Skip to content

fix: Security updates #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
github-actions wants to merge 1 commit into from

fix: apply audit fixes

dd43ebe
Select commit
Loading
Failed to load commit list.
Closed

fix: Security updates #16

fix: apply audit fixes
dd43ebe
Select commit
Loading
Failed to load commit list.
StepSecurity Actions Security / StepSecurity Required Checks succeeded Apr 17, 2026 in 2s

StepSecurity Required Checks

Finished StepSecurity Required Checks

  • Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers
  • Script Injection Check - Checks for script injection vulnerabilities in the PR
  • NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
  • NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases

Details

✅ Script Injection Vulnerabilities Check

No Script Injection vulnerabilities found in this PR.

✅ Pwn Request Vulnerabilities Check

No Pwn Request vulnerabilities found in this PR.

✅ NPM Compromised Packages Check

No Compromised npm packages are added in current PR.

✅ NPM Package Cooldown Check

No npm package upgrades to recent releases found in current PR.

The following npm packages are inspected in current PR (showing first 50 of 212 packages)

Package Name Previous Version Current Version file Current Version Release Date
brace-expansion 1.1.11 1.1.14 package-lock.json 2026-04-11T13:25:02Z
lodash 4.17.21 4.18.1 package-lock.json 2026-04-01T21:01:20Z
handlebars 4.7.7 4.7.9 package-lock.json 2026-03-26T20:46:39Z
minipass-flush 1.0.5 1.0.7 package-lock.json 2026-03-26T15:59:51Z
picomatch 2.3.1 2.3.2 package-lock.json 2026-03-23T20:39:08Z
yaml 2.4.1 2.8.3 package-lock.json 2026-03-21T10:37:06Z
flatted 3.2.0 3.4.2 package-lock.json 2026-03-17T15:03:56Z
@babel/parser 7.24.4 7.29.2 package-lock.json 2026-03-16T22:33:19Z
@babel/runtime 7.24.4 7.29.2 package-lock.json 2026-03-16T22:33:19Z
@babel/helpers 7.24.4 7.29.2 package-lock.json 2026-03-16T22:33:19Z
filelist 1.0.6 package-lock.json 2026-02-25T21:13:38Z
minimatch 3.1.2 3.1.5 package-lock.json 2026-02-25T17:17:15Z
ajv 6.12.6 6.14.0 package-lock.json 2026-02-20T18:09:33Z
@babel/types 7.24.0 7.29.0 package-lock.json 2026-01-31T17:39:13Z
@babel/code-frame 7.24.2 7.29.0 package-lock.json 2026-01-31T17:39:09Z
