Update dependency sass to v1.81.1 by dev-mend-for-github-com[bot] · Pull Request #4 · MuhammadAEws/dice

Security Report

You have successfully remediated 14 vulnerabilities, but introduced 27 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue
CVE-2025-57820 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ devalue-5.1.1.tgz (Vulnerable Library)	Critical	10.0	`Transitive` devalue-5.1.1.tgz	starlight-0.31.1.tgz	`Transitive` 5.3.2	None
CVE-941441-362681 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> sharp-0.32.6.tgz (Root Library) -> simple-get-4.0.1.tgz -> ❌ once-1.4.0.tgz (Vulnerable Library)	Critical	9.8	`Transitive` once-1.4.0.tgz	sharp-0.32.6.tgz		None
CVE-2026-39363 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ vite-6.1.0.tgz (Vulnerable Library)	High	7.5	`Transitive` vite-6.1.0.tgz	starlight-0.31.1.tgz	`Transitive` Upgrade to version vite - 8.0.5 or greater	None
CVE-2026-35209 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> unstorage-1.14.4.tgz -> h3-1.13.1.tgz -> ❌ defu-6.1.4.tgz (Vulnerable Library)	High	7.5	`Transitive` defu-6.1.4.tgz	starlight-0.31.1.tgz	`Transitive` Upgrade to version defu - 6.1.5 or greater	None
CVE-2026-33671 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> pluginutils-5.1.4.tgz -> ❌ picomatch-4.0.2.tgz (Vulnerable Library)	High	7.5	`Transitive` picomatch-4.0.2.tgz	starlight-0.31.1.tgz	`Transitive` Upgrade to version picomatch - 4.0.4 or greater	None
CVE-2025-54793 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> ❌ astro-5.3.0.tgz (Vulnerable Library)	High	7.2	`Transitive` astro-5.3.0.tgz	starlight-0.31.1.tgz	`Transitive` 5.12.8	None
CVE-2025-64764 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> ❌ astro-5.3.0.tgz (Vulnerable Library)	High	7.1	`Transitive` astro-5.3.0.tgz	starlight-0.31.1.tgz	`Transitive` astro - 5.15.8	None
CVE-2025-64525 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> ❌ astro-5.3.0.tgz (Vulnerable Library)	Medium	6.5	`Transitive` astro-5.3.0.tgz	starlight-0.31.1.tgz	`Transitive` astro - 5.15.5	None
CVE-2025-62522 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ vite-6.1.0.tgz (Vulnerable Library)	Medium	6.5	`Transitive` vite-6.1.0.tgz	starlight-0.31.1.tgz	`Transitive` https://gitlab.com/remram44/taguette.git - v1.5.0	None
CVE-2025-61925 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> ❌ astro-5.3.0.tgz (Vulnerable Library)	Medium	6.5	`Transitive` astro-5.3.0.tgz	starlight-0.31.1.tgz	`Transitive` astro - 5.14.3	None
CVE-2025-32395 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ vite-6.1.0.tgz (Vulnerable Library)	Medium	6.5	`Transitive` vite-6.1.0.tgz	starlight-0.31.1.tgz	`Transitive` 6.1.5	None
CVE-2026-41067 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> ❌ astro-5.3.0.tgz (Vulnerable Library)	Medium	6.1	`Transitive` astro-5.3.0.tgz	starlight-0.31.1.tgz	`Transitive` Upgrade to version astro - 6.1.6 or greater	None
CVE-2025-65019 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ internal-helpers-0.5.1.tgz (Vulnerable Library)	Medium	5.4	`Transitive` internal-helpers-0.5.1.tgz	starlight-0.31.1.tgz	`Transitive` @⁠astrojs/internal-helpers - 0.7.5,https://github.com/withastro/astro.git - @⁠astrojs/internal-helpers@0.7.5	None
CVE-2025-65019 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> ❌ astro-5.3.0.tgz (Vulnerable Library)	Medium	5.4	`Transitive` astro-5.3.0.tgz	starlight-0.31.1.tgz	`Transitive` @⁠astrojs/internal-helpers - 0.7.5,https://github.com/withastro/astro.git - @⁠astrojs/internal-helpers@0.7.5	None
CVE-2026-45028 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> ❌ astro-5.3.0.tgz (Vulnerable Library)	Medium	5.3	`Transitive` astro-5.3.0.tgz	starlight-0.31.1.tgz	`Transitive` Upgrade to version astro - 6.1.10 or greater	None
CVE-2026-39365 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ vite-6.1.0.tgz (Vulnerable Library)	Medium	5.3	`Transitive` vite-6.1.0.tgz	starlight-0.31.1.tgz	`Transitive` 6.4.2	None
CVE-2026-33769 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> ❌ astro-5.3.0.tgz (Vulnerable Library)	Medium	5.3	`Transitive` astro-5.3.0.tgz	starlight-0.31.1.tgz	`Transitive` Upgrade to version astro - 5.18.1 or greater	None
CVE-2026-33672 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> pluginutils-5.1.4.tgz -> ❌ picomatch-4.0.2.tgz (Vulnerable Library)	Medium	5.3	`Transitive` picomatch-4.0.2.tgz	starlight-0.31.1.tgz	`Transitive` Upgrade to version picomatch - 3.0.2 or greater	None
CVE-2026-24001 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ diff-5.2.0.tgz (Vulnerable Library)	Medium	5.3	`Transitive` diff-5.2.0.tgz	starlight-0.31.1.tgz	`Transitive` https://github.com/kpdecker/jsdiff.git - v4.0.4,https://github.com/kpdecker/jsdiff.git - v5.2.2,https://github.com/kpdecker/jsdiff.git - v8.0.3	None
CVE-2025-64765 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> ❌ astro-5.3.0.tgz (Vulnerable Library)	Medium	5.3	`Transitive` astro-5.3.0.tgz	starlight-0.31.1.tgz	`Transitive` astro - 5.15.8	None
CVE-2025-31486 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ vite-6.1.0.tgz (Vulnerable Library)	Medium	5.3	`Transitive` vite-6.1.0.tgz	starlight-0.31.1.tgz	`Transitive` 6.1.4	None
CVE-2025-31125 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ vite-6.1.0.tgz (Vulnerable Library)	Medium	5.3	`Transitive` vite-6.1.0.tgz	starlight-0.31.1.tgz	`Transitive` 6.1.3	None
CVE-2025-30208 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ vite-6.1.0.tgz (Vulnerable Library)	Medium	5.3	`Transitive` vite-6.1.0.tgz	starlight-0.31.1.tgz	`Transitive` 6.1.2	None
CVE-2025-58752 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ vite-6.1.0.tgz (Vulnerable Library)	Medium	4.3	`Transitive` vite-6.1.0.tgz	starlight-0.31.1.tgz	`Transitive` 6.3.6	None
CVE-2025-58751 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> astro-5.3.0.tgz -> ❌ vite-6.1.0.tgz (Vulnerable Library)	Medium	4.3	`Transitive` vite-6.1.0.tgz	starlight-0.31.1.tgz	`Transitive` 6.3.6	None
CVE-2025-64757 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> ❌ astro-5.3.0.tgz (Vulnerable Library)	Low	3.5	`Transitive` astro-5.3.0.tgz	starlight-0.31.1.tgz	`Transitive` astro - 5.14.3	None
CVE-2025-64745 Path to dependency file: /docs/package.json Path to vulnerable library: /docs/package.json Dependency Hierarchy: -> starlight-0.31.1.tgz (Root Library) -> ❌ astro-5.3.0.tgz (Vulnerable Library)	Low	2.7	`Transitive` astro-5.3.0.tgz	starlight-0.31.1.tgz	`Transitive` astro - 5.15.6	None

