Skip to content

chore: dependency update#2001

Open
MIchaelMainer wants to merge 38 commits into
devfrom
dependabot/combined-updates
Open

chore: dependency update#2001
MIchaelMainer wants to merge 38 commits into
devfrom
dependabot/combined-updates

chore(deps) downgrade sinon

7214e55
Select commit
Loading
Failed to load commit list.
Microsoft GitHub Policy Service / GitOps/AdvancedSecurity failed Jun 18, 2026 in 0s

Dependency Review

Dependency review detected vulnerable

Details

Dependency review summary

We have found 6 vulnerable package(s).

Vulnerability

Vulnerabilities were filtered by minimum severity Moderate.

Dependency File Name Version Vulnerability Severity
@babel/plugin-transform-modules-systemjs package-lock.json 7.27.1 @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input High
form-data package-lock.json 4.0.4 form-data: CRLF injection in form-data via unescaped multipart field names and filenames High
tmp package-lock.json 0.2.4 tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape High
yaml package-lock.json 2.8.1 yaml is vulnerable to Stack Overflow via deeply nested YAML collections Moderate
brace-expansion test-esm/package-lock.json 1.1.12 brace-expansion: Zero-step sequence causes process hang and memory exhaustion Moderate
brace-expansion test-esm/package-lock.json 2.0.2 brace-expansion: Zero-step sequence causes process hang and memory exhaustion Moderate