[Snyk] Security upgrade copy-webpack-plugin from 5.0.2 to 9.0.1 #45
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
MSC-2023-16598Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> chokidar-2.1.5.tgz -> ❌ fsevents-1.2.7.tgz (Vulnerable Library) |
 Critical |
9.8 | fsevents-1.2.7.tgz | None | |
MSC-2023-16594Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ fsevents-1.2.8.tgz (Vulnerable Library) |
Critical |
9.8 | fsevents-1.2.8.tgz | None | |
CVE-2023-45311Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ fsevents-1.2.8.tgz (Vulnerable Library) |
Critical |
9.8 | fsevents-1.2.8.tgz | Upgrade to version: fsevents - 1.2.11 | None |
CVE-2023-45311Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-overlay-loading-1.0.3.tgz (Root Library) -> webpack-dev-server-2.11.5.tgz -> chokidar-2.1.5.tgz -> ❌ fsevents-1.2.7.tgz (Vulnerable Library) |
Critical |
9.8 | fsevents-1.2.7.tgz | Upgrade to version: fsevents - 1.2.11 | None |
CVE-2020-7746Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ chart.js-2.8.0.tgz (Vulnerable Library) |
Critical |
9.8 | chart.js-2.8.0.tgz | Upgrade to version: chart.js - 2.9.4 | None |
CVE-2022-25901Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> superagent-5.0.2.tgz (Root Library) -> ❌ cookiejar-2.1.2.tgz (Vulnerable Library) |
 High |
7.5 | cookiejar-2.1.2.tgz | Upgrade to version: cookiejar - 2.1.4 | None |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> superagent-5.0.2.tgz (Root Library) -> ❌ semver-6.0.0.tgz (Vulnerable Library) |
High |
7.5 | semver-6.0.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-24999Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> superagent-5.0.2.tgz (Root Library) -> ❌ qs-6.7.0.tgz (Vulnerable Library) |
High |
7.5 | qs-6.7.0.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| WS-2021-0153 | ejs-2.6.1.tgz |
| CVE-2022-29078 | ejs-2.6.1.tgz |
| CVE-2020-7660 | serialize-javascript-1.6.1.tgz |
| CVE-2022-46175 | json5-2.1.0.tgz |
| CVE-2022-1650 | eventsource-1.0.7.tgz |
| CVE-2020-7774 | y18n-4.0.0.tgz |
| CVE-2020-7608 | yargs-parser-11.1.1.tgz |
| CVE-2019-15599 | tree-kill-1.2.1.tgz |
| CVE-2020-7608 | yargs-parser-10.1.0.tgz |
| CVE-2021-27290 | ssri-5.3.0.tgz |
| WS-2020-0042 | acorn-6.1.1.tgz |
| CVE-2020-15366 | ajv-6.5.2.tgz |
| CVE-2022-25858 | terser-3.17.0.tgz |
| CVE-2021-27290 | ssri-6.0.1.tgz |
| CVE-2021-23364 | browserslist-4.5.4.tgz |
| CVE-2019-16769 | serialize-javascript-1.6.1.tgz |
| CVE-2021-3807 | ansi-regex-3.0.0.tgz |
Base branch total remaining vulnerabilities: 125
Base branch commit: null
Total libraries scanned: 1027
Scan token: d63e9ea3e3904676b7b6c0be9e2a3fd7