@babel/template 7.24.0 7.28.6 package-lock.json 2026-01-12T17:50:00Z
envinfo 7.8.1 7.21.0 package-lock.json 2025-11-27T01:01:30Z
js-yaml 3.14.1 3.14.2 package-lock.json 2025-11-14T22:32:17Z
ip-address 10.1.0 package-lock.json 2025-11-08T19:50:45Z
@inquirer/external-editor 1.0.3 package-lock.json 2025-11-08T19:45:33Z
@babel/helper-validator-identifier 7.22.20 7.28.5 package-lock.json 2025-10-23T15:17:38Z
exponential-backoff 3.1.3 package-lock.json 2025-10-10T23:10:07Z
fast-uri 3.1.0 package-lock.json 2025-08-25T13:16:04Z
jsonfile 6.1.0 6.2.0 package-lock.json 2025-08-12T15:34:50Z
socks 2.6.2 2.8.7 package-lock.json 2025-08-12T05:20:24Z
jake 10.9.4 package-lock.json 2025-08-03T23:30:06Z
@octokit/core 3.6.0 5.2.2 package-lock.json 2025-07-11T00:26:25Z
@babel/helper-string-parser 7.24.1 7.27.1 package-lock.json 2025-04-30T15:08:26Z
parse-path 4.0.4 7.1.0 package-lock.json 2025-04-15T07:02:16Z
undici 5.28.4 5.29.0 package-lock.json 2025-03-19T18:00:34Z
@octokit/types 6.35.0 13.10.0 package-lock.json 2025-03-18T23:28:55Z
@octokit/openapi-types 12.1.0 24.2.0 package-lock.json 2025-03-18T23:18:11Z
@octokit/graphql 4.6.4 7.1.1 package-lock.json 2025-02-20T20:36:37Z
@octokit/plugin-paginate-rest 2.18.0 9.2.2 package-lock.json 2025-02-15T00:09:26Z
@octokit/request 5.6.3 8.4.1 package-lock.json 2025-02-15T00:08:47Z
@octokit/request-error 2.1.0 5.1.1 package-lock.json 2025-02-14T22:27:01Z
@octokit/endpoint 6.0.12 9.0.6 package-lock.json 2025-02-14T21:30:48Z
protocols 1.4.8 2.0.2 package-lock.json 2025-02-14T01:18:58Z
is-ssh 1.3.3 1.4.1 package-lock.json 2025-02-13T20:16:53Z
agentkeepalive 4.2.1 4.6.0 package-lock.json 2024-12-29T02:57:11Z
node-gyp-build 4.8.4 package-lock.json 2024-11-19T14:43:46Z
cross-spawn 7.0.3 7.0.6 package-lock.json 2024-11-18T13:59:52Z
negotiator 0.6.3 0.6.4 package-lock.json 2024-10-19T03:20:43Z
picocolors 1.0.0 1.1.1 package-lock.json 2024-10-16T18:20:03Z
package-json-from-dist 1.0.1 package-lock.json 2024-09-26T18:59:08Z
micromatch 4.0.5 4.0.8 package-lock.json 2024-08-23T16:31:18Z
async 3.2.6 package-lock.json 2024-08-19T23:24:23Z
minipass-json-stream 1.0.1 1.0.2 package-lock.json 2024-07-28T22:12:38Z
jackspeak 2.3.6 3.4.3 package-lock.json 2024-07-10T15:50:20Z
braces 3.0.2 3.0.3 package-lock.json 2024-05-21T08:59:11Z
⏲️ History

Previous invocation results of same check:

✅ Script Injection Vulnerabilities Check

No Script Injection vulnerabilities found in this PR.

✅ Pwn Request Vulnerabilities Check

No Pwn Request vulnerabilities found in this PR.

✅ NPM Compromised Packages Check

No Compromised npm packages are added in current PR.

✅ NPM Package Cooldown Check

No npm package upgrades to recent releases found in current PR.

The following npm packages are inspected in current PR (showing first 50 of 212 packages)

Package Name Previous Version Current Version file Current Version Release Date
brace-expansion 1.1.11 1.1.14 package-lock.json 2026-04-11T13:25:02Z
lodash 4.17.21 4.18.1 package-lock.json 2026-04-01T21:01:20Z
handlebars 4.7.7 4.7.9 package-lock.json 2026-03-26T20:46:39Z
minipass-flush 1.0.5 1.0.7 package-lock.json 2026-03-26T15:59:51Z
picomatch 2.3.1 2.3.2 package-lock.json 2026-03-23T20:39:08Z
yaml 2.4.1 2.8.3 package-lock.json 2026-03-21T10:37:06Z
flatted 3.2.0 3.4.2 package-lock.json 2026-03-17T15:03:56Z
@babel/runtime 7.24.4 7.29.2 package-lock.json 2026-03-16T22:33:19Z
@babel/parser 7.24.4 7.29.2 package-lock.json 2026-03-16T22:33:19Z
@babel/helpers 7.24.4 7.29.2 package-lock.json 2026-03-16T22:33:19Z
filelist 1.0.6 package-lock.json 2026-02-25T21:13:38Z
minimatch 3.1.2 3.1.5 package-lock.json 2026-02-25T17:17:15Z
ajv 6.12.6 6.14.0 package-lock.json 2026-02-20T18:09:33Z
@babel/types 7.24.0 7.29.0 package-lock.json 2026-01-31T17:39:13Z
@babel/code-frame 7.24.2 7.29.0 package-lock.json 2026-01-31T17:39:09Z
@babel/template 7.24.0 7.28.6 package-lock.json 2026-01-12T17:50:00Z
envinfo 7.8.1 7.21.0 package-lock.json 2025-11-27T01:01:30Z
js-yaml 3.14.1 3.14.2 package-lock.json 2025-11-14T22:32:17Z
ip-address 10.1.0 package-lock.json 2025-11-08T19:50:45Z
@inquirer/external-editor 1.0.3 package-lock.json 2025-11-08T19:45:33Z
@babel/helper-validator-identifier 7.22.20 7.28.5 package-lock.json 2025-10-23T15:17:38Z
exponential-backoff 3.1.3 package-lock.json 2025-10-10T23:10:07Z
fast-uri 3.1.0 package-lock.json 2025-08-25T13:16:04Z
jsonfile 6.1.0 6.2.0 package-lock.json 2025-08-12T15:34:50Z
socks 2.6.2 2.8.7 package-lock.json 2025-08-12T05:20:24Z
jake 10.9.4 package-lock.json 2025-08-03T23:30:06Z
@octokit/core 3.6.0 5.2.2 package-lock.json 2025-07-11T00:26:25Z
@babel/helper-string-parser 7.24.1 7.27.1 package-lock.json 2025-04-30T15:08:26Z
parse-path 4.0.4 7.1.0 package-lock.json 2025-04-15T07:02:16Z
undici 5.28.4 5.29.0 package-lock.json 2025-03-19T18:00:34Z
@octokit/types 6.35.0 13.10.0 package-lock.json 2025-03-18T23:28:55Z
@octokit/openapi-types 12.1.0 24.2.0 package-lock.json 2025-03-18T23:18:11Z
@octokit/graphql 4.6.4 7.1.1 package-lock.json 2025-02-20T20:36:37Z
@octokit/plugin-paginate-rest 2.18.0 9.2.2 package-lock.json 2025-02-15T00:09:26Z
@octokit/request 5.6.3 8.4.1 package-lock.json 2025-02-15T00:08:47Z
@octokit/request-error 2.1.0 5.1.1 package-lock.json 2025-02-14T22:27:01Z
@octokit/endpoint 6.0.12 9.0.6 package-lock.json 2025-02-14T21:30:48Z
protocols 1.4.8 2.0.2 package-lock.json 2025-02-14T01:18:58Z
is-ssh 1.3.3 1.4.1 package-lock.json 2025-02-13T20:16:53Z
agentkeepalive 4.2.1 4.6.0 package-lock.json 2024-12-29T02:57:11Z
node-gyp-build 4.8.4 package-lock.json 2024-11-19T14:43:46Z
cross-spawn 7.0.3 7.0.6 package-lock.json 2024-11-18T13:59:52Z
negotiator 0.6.3 0.6.4 package-lock.json 2024-10-19T03:20:43Z
picocolors 1.0.0 1.1.1 package-lock.json 2024-10-16T18:20:03Z
package-json-from-dist 1.0.1 package-lock.json 2024-09-26T18:59:08Z
micromatch 4.0.5 4.0.8 package-lock.json 2024-08-23T16:31:18Z
async 3.2.6 package-lock.json 2024-08-19T23:24:23Z
minipass-json-stream 1.0.1 1.0.2 package-lock.json 2024-07-28T22:12:38Z
jackspeak 2.3.6 3.4.3 package-lock.json 2024-07-10T15:50:20Z
braces 3.0.2 3.0.3 package-lock.json 2024-05-21T08:59:11Z
⏲️ History

Previous invocation results of same check:

View more details on StepSecurity Actions Security