fix: Security updates #229
Merged
StepSecurity Actions Security / StepSecurity Required Checks
succeeded
Feb 2, 2026 in 6s
StepSecurity Required Checks
Finished StepSecurity Required Checks
- Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers
- Script Injection Check - Checks for script injection vulnerabilities in the PR
- NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
- NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
Details
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR (showing first 50 of 103 packages)
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| which-typed-array | 1.1.13 | 1.1.20 | package-lock.json | 2026-01-14T21:25:14Z |
| axe-core | 4.7.0 | 4.11.1 | package-lock.json | 2026-01-06T18:51:14Z |
| es-abstract | 1.22.3 | 1.24.1 | package-lock.json | 2025-12-13T07:06:24Z |
| is-generator-function | 1.0.10 | 1.1.2 | package-lock.json | 2025-09-30T18:41:14Z |
| generator-function | 2.0.1 | package-lock.json | 2025-09-30T18:23:33Z | |
| eslint-plugin-import | 2.29.1 | 2.32.0 | package-lock.json | 2025-06-20T21:59:09Z |
| eslint-module-utils | 2.8.0 | 2.12.1 | package-lock.json | 2025-06-20T02:34:20Z |
| array-includes | 3.1.7 | 3.1.9 | package-lock.json | 2025-06-02T05:01:20Z |
| array.prototype.findlastindex | 1.2.3 | 1.2.6 | package-lock.json | 2025-03-14T18:20:03Z |
| call-bound | 1.0.4 | package-lock.json | 2025-03-03T17:50:03Z | |
| es-shim-unscopables | 1.0.2 | 1.1.0 | package-lock.json | 2025-02-12T04:10:24Z |
| for-each | 0.3.3 | 0.3.5 | package-lock.json | 2025-02-11T06:56:03Z |
| possible-typed-array-names | 1.1.0 | package-lock.json | 2025-02-07T05:04:15Z | |
| is-boolean-object | 1.1.2 | 1.2.2 | package-lock.json | 2025-02-05T02:48:12Z |
| object-inspect | 1.13.1 | 1.13.4 | package-lock.json | 2025-02-05T01:26:10Z |
| is-weakref | 1.0.2 | 1.1.1 | package-lock.json | 2025-02-03T23:37:46Z |
| is-async-function | 2.0.0 | 2.1.1 | package-lock.json | 2025-01-23T06:28:33Z |
| regexp.prototype.flags | 1.5.1 | 1.5.4 | package-lock.json | 2025-01-03T00:40:33Z |
| reflect.getprototypeof | 1.0.4 | 1.0.10 | package-lock.json | 2025-01-02T21:23:14Z |
| set-proto | 1.0.0 | package-lock.json | 2024-12-30T23:30:07Z | |
| own-keys | 1.0.1 | package-lock.json | 2024-12-29T23:18:26Z | |
| safe-push-apply | 1.0.0 | package-lock.json | 2024-12-29T03:51:58Z | |
| is-core-module | 2.13.1 | 2.16.1 | package-lock.json | 2024-12-21T21:23:27Z |
| function.prototype.name | 1.1.6 | 1.1.8 | package-lock.json | 2024-12-20T05:47:41Z |
| data-view-byte-length | 1.0.2 | package-lock.json | 2024-12-20T04:57:35Z | |
| data-view-buffer | 1.0.2 | package-lock.json | 2024-12-20T04:53:13Z | |
| array-buffer-byte-length | 1.0.0 | 1.0.2 | package-lock.json | 2024-12-20T01:21:57Z |
| object.values | 1.1.7 | 1.2.1 | package-lock.json | 2024-12-19T06:39:08Z |
| data-view-byte-offset | 1.0.1 | package-lock.json | 2024-12-19T05:59:20Z | |
| typed-array-byte-offset | 1.0.0 | 1.0.4 | package-lock.json | 2024-12-19T05:58:33Z |
| object.assign | 4.1.5 | 4.1.7 | package-lock.json | 2024-12-18T20:54:22Z |
| has-bigints | 1.0.2 | 1.1.0 | package-lock.json | 2024-12-18T17:37:33Z |
| is-typed-array | 1.1.12 | 1.1.15 | package-lock.json | 2024-12-18T17:20:07Z |
| is-shared-array-buffer | 1.0.2 | 1.0.4 | package-lock.json | 2024-12-18T16:27:56Z |
| typed-array-buffer | 1.0.0 | 1.0.3 | package-lock.json | 2024-12-18T16:26:28Z |
| typed-array-byte-length | 1.0.0 | 1.0.3 | package-lock.json | 2024-12-17T22:33:13Z |
| get-symbol-description | 1.0.0 | 1.1.0 | package-lock.json | 2024-12-17T16:51:13Z |
| is-weakset | 2.0.2 | 2.0.4 | package-lock.json | 2024-12-17T05:37:43Z |
| is-finalizationregistry | 1.0.2 | 1.1.1 | package-lock.json | 2024-12-17T05:37:19Z |
