Update Build Tools #379

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

npm

https://amplearning.jfrog.io/artifactory/api/npm/amplify-npm

Step	Level	Description	Details
Setting the scanner configuration	⚠Warn	Failure to set private registries, due to an issue with the configuration provided by the user	no "registry" field corresponding to this url was found in the .npmrc files

2 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue	Reachability
CVE-2025-2306 Path to dependency file: /package.json Path to vulnerable library: /node_modules/mongoose/package.json Dependency Hierarchy: -> ❌ mongoose-8.5.2.tgz (Vulnerable Library)	Critical	9.4	mongoose-8.5.2.tgz	Upgrade to version: mongoose -6.13.6,7.8.4,8.9.5	#402
CVE-2024-4067 Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/package.json Dependency Hierarchy: -> sass-1.85.1.tgz (Root Library) -> @parcel/watcher-2.5.1.tgz -> ❌ micromatch-4.0.5.tgz (Vulnerable Library)	Medium	5.3	micromatch-4.0.5.tgz	Upgrade to version: micromatch - 4.0.8	None

Base branch total remaining vulnerabilities: 15
Base branch commit: d78fa6c704e955e6c8c8cfced0439e66cf72809e

Total libraries scanned: 663

Scan token: fdc97ca2621e47f787a28a08af6f4a67

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update Build Tools #379

Uh oh!

Uh oh!

Update Build Tools #379

Uh oh!

Security Report

npm

https://amplearning.jfrog.io/artifactory/api/npm/amplify-npm

Re-running checks...

Update Build Tools #379

Are you sure you want to change the base?

Uh oh!