Update dependency node-sass to v7 (main) #1963

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

general

https://vonagecc.jfrog.io/artifactory

Step	Level	Description	Details
Checking registry connectivity	⚠Warn	Unsupported configuration was provided	Unsupported registry hostType gradle, skipped

https://vonagecc.jfrog.io/artifactory/maven

Step	Level	Description	Details
Checking registry connectivity	⚠Warn	Unsupported configuration was provided	Unsupported registry hostType gradle, skipped

ruby

/tmp/ws-scm/station/lib/nexmo_developer/Gemfile

Step	Level	Description	Details
Preparing the project for scan	⚠Warn	One or more of the installations failed	failed to run bundle install version 3.0.0 of Ruby is required

/tmp/ws-scm/station/Gemfile

Step	Level	Description	Details
Preparing the project for scan	⚠Warn	One or more of the installations failed	failed to run bundle install version 3.0.0 of Ruby is required

You have successfully remediated 9 vulnerabilities, but introduced 10 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Exploit Maturity	EPSS	Vulnerable Library	Suggested Fix	Issue	Reachability
CVE-2021-3807 Path to dependency file: /package.json Path to vulnerable library: /node_modules/strip-ansi/node_modules/ansi-regex/package.json Dependency Hierarchy: -> node-sass-7.0.3.tgz (Root Library) -> sass-graph-4.0.1.tgz -> yargs-17.7.2.tgz -> cliui-8.0.1.tgz -> wrap-ansi-7.0.0.tgz -> strip-ansi-6.0.0.tgz -> ❌ ansi-regex-5.0.0.tgz (Vulnerable Library)	High	7.5	Not Defined	0.3%	ansi-regex-5.0.0.tgz	Upgrade to version: ansi-regex - 5.0.1,6.0.1	None	Unreachable
CVE-2021-33623 Path to dependency file: /package.json Path to vulnerable library: /node_modules/trim-newlines/package.json Dependency Hierarchy: -> node-sass-7.0.3.tgz (Root Library) -> meow-9.0.0.tgz -> ❌ trim-newlines-3.0.0.tgz (Vulnerable Library)	High	7.5	Not Defined	0.2%	trim-newlines-3.0.0.tgz	Upgrade to version: trim-newlines - 3.0.1, 4.0.1	None	Unreachable
CVE-2019-6286 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-7.0.3.tgz (Vulnerable Library)	Medium	6.5	Not Defined	0.3%	node-sass-7.0.3.tgz	Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	None	Unreachable
CVE-2019-6283 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-7.0.3.tgz (Vulnerable Library)	Medium	6.5	Not Defined	0.3%	node-sass-7.0.3.tgz	Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	None	Unreachable
CVE-2018-20821 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-7.0.3.tgz (Vulnerable Library)	Medium	6.5	Not Defined	0.3%	node-sass-7.0.3.tgz	Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	None	Unreachable
CVE-2018-20190 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-7.0.3.tgz (Vulnerable Library)	Medium	6.5	Not Defined	1.0%	node-sass-7.0.3.tgz	Upgrade to version: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6	None	Unreachable
CVE-2018-19827 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-7.0.3.tgz (Vulnerable Library)	Medium	5.6	Not Defined	0.4%	node-sass-7.0.3.tgz	Upgrade to version: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6	None	Unreachable
CVE-2018-11694 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-7.0.3.tgz (Vulnerable Library)	Medium	5.6	Not Defined	0.2%	node-sass-7.0.3.tgz	Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	None	Unreachable
CVE-2018-19839 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-7.0.3.tgz (Vulnerable Library)	Low	3.7	Not Defined	0.3%	node-sass-7.0.3.tgz	Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	None	Unreachable
CVE-2018-19797 Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-sass/package.json Dependency Hierarchy: -> ❌ node-sass-7.0.3.tgz (Vulnerable Library)	Low	3.7	Not Defined	0.3%	node-sass-7.0.3.tgz	Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105	None	Unreachable

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
CVE-2018-20190	node-sass-5.0.0.tgz
CVE-2019-6286	node-sass-5.0.0.tgz
CVE-2018-19827	node-sass-5.0.0.tgz
CVE-2020-24025	node-sass-5.0.0.tgz
CVE-2018-19797	node-sass-5.0.0.tgz
CVE-2019-6283	node-sass-5.0.0.tgz
CVE-2018-20821	node-sass-5.0.0.tgz
CVE-2018-11694	node-sass-5.0.0.tgz
CVE-2018-19839	node-sass-5.0.0.tgz

Base branch total remaining vulnerabilities: 96
Base branch commit: null

Total libraries scanned: 1297

Scan token: 06dd954dbb6449e49899c222fb31e39a

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency node-sass to v7 (main) #1963

Update dependency node-sass to v7 (main) #1963

Security Report

general

https://vonagecc.jfrog.io/artifactory

https://vonagecc.jfrog.io/artifactory/maven

ruby

/tmp/ws-scm/station/lib/nexmo_developer/Gemfile

/tmp/ws-scm/station/Gemfile

Re-running checks...

Update dependency node-sass to v7 (main) #1963

Are you sure you want to change the base?