web-ext@10.2.0 requires tmp@0.2.5
No patched version available for tmp
Dependabot encountered '1' error(s) during execution, please check the logs for more details.
+--------------------------------------------------------------------------------------------+
| Errors |
+------------------------------+-------------------------------------------------------------+
| Type | Details |
+------------------------------+-------------------------------------------------------------+
| security_update_not_possible | { |
| | "dependency-name": "tmp", |
| | "latest-resolvable-version": "0.2.5", |
| | "lowest-non-vulnerable-version": "0.2.6", |
| | "conflicting-dependencies": [ |
| | { |
| | "explanation": "web-ext@10.2.0 requires tmp@0.2.5", |
| | "name": "web-ext", |
| | "version": "10.2.0", |
| | "requirement": "0.2.5" |
| | }, |
| | { |
| | "dependency_name": "tmp", |
| | "fix_available": false, |
| | "fix_updates": [], |
| | "top_level_ancestors": [], |
| | "explanation": "No patched version available for tmp" |
| | } |
| | ] |
| | } |
+------------------------------+-------------------------------------------------------------+
DependABot warns about tmp GHSA-ph9p-34f9-6g65 (CVE-2026-44705), but web-ext still depends on an old version: