Update dependency workbox-webpack-plugin to v6.5.4 #128
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2026-26996Path to dependency file: /achilles-frontend/package.json Path to vulnerable library: /achilles-frontend/package.json Dependency Hierarchy: -> react-dev-utils-12.0.1.tgz (Root Library) -> fork-ts-checker-webpack-plugin-6.5.2.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
 High |
7.5 | Transitive minimatch-3.1.5.tgz |
react-dev-utils-12.0.1.tgz | Transitive 10.2.1 |
#9 | |
CVE-2026-26996Path to dependency file: /achilles-frontend/package.json Path to vulnerable library: /achilles-frontend/package.json Dependency Hierarchy: -> workbox-webpack-plugin-6.6.1.tgz (Root Library) -> workbox-build-6.6.1.tgz -> rollup-plugin-off-main-thread-2.2.3.tgz -> ejs-3.1.10.tgz -> jake-10.9.4.tgz -> filelist-1.0.6.tgz -> ❌ minimatch-5.1.9.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-5.1.9.tgz |
workbox-webpack-plugin-6.6.1.tgz | Transitive 10.2.1 |
None | |
CVE-2026-26996Path to dependency file: /achilles-frontend/package.json Path to vulnerable library: /achilles-frontend/package.json Dependency Hierarchy: -> eslint-plugin-import-2.22.1.tgz (Root Library) -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.5.tgz |
eslint-plugin-import-2.22.1.tgz | Transitive 10.2.1 |
#34 | |
CVE-2026-26996Path to dependency file: /achilles-frontend/package.json Path to vulnerable library: /achilles-frontend/package.json Dependency Hierarchy: -> eslint-7.22.0.tgz (Root Library) -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.5.tgz |
eslint-7.22.0.tgz | Transitive 10.2.1 |
#46 | |
CVE-2026-26996Path to dependency file: /achilles-frontend/package.json Path to vulnerable library: /achilles-frontend/package.json Dependency Hierarchy: -> terser-webpack-plugin-4.2.3.tgz (Root Library) -> cacache-15.0.5.tgz -> glob-7.1.6.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.5.tgz |
terser-webpack-plugin-4.2.3.tgz | Transitive 10.2.1 |
#39 | |
CVE-2026-26996Path to dependency file: /achilles-frontend/package.json Path to vulnerable library: /achilles-frontend/package.json Dependency Hierarchy: -> jest-26.6.0.tgz (Root Library) -> core-26.6.3.tgz -> jest-config-26.6.3.tgz -> glob-7.1.6.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.5.tgz |
jest-26.6.0.tgz | Transitive 10.2.1 |
#38 | |
CVE-2026-26996Path to dependency file: /achilles-frontend/package.json Path to vulnerable library: /achilles-frontend/package.json Dependency Hierarchy: -> babel-jest-26.6.3.tgz (Root Library) -> babel-plugin-istanbul-6.0.0.tgz -> test-exclude-6.0.0.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.5.tgz |
babel-jest-26.6.3.tgz | Transitive 10.2.1 |
#7 | |
CVE-2026-26996Path to dependency file: /achilles-frontend/package.json Path to vulnerable library: /achilles-frontend/package.json Dependency Hierarchy: -> jest-circus-26.6.0.tgz (Root Library) -> jest-runtime-26.6.3.tgz -> glob-7.1.6.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.5.tgz |
jest-circus-26.6.0.tgz | Transitive 10.2.1 |
#4 |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| GHSA-8x6c-cv3v-vp6g | cacheable-request-6.1.0.tgz |
| CVE-2022-25881 | http-cache-semantics-4.1.0.tgz |
| CVE-2022-46175 | json5-2.2.0.tgz |
Base branch total remaining vulnerabilities: 130
Base branch commit: 6fe0ef7fd3ca6bf6339b996c7cbdf6e38c5a74c7
Total libraries scanned: 2122
Scan token: 5079207bca034f22b4d4403503c7841b