Skip to content

Wiz: Upgrade multiple dependencies (resolves 52 findings)#4

Open
wiz-code-21c5ec5a85[bot] wants to merge 1 commit into
devfrom
wiz-auto-remediation-beb2954907f59254
Open

Wiz: Upgrade multiple dependencies (resolves 52 findings)#4
wiz-code-21c5ec5a85[bot] wants to merge 1 commit into
devfrom
wiz-auto-remediation-beb2954907f59254

Conversation

@wiz-code-21c5ec5a85
Copy link
Copy Markdown

@wiz-code-21c5ec5a85 wiz-code-21c5ec5a85 Bot commented May 6, 2026

Wiz Remediation Pull Request Banner

Wiz has created this PR to fix 52 findings detected in this project

Changes were made to the following file(s):

  • package.json

Vulnerabilities:

Component Findings Locations
axios
0.21.4 → 5.14.0-alpha-gatsby.6		 Critical CVE-2026-42043
High CVE-2025-27152
High CVE-2026-42038
High CVE-2026-42033
High CVE-2026-25639
High CVE-2026-42035
Medium CVE-2025-62718
Medium CVE-2026-40175
Medium CVE-2023-45857
Medium CVE-2026-42034
Medium CVE-2026-42039
Medium CVE-2026-42036
Medium CVE-2026-42041
Medium CVE-2026-42042
Low CVE-2026-42040		 /package.json
engine.io
6.2.1 → 5.0.0-alpha-drupal-proxyurl.11		 Medium CVE-2023-31125 /package.json
follow-redirects
1.15.11 → 1.15.0		 Medium CVE-2026-40895 /package.json
gatsby-transformer-remark
3.2.0 → 5.25.1		 Medium CVE-2023-22491 /package.json
got
9.6.0 → 5.0.0-alpha-drupal-proxyurl.11		 Medium CVE-2022-33987 /package.json
lodash.pick
4.4.0 → 4.0.0-alpha-v4.25		 High CVE-2020-8203 /package.json
multer
1.4.5-lts.2 → 5.14.4		 High CVE-2026-3520
High CVE-2025-47944
High CVE-2025-7338
High CVE-2026-2359
High CVE-2025-48997
High CVE-2025-47935
High CVE-2026-3304		 /package.json
nth-check
1.0.2 → 4.0.0-next.0		 High CVE-2021-3803 /package.json
postcss
7.0.39 → 6.0.0-alpha-drupal-proxyurl.14		 Medium CVE-2023-44270 /package.json
sanitize-html
1.27.5 → 6.0.0-alpha-drupal-proxyurl.14		 High CVE-2022-25887
Medium CVE-2021-26540
Medium CVE-2019-25225
Medium CVE-2024-21501
Medium CVE-2021-26539		 /package.json
semver
7.0.0 → 5.0.0-next.0		 High CVE-2022-25883 /package.json
sharp
0.30.7 → 5.10.0-next.2		 High CVE-2023-4863 /package.json
socket.io
4.5.4 → 5.10.0-alpha-adapters.164		 High CVE-2024-38355 /package.json
trim
0.0.1 → 4.0.0-next.0		 High CVE-2020-7753 /package.json
webpack-dev-middleware
4.3.0 → 5.14.0		 High CVE-2024-29180 /package.json
ws
8.2.3 → 5.10.0-alpha-adapters.164		 High CVE-2024-37890 /package.json

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@wiz-code-21c5ec5a85
Copy link
Copy Markdown
Author

wiz-code-21c5ec5a85 Bot commented May 6, 2026

⚠️ Lock file update issue

Please update the lock file manually before merging this PR.

yarn.lock 
Unsupported package manager version

@wiz-code-21c5ec5a85
Copy link
Copy Markdown
Author

wiz-code-21c5ec5a85 Bot commented May 6, 2026
edited
Loading

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities 9 High 19 Medium 7 Low
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations -
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total 9 High 19 Medium 7 Low

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Wiz-auto-remediation Wiz-remediation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants