fix: Security updates #14
Closed
StepSecurity Actions Security / StepSecurity Required Checks
succeeded
May 5, 2026 in 0s
StepSecurity Required Checks
Finished StepSecurity Required Checks
- Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers
- Script Injection Check - Checks for script injection vulnerabilities in the PR
- NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
- NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
- PyPI Compromised Packages Check - Checks for compromised PyPI package versions in the PR
- PyPI Package Cooldown Check - Fails if any PyPI package version in the PR was released within the configured cooldown period
Details
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ PyPI Package Cooldown Check
No PyPI package upgrades to recent releases found in current PR.
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ PyPI Compromised Packages Check
No compromised PyPI package versions found in current PR.
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| ajv | 6.12.2 | 6.15.0 | yarn.lock | 2026-04-23T14:59:24Z |
| brace-expansion | 1.1.11 | 1.1.14 | yarn.lock | 2026-04-11T13:25:02Z |
| lodash | 4.17.15 | 4.18.1 | yarn.lock | 2026-04-01T21:01:20Z |
| core-js-pure | 3.6.5 | 3.49.0 | yarn.lock | 2026-03-16T21:13:13Z |
| minimatch | 3.0.4 | 3.1.5 | yarn.lock | 2026-02-25T17:17:15Z |
| js-yaml | 3.14.0 | 3.14.2 | yarn.lock | 2025-11-14T22:32:17Z |
| debug | 4.1.1 | 4.4.3 | yarn.lock | 2025-09-13T17:25:19Z |
| undici | 5.29.0 | yarn.lock | 2025-03-19T18:00:34Z | |
| jsesc | 3.1.0 | yarn.lock | 2024-12-11T08:24:34Z | |
| cross-spawn | 6.0.5 | 6.0.6 | yarn.lock | 2024-11-18T14:21:34Z |
| picocolors | 1.1.1 | yarn.lock | 2024-10-16T18:20:03Z | |
| node-fetch | 2.6.0 | 2.7.0 | yarn.lock | 2023-08-23T17:18:39Z |
| word-wrap | 1.2.3 | 1.2.5 | yarn.lock | 2023-07-22T14:37:38Z |
| semver | 6.3.0 | 6.3.1 | yarn.lock | 2023-07-10T22:38:41Z |
| minimist | 1.2.5 | 1.2.8 | yarn.lock | 2023-02-09T20:59:49Z |
| json5 | 2.1.3 | 2.2.3 | yarn.lock | 2022-12-31T17:11:32Z |
| decode-uri-component | 0.2.0 | 0.2.2 | yarn.lock | 2022-12-01T18:22:59Z |
| ansi-regex | 4.1.0 | 4.1.1 | yarn.lock | 2022-03-12T03:08:58Z |
| tmpl | 1.0.4 | 1.0.5 | yarn.lock | 2021-09-07T06:46:22Z |
| path-parse | 1.0.6 | 1.0.7 | yarn.lock | 2021-05-25T12:57:37Z |
| hosted-git-info | 2.8.8 | 2.8.9 | yarn.lock | 2021-04-07T20:04:34Z |
| ms | 2.1.2 | 2.1.3 | yarn.lock | 2020-12-08T13:54:35Z |
| whatwg-url | 5.0.0 | yarn.lock | 2017-05-26T20:56:41Z | |
| tr46 | 0.0.3 | yarn.lock | 2016-01-20T02:08:54Z | |
| webidl-conversions | 3.0.1 | yarn.lock | 2016-01-04T06:08:05Z |
⏲️ History
Previous invocation results of same check:
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ PyPI Compromised Packages Check
No compromised PyPI package versions found in current PR.
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ PyPI Package Cooldown Check
No PyPI package upgrades to recent releases found in current PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| ajv | 6.12.2 | 6.15.0 | yarn.lock | 2026-04-23T14:59:24Z |
| brace-expansion | 1.1.11 | 1.1.14 | yarn.lock | 2026-04-11T13:25:02Z |
| lodash | 4.17.15 | 4.18.1 | yarn.lock | 2026-04-01T21:01:20Z |
| core-js-pure | 3.6.5 | 3.49.0 | yarn.lock | 2026-03-16T21:13:13Z |
| minimatch | 3.0.4 | 3.1.5 | yarn.lock | 2026-02-25T17:17:15Z |
| js-yaml | 3.14.0 | 3.14.2 | yarn.lock | 2025-11-14T22:32:17Z |
| debug | 4.1.1 | 4.4.3 | yarn.lock | 2025-09-13T17:25:19Z |
| undici | 5.29.0 | yarn.lock | 2025-03-19T18:00:34Z | |
| jsesc | 3.1.0 | yarn.lock | 2024-12-11T08:24:34Z | |
| cross-spawn | 6.0.5 | 6.0.6 | yarn.lock | 2024-11-18T14:21:34Z |
| picocolors | 1.1.1 | yarn.lock | 2024-10-16T18:20:03Z | |
| node-fetch | 2.6.0 | 2.7.0 | yarn.lock | 2023-08-23T17:18:39Z |
| word-wrap | 1.2.3 | 1.2.5 | yarn.lock | 2023-07-22T14:37:38Z |
| semver | 6.3.0 | 6.3.1 | yarn.lock | 2023-07-10T22:38:41Z |
| minimist | 1.2.5 | 1.2.8 | yarn.lock | 2023-02-09T20:59:49Z |
| json5 | 2.1.3 | 2.2.3 | yarn.lock | 2022-12-31T17:11:32Z |
| decode-uri-component | 0.2.0 | 0.2.2 | yarn.lock | 2022-12-01T18:22:59Z |
| ansi-regex | 4.1.0 | 4.1.1 | yarn.lock | 2022-03-12T03:08:58Z |
| tmpl | 1.0.4 | 1.0.5 | yarn.lock | 2021-09-07T06:46:22Z |
| path-parse | 1.0.6 | 1.0.7 | yarn.lock | 2021-05-25T12:57:37Z |
| hosted-git-info | 2.8.8 | 2.8.9 | yarn.lock | 2021-04-07T20:04:34Z |
| ms | 2.1.2 | 2.1.3 | yarn.lock | 2020-12-08T13:54:35Z |
| whatwg-url | 5.0.0 | yarn.lock | 2017-05-26T20:56:41Z | |
| tr46 | 0.0.3 | yarn.lock | 2016-01-20T02:08:54Z | |
| webidl-conversions | 3.0.1 | yarn.lock | 2016-01-04T06:08:05Z |
⏲️ History
Previous invocation results of same check:
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ PyPI Package Cooldown Check
No PyPI package upgrades to recent releases found in current PR.
✅ PyPI Compromised Packages Check
No compromised PyPI package versions found in current PR.
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| ajv | 6.12.2 | 6.15.0 | yarn.lock | 2026-04-23T14:59:24Z |
| brace-expansion | 1.1.11 | 1.1.14 | yarn.lock | 2026-04-11T13:25:02Z |
| lodash | 4.17.15 | 4.18.1 | yarn.lock | 2026-04-01T21:01:20Z |
| core-js-pure | 3.6.5 | 3.49.0 | yarn.lock | 2026-03-16T21:13:13Z |
| minimatch | 3.0.4 | 3.1.5 | yarn.lock | 2026-02-25T17:17:15Z |
| js-yaml | 3.14.0 | 3.14.2 | yarn.lock | 2025-11-14T22:32:17Z |
| debug | 4.1.1 | 4.4.3 | yarn.lock | 2025-09-13T17:25:19Z |
| undici | 5.29.0 | yarn.lock | 2025-03-19T18:00:34Z | |
| jsesc | 3.1.0 | yarn.lock | 2024-12-11T08:24:34Z | |
| cross-spawn | 6.0.5 | 6.0.6 | yarn.lock | 2024-11-18T14:21:34Z |
| picocolors | 1.1.1 | yarn.lock | 2024-10-16T18:20:03Z | |
| node-fetch | 2.6.0 | 2.7.0 | yarn.lock | 2023-08-23T17:18:39Z |
| word-wrap | 1.2.3 | 1.2.5 | yarn.lock | 2023-07-22T14:37:38Z |
| semver | 6.3.0 | 6.3.1 | yarn.lock | 2023-07-10T22:38:41Z |
| minimist | 1.2.5 | 1.2.8 | yarn.lock | 2023-02-09T20:59:49Z |
| json5 | 2.1.3 | 2.2.3 | yarn.lock | 2022-12-31T17:11:32Z |
| decode-uri-component | 0.2.0 | 0.2.2 | yarn.lock | 2022-12-01T18:22:59Z |
| ansi-regex | 4.1.0 | 4.1.1 | yarn.lock | 2022-03-12T03:08:58Z |
| tmpl | 1.0.4 | 1.0.5 | yarn.lock | 2021-09-07T06:46:22Z |
| path-parse | 1.0.6 | 1.0.7 | yarn.lock | 2021-05-25T12:57:37Z |
| hosted-git-info | 2.8.8 | 2.8.9 | yarn.lock | 2021-04-07T20:04:34Z |
| ms | 2.1.2 | 2.1.3 | yarn.lock | 2020-12-08T13:54:35Z |
| whatwg-url | 5.0.0 | yarn.lock | 2017-05-26T20:56:41Z | |
| tr46 | 0.0.3 | yarn.lock | 2016-01-20T02:08:54Z | |
| webidl-conversions | 3.0.1 | yarn.lock | 2016-01-04T06:08:05Z |
Loading