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-2025-4565	protobuf-4.25.6-cp37-abi3-manylinux2014_x86_64.whl
CVE-2025-50181	urllib3-1.26.20-py2.py3-none-any.whl
CVE-2025-8869	pip-25.0.1-py3-none-any.whl
CVE-2026-3219	pip-25.0.1-py3-none-any.whl
CVE-2026-44431	urllib3-1.26.20-py2.py3-none-any.whl
CVE-2026-1703	pip-25.0.1-py3-none-any.whl
CVE-2025-50182	urllib3-1.26.20-py2.py3-none-any.whl
CVE-2025-71176	pytest-8.3.5-py3-none-any.whl
CVE-2018-20225	pip-25.0.1-py3-none-any.whl
CVE-2025-66418	urllib3-1.26.20-py2.py3-none-any.whl
CVE-2026-6357	pip-25.0.1-py3-none-any.whl
CVE-2026-0994	protobuf-4.25.6-cp37-abi3-manylinux2014_x86_64.whl
CVE-2026-21441	urllib3-1.26.20-py2.py3-none-any.whl
CVE-2025-66471	urllib3-1.26.20-py2.py3-none-any.whl

Base branch total remaining vulnerabilities: 36
Base branch commit: 6703a1908524f677bf251e7e88d0cbd33021958a

Total libraries scanned: 655

Scan token: e01f4f726186410586b695191024dd08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency sass to v1.81.1#4

Update dependency sass to v1.81.1#4
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/sass-1.x-lockfile

Uh oh!

Security Report

Re-running checks...