> crypto-browserify-3.11.0.tgz -> create-ecdh-4.0.0.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library) |
 Medium |
6.8 | elliptic-6.4.0.tgz | Upgrade to version: elliptic - 6.5.4 | None |
CVE-2023-46234Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> node-libs-browser-2.0.0.tgz -> crypto-browserify-3.11.0.tgz -> ❌ browserify-sign-4.0.4.tgz (Vulnerable Library) |
Medium |
6.5 | browserify-sign-4.0.4.tgz | Upgrade to version: browserify-sign - 4.2.2 | None |
CVE-2022-0155Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> http-proxy-middleware-0.19.1.tgz -> http-proxy-1.17.0.tgz -> ❌ follow-redirects-1.7.0.tgz (Vulnerable Library) |
Medium |
6.5 | follow-redirects-1.7.0.tgz | Upgrade to version: follow-redirects - v1.14.7 | None |
CVE-2021-23386Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> bonjour-3.5.0.tgz -> multicast-dns-6.2.3.tgz -> ❌ dns-packet-1.3.1.tgz (Vulnerable Library) |
Medium |
6.5 | dns-packet-1.3.1.tgz | Upgrade to version: dns-packet - 5.2.2 | None |
WS-2019-0427Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> node-libs-browser-2.0.0.tgz -> crypto-browserify-3.11.0.tgz -> create-ecdh-4.0.0.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library) |
Medium |
5.9 | elliptic-6.4.0.tgz | Upgrade to version: v6.5.2 | None |
WS-2019-0424Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> node-libs-browser-2.0.0.tgz -> crypto-browserify-3.11.0.tgz -> create-ecdh-4.0.0.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library) |
Medium |
5.9 | elliptic-6.4.0.tgz | Upgrade to version: GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105;Romano.Vue - 1.0.1;org.webjars.npm:elliptic - 6.5.4,6.3.3;VueJS.NetCore - 1.1.1;elliptic - 6.5.3;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;Fable.Template.Elmish.React - 0.1.6 | None |
CVE-2022-0536Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> http-proxy-middleware-0.19.1.tgz -> http-proxy-1.17.0.tgz -> ❌ follow-redirects-1.7.0.tgz (Vulnerable Library) |
Medium |
5.9 | follow-redirects-1.7.0.tgz | Upgrade to version: follow-redirects - 1.14.8 | None |
CVE-2020-15366Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> ❌ ajv-4.11.8.tgz (Vulnerable Library) |
Medium |
5.6 | ajv-4.11.8.tgz | Upgrade to version: ajv - 6.12.3 | None |
CVE-2021-32640Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> socket.io-client-2.2.0.tgz (Root Library) -> engine.io-client-3.3.2.tgz -> ❌ ws-6.1.4.tgz (Vulnerable Library) |
Medium |
5.3 | ws-6.1.4.tgz | Upgrade to version: 5.2.3,6.2.2,7.4.6 | None |
CVE-2021-23368Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> css-loader-2.1.1.tgz (Root Library) -> ❌ postcss-7.0.14.tgz (Vulnerable Library) |
Medium |
5.3 | postcss-7.0.14.tgz | Upgrade to version: postcss -8.2.10 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| WS-2020-0042 | acorn-6.1.1.tgz |
| WS-2021-0153 | ejs-2.6.1.tgz |
| CVE-2022-25858 | terser-3.17.0.tgz |
| CVE-2021-23364 | browserslist-4.5.4.tgz |
| CVE-2019-16769 | serialize-javascript-1.6.1.tgz |
| CVE-2022-29078 | ejs-2.6.1.tgz |
| CVE-2020-7660 | serialize-javascript-1.6.1.tgz |
| CVE-2022-46175 | json5-2.1.0.tgz |
| CVE-2022-1650 | eventsource-1.0.7.tgz |
| CVE-2020-7608 | yargs-parser-11.1.1.tgz |
| CVE-2020-7608 | yargs-parser-10.1.0.tgz |
Base branch total remaining vulnerabilities: 90
Base branch commit: null
Total libraries scanned: 1058
Scan token: c1465f333f1d4d22b31326484e2e1f3c