fix(deps): bump nuxt from 2.18.1 to 4.4.7 in /web#927
23 new issues (0 max.) of at least severity.
Annotations
Check warning on line 125 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L125
Insecure dependency npm/postcss@8.4.31 (CVE-2026-41305: postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags) (update to 8.5.10)
Check warning on line 583 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L583
Insecure dependency npm/ws@8.20.0 (CVE-2026-45736: ws is an open source WebSocket client and server for Node.js. Prior to ...) (update to 8.20.1)
Check warning on line 583 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L583
Insecure dependency npm/ws@8.20.0 (CVE-2026-48779: ws is an open source WebSocket client and server for Node.js. All vers ...) (update to 8.21.0)
Check notice on line 738 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L738
Insecure dependency npm/esbuild@0.27.7 (GHSA-g7r4-m6w7-qqqr: esbuild allows arbitrary file read when running the development server on Windows) (update to 0.28.1)
Check failure on line 2194 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2194
Insecure dependency npm/protobufjs@6.11.3 (CVE-2026-41242: protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields) (update to 7.5.5)
Check warning on line 2194 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2194
Insecure dependency npm/protobufjs@6.11.3 (CVE-2026-44288: protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences) (update to 7.5.6)
Check warning on line 2194 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2194
Insecure dependency npm/protobufjs@6.11.3 (CVE-2026-44289: protobuf.js: Denial of service through unbounded protobuf recursion) (update to 7.5.6)
Check warning on line 2194 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2194
Insecure dependency npm/protobufjs@6.11.3 (CVE-2026-44290: protobuf.js: Process-wide denial of service through unsafe option paths) (update to 7.5.6)
Check warning on line 2194 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2194
Insecure dependency npm/protobufjs@6.11.3 (CVE-2026-44291: protobuf.js: Code generation gadget after prototype pollution) (update to 7.5.6)
Check warning on line 2194 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2194
Insecure dependency npm/protobufjs@6.11.3 (CVE-2026-44292: protobuf.js: Prototype injection in generated message constructors) (update to 7.5.6)
Check warning on line 2194 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2194
Insecure dependency npm/protobufjs@6.11.3 (CVE-2026-44293: protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors) (update to 7.5.6)
Check warning on line 2194 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2194
Insecure dependency npm/protobufjs@6.11.3 (CVE-2026-44294: protobuf.js: Denial of service from crafted field names in generated code) (update to 7.5.6)
Check warning on line 2194 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2194
Insecure dependency npm/protobufjs@6.11.3 (CVE-2026-45740: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion) (update to 7.5.8)
Check warning on line 2194 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2194
Insecure dependency npm/protobufjs@6.11.3 (CVE-2026-48712: protobufjs: Denial of service through unbounded Any expansion during JSON conversion) (update to 7.6.1)
Check warning on line 2194 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2194
Insecure dependency npm/protobufjs@6.11.3 (CVE-2026-54269: protobufjs : Schema-derived names can shadow runtime-significant properties) (update to 7.6.3)
Check warning on line 2227 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2227
Insecure dependency npm/@protobufjs/utf8@1.1.0 (CVE-2026-44288: protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences) (update to 1.1.1)
Check notice on line 2499 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2499
Insecure dependency npm/@tootallnate/once@2.0.0 (CVE-2026-3449: @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal) (update to 2.0.1)
Check warning on line 2978 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L2978
Insecure dependency npm/jws@3.2.2 (CVE-2025-65945: node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm) (update to 3.2.3)
Check warning on line 3059 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L3059
Insecure dependency npm/ajv@6.12.6 (CVE-2025-69873: ajv: ReDoS via $data reference) (update to 6.14.0)
Check warning on line 3395 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L3395
Insecure dependency npm/brace-expansion@1.1.11 (CVE-2026-33750: brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern) (update to 1.1.13)
Check warning on line 3411 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L3411
Insecure dependency npm/braces@3.0.2 (CVE-2024-4068: braces: fails to limit the number of characters it can handle) (update to 3.0.3)
Check warning on line 5955 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L5955
Insecure dependency npm/minimatch@3.1.2 (CVE-2026-27903: minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns) (update to 10.2.3)
Check warning on line 5955 in web/pnpm-lock.yaml
codacy-production / Codacy Static Code Analysis
web/pnpm-lock.yaml#L5955
Insecure dependency npm/minimatch@3.1.2 (CVE-2026-27904: minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions) (update to 10.2.3)