chore: dependency update#2001
Open
MIchaelMainer wants to merge 38 commits into
Open
Microsoft GitHub Policy Service / GitOps/AdvancedSecurity
failed
Jun 18, 2026 in 0s
Dependency Review
Dependency review detected vulnerable
Details
Dependency review summary
We have found 6 vulnerable package(s).
Vulnerability
Vulnerabilities were filtered by minimum severity Moderate.
| Dependency | File Name | Version | Vulnerability | Severity |
|---|---|---|---|---|
| @babel/plugin-transform-modules-systemjs | package-lock.json | 7.27.1 | @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input | High |
| form-data | package-lock.json | 4.0.4 | form-data: CRLF injection in form-data via unescaped multipart field names and filenames | High |
| tmp | package-lock.json | 0.2.4 | tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape | High |
| yaml | package-lock.json | 2.8.1 | yaml is vulnerable to Stack Overflow via deeply nested YAML collections | Moderate |
| brace-expansion | test-esm/package-lock.json | 1.1.12 | brace-expansion: Zero-step sequence causes process hang and memory exhaustion | Moderate |
| brace-expansion | test-esm/package-lock.json | 2.0.2 | brace-expansion: Zero-step sequence causes process hang and memory exhaustion | Moderate |
Loading