Skip to content

fix: Security updates #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
github-actions wants to merge 1 commit into
base: main
Choose a base branch
from
+2,218 −5,885

fix: apply audit fixes

3586e3d
Select commit
Loading
Failed to load commit list.
Open

fix: Security updates #19

fix: apply audit fixes
3586e3d
Select commit
Loading
Failed to load commit list.
StepSecurity Actions Security / StepSecurity Required Checks succeeded Feb 23, 2026 in 8s

StepSecurity Required Checks

Finished StepSecurity Required Checks

  • NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
  • NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
  • Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers
  • Script Injection Check - Checks for script injection vulnerabilities in the PR

Details

✅ Pwn Request Vulnerabilities Check

No Pwn Request vulnerabilities found in this PR.

✅ Script Injection Vulnerabilities Check

No Script Injection vulnerabilities found in this PR.

✅ NPM Compromised Packages Check

No Compromised npm packages are added in current PR.

✅ NPM Package Cooldown Check

No npm package upgrades to recent releases found in current PR.

The following npm packages are inspected in current PR (showing first 50 of 192 packages)

Package Name Previous Version Current Version file Current Version Release Date
minimatch 3.1.2 3.1.3 package-lock.json 2026-02-22T02:17:31Z
caniuse-lite 1.0.30001770 1.0.30001770 package-lock.json 2026-02-15T03:32:54Z
axios 1.13.5 1.13.5 package-lock.json 2026-02-08T11:05:13Z
@sinclair/typebox 0.27.10 0.27.10 package-lock.json 2026-02-04T07:35:06Z
electron-to-chromium 1.5.286 1.5.286 package-lock.json 2026-02-03T09:28:00Z
baseline-browser-mapping 2.9.19 2.9.19 package-lock.json 2026-01-28T14:20:57Z
dedent 1.7.1 1.7.1 package-lock.json 2025-12-17T09:53:53Z
browserslist 4.28.1 4.28.1 package-lock.json 2025-12-03T16:22:25Z
@types/yargs 17.0.35 17.0.35 package-lock.json 2025-11-14T18:04:34Z
@vercel/ncc 0.38.4 0.38.4 package-lock.json 2025-09-18T14:15:13Z
@jridgewell/trace-mapping 0.3.31 0.3.31 package-lock.json 2025-09-10T20:12:49Z
istanbul-reports 3.2.0 3.2.0 package-lock.json 2025-08-18T12:13:17Z
@jridgewell/sourcemap-codec 1.5.5 1.5.5 package-lock.json 2025-08-12T06:43:59Z
@jridgewell/remapping 2.3.5 2.3.5 package-lock.json 2025-08-12T06:43:35Z
@jridgewell/gen-mapping 0.3.13 0.3.13 package-lock.json 2025-08-12T06:43:21Z
follow-redirects 1.15.11 1.15.11 package-lock.json 2025-07-31T12:54:55Z
@octokit/core 5.2.2 5.2.2 package-lock.json 2025-07-11T00:26:25Z
brace-expansion 1.1.12 1.1.12 package-lock.json 2025-06-11T08:52:58Z
@types/babel__generator 7.27.0 7.27.0 package-lock.json 2025-04-03T16:02:42Z
@octokit/types 13.10.0 13.10.0 package-lock.json 2025-03-18T23:28:55Z
@octokit/openapi-types 24.2.0 24.2.0 package-lock.json 2025-03-18T23:18:11Z
get-intrinsic 1.3.0 1.3.0 package-lock.json 2025-02-22T20:54:20Z
@octokit/graphql 7.1.1 7.1.1 package-lock.json 2025-02-20T20:36:37Z
@octokit/plugin-paginate-rest 9.2.2 9.2.2 package-lock.json 2025-02-15T00:09:26Z
@octokit/request 8.4.1 8.4.1 package-lock.json 2025-02-15T00:08:47Z
@octokit/request-error 5.1.1 5.1.1 package-lock.json 2025-02-14T22:27:01Z
@octokit/endpoint 9.0.6 9.0.6 package-lock.json 2025-02-14T21:30:48Z
call-bind-apply-helpers 1.0.2 1.0.2 package-lock.json 2025-02-12T19:24:56Z
es-object-atoms 1.1.1 1.1.1 package-lock.json 2025-01-15T00:42:43Z
get-proto 1.0.1 1.0.1 package-lock.json 2025-01-02T20:08:02Z
es-set-tostringtag 2.1.0 2.1.0 package-lock.json 2025-01-02T04:44:14Z
dunder-proto 1.0.1 1.0.1 package-lock.json 2024-12-17T02:12:47Z
es-define-property 1.0.1 1.0.1 package-lock.json 2024-12-06T18:16:02Z
gopd 1.2.0 1.2.0 package-lock.json 2024-12-04T16:21:52Z
has-symbols 1.1.0 1.1.0 package-lock.json 2024-12-02T16:34:17Z
resolve.exports 2.0.3 2.0.3 package-lock.json 2024-12-02T16:31:19Z
cross-spawn 7.0.6 7.0.6 package-lock.json 2024-11-18T13:59:52Z
@types/jest 29.5.14 29.5.14 package-lock.json 2024-10-23T03:43:49Z
escalade 3.2.0 3.2.0 package-lock.json 2024-08-29T22:59:36Z
import-local 3.2.0 3.2.0 package-lock.json 2024-07-22T10:56:48Z
braces 3.0.3 3.0.3 package-lock.json 2024-05-21T08:59:11Z
fill-range 7.1.1 7.1.1 package-lock.json 2024-05-21T08:45:51Z
react-is 18.3.1 18.3.1 package-lock.json 2024-04-26T16:43:05Z
hasown 2.0.2 2.0.2 package-lock.json 2024-03-10T17:38:25Z
@octokit/plugin-rest-endpoint-methods 10.4.1 10.4.1 package-lock.json 2024-03-01T18:44:51Z
es-errors 1.3.0 1.3.0 package-lock.json 2024-02-05T08:05:51Z
has-tostringtag 1.0.2 1.0.2 package-lock.json 2024-02-01T21:44:00Z
@types/node 20.11.16 20.11.16 package-lock.json 2024-02-01T17:35:24Z
@sinonjs/commons 3.0.1 3.0.1 package-lock.json 2024-01-20T14:42:09Z
@types/babel__core 7.20.5 7.20.5 package-lock.json 2023-11-20T23:44:10Z
⏲️ History

Previous invocation results of same check:

✅ Script Injection Vulnerabilities Check

No Script Injection vulnerabilities found in this PR.

✅ Pwn Request Vulnerabilities Check

No Pwn Request vulnerabilities found in this PR.

✅ NPM Compromised Packages Check

No Compromised npm packages are added in current PR.

❌ NPM Package Cooldown Check

The following npm packages added in current PR are recent versions(not older than 2 days). This check will pass at 2026-02-25T02:17:31Z

Package Name Previous Version Current Version file Current Version Release Date
minimatch 3.1.2 3.1.3 package-lock.json 2026-02-22T02:17:31Z
⏲️ History

Previous invocation results of same check:

View more details on StepSecurity Actions Security