fix: Security updates #5
Merged
StepSecurity Actions Security / StepSecurity Required Checks
succeeded
Dec 16, 2025 in 2s
StepSecurity Required Checks
Finished StepSecurity Required Checks
- NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
- NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
- Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers
- Script Injection Check - Checks for script injection vulnerabilities in the PR
Details
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| js-yaml | 4.1.0 | 4.1.1 | package-lock.json | 2025-11-12T15:18:03Z |
| @babel/parser | 7.25.3 | 7.28.5 | package-lock.json | 2025-10-23T15:17:47Z |
| @babel/types | 7.25.2 | 7.28.5 | package-lock.json | 2025-10-23T15:17:45Z |
| @babel/helper-validator-identifier | 7.24.7 | 7.28.5 | package-lock.json | 2025-10-23T15:17:38Z |
| @babel/helpers | 7.25.0 | 7.28.4 | package-lock.json | 2025-09-05T14:53:12Z |
| brace-expansion | 2.0.1 | 2.0.2 | package-lock.json | 2025-06-11T08:48:36Z |
| @babel/template | 7.25.0 | 7.27.2 | package-lock.json | 2025-05-06T15:33:49Z |
| @babel/code-frame | 7.24.7 | 7.27.1 | package-lock.json | 2025-04-30T15:08:31Z |
| @babel/helper-string-parser | 7.24.8 | 7.27.1 | package-lock.json | 2025-04-30T15:08:26Z |
| undici | 5.28.4 | 5.29.0 | package-lock.json | 2025-03-19T18:00:34Z |
| cross-spawn | 7.0.3 | 7.0.6 | package-lock.json | 2024-11-18T13:59:52Z |
| picocolors | 1.0.1 | 1.1.1 | package-lock.json | 2024-10-16T18:20:03Z |
| micromatch | 4.0.7 | 4.0.8 | package-lock.json | 2024-08-23T16:31:18Z |
⏲️ History
Previous invocation results of same check:
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| js-yaml | 4.1.0 | 4.1.1 | package-lock.json | 2025-11-12T15:18:03Z |
| @babel/parser | 7.25.3 | 7.28.5 | package-lock.json | 2025-10-23T15:17:47Z |
| @babel/types | 7.25.2 | 7.28.5 | package-lock.json | 2025-10-23T15:17:45Z |
| @babel/helper-validator-identifier | 7.24.7 | 7.28.5 | package-lock.json | 2025-10-23T15:17:38Z |
| @babel/helpers | 7.25.0 | 7.28.4 | package-lock.json | 2025-09-05T14:53:12Z |
| brace-expansion | 2.0.1 | 2.0.2 | package-lock.json | 2025-06-11T08:48:36Z |
| @babel/template | 7.25.0 | 7.27.2 | package-lock.json | 2025-05-06T15:33:49Z |
| @babel/code-frame | 7.24.7 | 7.27.1 | package-lock.json | 2025-04-30T15:08:31Z |
| @babel/helper-string-parser | 7.24.8 | 7.27.1 | package-lock.json | 2025-04-30T15:08:26Z |
| undici | 5.28.4 | 5.29.0 | package-lock.json | 2025-03-19T18:00:34Z |
| cross-spawn | 7.0.3 | 7.0.6 | package-lock.json | 2024-11-18T13:59:52Z |
| picocolors | 1.0.1 | 1.1.1 | package-lock.json | 2024-10-16T18:20:03Z |
| micromatch | 4.0.7 | 4.0.8 | package-lock.json | 2024-08-23T16:31:18Z |
⏲️ History
Previous invocation results of same check:
Loading