Skip to content

chore: Vulnerability Patches - Low or greater #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: Vulnerability Patches - Low or greater #2

wants to merge 1 commit into from

Conversation

@orm-vulnerabilityscanner
Copy link

@orm-vulnerabilityscanner orm-vulnerabilityscanner commented Jul 27, 2025
edited
Loading

This Pull Request was created to address Low or greater security vulnerabilities as idenitified by Dependabot.

Updates to examples/widget/package-lock.json

This pull request contains updates to examples/widget/package-lock.json. If you do not wish to accept one or more of these changes, please close the Dependabot issue. The vulnerabillity patcher will then update this pull request the next time it runs against this repository.

👍 This pull request only regenerated the file referenced above. No other updates were applied.

Package Vulnerable Versions Message Issue Severity Scope Status
nanoid < 3.3.8
>= 4.0.0 < 5.0.9		 Addressed by lock regeneration Issue 24 Moderate Runtime
next >= 13.0 < 14.2.30
>= 15.0.0 < 15.2.2		 Addressed by lock regeneration Issue 27 Low Runtime
next >= 0.9.9 < 14.2.31
>= 15.0.0 <= 15.4.4		 Addressed by lock regeneration Issue 39 Moderate Runtime
next >= 0.9.9 < 14.2.31
>= 15.0.0 <= 15.4.4		 Addressed by lock regeneration Issue 41 Moderate Runtime
next >= 0.9.9 < 14.2.32
>= 15.0.0-canary.0 < 15.4.7		 Addressed by lock regeneration Issue 42 Moderate Runtime
js-yaml < 3.14.2
>= 4.0.0 < 4.1.1		 Addressed by lock regeneration Issue 62 Moderate Development

⚠️ NOTE: This pull request failed to address the following vulnerabilities. You can still merge this pull request, but will need to take other steps to resolve these vulnerabilities.

Package Vulnerable Versions Message Issue Severity Scope Status
glob >= 10.2.0 < 10.5.0
>= 11.0.0 < 11.1.0		 Not adding override for "@next/eslint-plugin-next@14.2.5" Issue 66 High Development
Operations 
[2025-11-21T18:38:39.081Z]	Reset package-lock.json
[2025-11-21T18:39:07.720Z]	Created package-lock.json
[2025-11-21T18:39:07.847Z]	Not adding override for "@next/eslint-plugin-next@14.2.5"

Updates to web/package-lock.json

This pull request contains updates to web/package-lock.json. If you do not wish to accept one or more of these changes, please close the Dependabot issue. The vulnerabillity patcher will then update this pull request the next time it runs against this repository.

👍 This pull request only regenerated the file referenced above. No other updates were applied.

Package Vulnerable Versions Message Issue Severity Scope Status
brace-expansion >= 1.0.0 <= 1.1.11
>= 2.0.0 <= 2.0.1
= 3.0.0
= 4.0.0		 Addressed by lock regeneration Issue 28 Low Runtime
next >= 0.9.9 < 14.2.31
>= 15.0.0 <= 15.4.4		 Addressed by lock regeneration Issue 33 Moderate Runtime
next >= 0.9.9 < 14.2.31
>= 15.0.0 <= 15.4.4		 Addressed by lock regeneration Issue 34 Moderate Runtime
next >= 0.9.9 < 14.2.32
>= 15.0.0-canary.0 < 15.4.7		 Addressed by lock regeneration Issue 35 Moderate Runtime
playwright < 1.55.1 Addressed by lock regeneration Issue 51 High Development
js-yaml < 3.14.2
>= 4.0.0 < 4.1.1		 Addressed by lock regeneration Issue 61 Moderate Development
js-yaml < 3.14.2
>= 4.0.0 < 4.1.1		 Addressed by lock regeneration Issue 63 Moderate Development

⚠️ NOTE: This pull request failed to address the following vulnerabilities. You can still merge this pull request, but will need to take other steps to resolve these vulnerabilities.

Package Vulnerable Versions Message Issue Severity Scope Status
glob >= 10.2.0 < 10.5.0
>= 11.0.0 < 11.1.0		 Not adding override for "npm@10.9.4" Issue 67 High Runtime
glob >= 10.2.0 < 10.5.0
>= 11.0.0 < 11.1.0		 Not adding override for "@npmcli/map-workspaces@4.0.2" Issue 67 High Runtime
glob >= 10.2.0 < 10.5.0
>= 11.0.0 < 11.1.0		 Not adding override for "@npmcli/package-json@6.2.0" Issue 67 High Runtime
glob >= 10.2.0 < 10.5.0
>= 11.0.0 < 11.1.0		 Not adding override for "cacache@19.0.1" Issue 67 High Runtime
glob >= 10.2.0 < 10.5.0
>= 11.0.0 < 11.1.0		 Not adding override for "@next/eslint-plugin-next@14.2.33" Issue 67 High Runtime
Operations 
[2025-11-21T18:39:07.852Z]	Reset package-lock.json
[2025-11-21T18:41:00.551Z]	Created package-lock.json
[2025-11-21T18:41:01.020Z]	Not adding override for "npm@10.9.4"
[2025-11-21T18:41:01.020Z]	Not adding override for "@npmcli/map-workspaces@4.0.2"
[2025-11-21T18:41:01.020Z]	Not adding override for "@npmcli/package-json@6.2.0"
[2025-11-21T18:41:01.020Z]	Not adding override for "cacache@19.0.1"
[2025-11-21T18:41:01.020Z]	Not adding override for "@next/eslint-plugin-next@14.2.33"

@orm-vulnerabilityscanner orm-vulnerabilityscanner added the maintenance Relates to project upkeep or maintenance label Jul 27, 2025
@orm-vulnerabilityscanner orm-vulnerabilityscanner force-pushed the orm-vulnerability-patcher/patches-low branch 23 times, most recently from 0fbc11f to 542ba08 Compare August 4, 2025 00:35
@orm-vulnerabilityscanner orm-vulnerabilityscanner force-pushed the orm-vulnerability-patcher/patches-low branch 6 times, most recently from a0f0f87 to d042d6c Compare August 5, 2025 12:38
@orm-vulnerabilityscanner orm-vulnerabilityscanner force-pushed the orm-vulnerability-patcher/patches-low branch 21 times, most recently from 00fb818 to 41d1007 Compare November 19, 2025 18:39
@orm-vulnerabilityscanner orm-vulnerabilityscanner force-pushed the orm-vulnerability-patcher/patches-low branch 7 times, most recently from 5b40996 to 2ddbcc8 Compare November 21, 2025 12:38
@orm-vulnerabilityscanner orm-vulnerabilityscanner force-pushed the orm-vulnerability-patcher/patches-low branch from 2ddbcc8 to 03a9b5c Compare November 21, 2025 18:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

maintenance Relates to project upkeep or maintenance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@orm-vulnerabilityscanner