fix: Security updates #279
Merged
StepSecurity Actions Security / StepSecurity Required Checks
succeeded
Feb 23, 2026 in 4s
StepSecurity Required Checks
Finished StepSecurity Required Checks
- Script Injection Check - Checks for script injection vulnerabilities in the PR
- NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
- NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
- Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers
Details
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| brace-expansion | 2.0.2 | 5.0.3 | package-lock.json | 2026-02-22T11:37:25Z |
| minimatch | 3.1.2 | 3.1.3 | package-lock.json | 2026-02-22T02:17:31Z |
| ajv | 6.12.6 | 6.14.0 | package-lock.json | 2026-02-20T18:09:33Z |
| typescript-eslint | 8.26.1 | 8.56.0 | package-lock.json | 2026-02-16T17:16:22Z |
| @typescript-eslint/eslint-plugin | 8.56.0 | package-lock.json | 2026-02-16T17:16:15Z | |
| @typescript-eslint/type-utils | 8.56.0 | package-lock.json | 2026-02-16T17:16:02Z | |
| @typescript-eslint/parser | 8.56.0 | package-lock.json | 2026-02-16T17:15:55Z | |
| @typescript-eslint/utils | 8.56.0 | package-lock.json | 2026-02-16T17:15:54Z | |
| @typescript-eslint/scope-manager | 8.56.0 | package-lock.json | 2026-02-16T17:15:47Z | |
| @typescript-eslint/typescript-estree | 8.56.0 | package-lock.json | 2026-02-16T17:15:39Z | |
| @typescript-eslint/visitor-keys | 8.56.0 | package-lock.json | 2026-02-16T17:15:31Z | |
| @typescript-eslint/project-service | 8.56.0 | package-lock.json | 2026-02-16T17:15:31Z | |
| @typescript-eslint/types | 8.56.0 | package-lock.json | 2026-02-16T17:15:24Z | |
| @typescript-eslint/tsconfig-utils | 8.56.0 | package-lock.json | 2026-02-16T17:15:24Z | |
| semver | 7.6.0 | 7.7.4 | package-lock.json | 2026-02-05T17:23:11Z |
| ts-api-utils | 2.4.0 | package-lock.json | 2026-01-02T14:18:38Z | |
| @eslint-community/eslint-utils | 4.4.0 | 4.9.1 | package-lock.json | 2025-12-31T14:49:52Z |
| @eslint-community/regexpp | 4.10.0 | 4.12.2 | package-lock.json | 2025-10-22T11:56:00Z |
| debug | 4.3.4 | 4.4.3 | package-lock.json | 2025-09-13T17:25:19Z |
| tinyglobby | 0.2.15 | package-lock.json | 2025-09-06T18:52:04Z | |
| fdir | 6.5.0 | package-lock.json | 2025-08-14T16:56:03Z | |
| picomatch | 2.3.1 | 4.0.3 | package-lock.json | 2025-07-15T19:39:26Z |
| ms | 2.1.2 | 2.1.3 | package-lock.json | 2020-12-08T13:54:35Z |
⏲️ History
Previous invocation results of same check:
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
❌ NPM Package Cooldown Check
The following npm packages added in current PR are recent versions(not older than 2 days). This check will pass at 2026-02-25T11:37:25Z
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| brace-expansion | 2.0.2 | 5.0.3 | package-lock.json | 2026-02-22T11:37:25Z |
⏲️ History
Previous invocation results of same check:
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
❌ NPM Package Cooldown Check
The following npm packages added in current PR are recent versions(not older than 2 days). This check will pass at 2026-02-25T11:37:25Z
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| minimatch | 3.1.2 | 3.1.3 | package-lock.json | 2026-02-22T02:17:31Z |
| brace-expansion | 2.0.2 | 5.0.3 | package-lock.json | 2026-02-22T11:37:25Z |
⏲️ History
Previous invocation results of same check:
Loading