| is-array-buffer | 3.0.2 | 3.0.5 | package-lock.json | 2024-12-16T16:46:47Z |
| unbox-primitive | 1.0.2 | 1.1.0 | package-lock.json | 2024-12-16T06:45:03Z |
| which-boxed-primitive | 1.0.2 | 1.1.1 | package-lock.json | 2024-12-16T05:48:44Z |
| is-number-object | 1.0.7 | 1.1.1 | package-lock.json | 2024-12-16T02:59:16Z |
| is-string | 1.0.7 | 1.1.1 | package-lock.json | 2024-12-16T02:59:00Z |
| array.prototype.flatmap | 1.3.2 | 1.3.3 | package-lock.json | 2024-12-16T00:45:39Z |
| array.prototype.flat | 1.3.2 | 1.3.3 | package-lock.json | 2024-12-15T22:32:44Z |
| arraybuffer.prototype.slice | 1.0.2 | 1.0.4 | package-lock.json | 2024-12-15T21:56:20Z |
| stop-iteration-iterator | 1.1.0 | package-lock.json | 2024-12-13T22:33:32Z | |
| internal-slot | 1.0.6 | 1.1.0 | package-lock.json | 2024-12-13T16:02:29Z |
| which-builtin-type | 1.1.3 | 1.2.1 | package-lock.json | 2024-12-13T07:41:11Z |
⏲️ History
Previous invocation results of same check:
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR (showing first 50 of 103 packages)
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| which-typed-array | 1.1.13 | 1.1.20 | package-lock.json | 2026-01-14T21:25:14Z |
| axe-core | 4.7.0 | 4.11.1 | package-lock.json | 2026-01-06T18:51:14Z |
| es-abstract | 1.22.3 | 1.24.1 | package-lock.json | 2025-12-13T07:06:24Z |
| is-generator-function | 1.0.10 | 1.1.2 | package-lock.json | 2025-09-30T18:41:14Z |
| generator-function | 2.0.1 | package-lock.json | 2025-09-30T18:23:33Z | |
| eslint-plugin-import | 2.29.1 | 2.32.0 | package-lock.json | 2025-06-20T21:59:09Z |
| eslint-module-utils | 2.8.0 | 2.12.1 | package-lock.json | 2025-06-20T02:34:20Z |
| array-includes | 3.1.7 | 3.1.9 | package-lock.json | 2025-06-02T05:01:20Z |
| array.prototype.findlastindex | 1.2.3 | 1.2.6 | package-lock.json | 2025-03-14T18:20:03Z |
| call-bound | 1.0.4 | package-lock.json | 2025-03-03T17:50:03Z | |
| es-shim-unscopables | 1.0.2 | 1.1.0 | package-lock.json | 2025-02-12T04:10:24Z |
| for-each | 0.3.3 | 0.3.5 | package-lock.json | 2025-02-11T06:56:03Z |
| possible-typed-array-names | 1.1.0 | package-lock.json | 2025-02-07T05:04:15Z | |
| is-boolean-object | 1.1.2 | 1.2.2 | package-lock.json | 2025-02-05T02:48:12Z |
| object-inspect | 1.13.1 | 1.13.4 | package-lock.json | 2025-02-05T01:26:10Z |
| is-weakref | 1.0.2 | 1.1.1 | package-lock.json | 2025-02-03T23:37:46Z |
| is-async-function | 2.0.0 | 2.1.1 | package-lock.json | 2025-01-23T06:28:33Z |
| regexp.prototype.flags | 1.5.1 | 1.5.4 | package-lock.json | 2025-01-03T00:40:33Z |
| reflect.getprototypeof | 1.0.4 | 1.0.10 | package-lock.json | 2025-01-02T21:23:14Z |
| set-proto | 1.0.0 | package-lock.json | 2024-12-30T23:30:07Z | |
| own-keys | 1.0.1 | package-lock.json | 2024-12-29T23:18:26Z | |
| safe-push-apply | 1.0.0 | package-lock.json | 2024-12-29T03:51:58Z | |
| is-core-module | 2.13.1 | 2.16.1 | package-lock.json | 2024-12-21T21:23:27Z |
| function.prototype.name | 1.1.6 | 1.1.8 | package-lock.json | 2024-12-20T05:47:41Z |
| data-view-byte-length | 1.0.2 | package-lock.json | 2024-12-20T04:57:35Z | |
| data-view-buffer | 1.0.2 | package-lock.json | 2024-12-20T04:53:13Z | |
| array-buffer-byte-length | 1.0.0 | 1.0.2 | package-lock.json | 2024-12-20T01:21:57Z |
| object.values | 1.1.7 | 1.2.1 | package-lock.json | 2024-12-19T06:39:08Z |
| data-view-byte-offset | 1.0.1 | package-lock.json | 2024-12-19T05:59:20Z | |
| typed-array-byte-offset | 1.0.0 | 1.0.4 | package-lock.json | 2024-12-19T05:58:33Z |
| object.assign | 4.1.5 | 4.1.7 | package-lock.json | 2024-12-18T20:54:22Z |
| has-bigints | 1.0.2 | 1.1.0 | package-lock.json | 2024-12-18T17:37:33Z |
| is-typed-array | 1.1.12 | 1.1.15 | package-lock.json | 2024-12-18T17:20:07Z |
| is-shared-array-buffer | 1.0.2 | 1.0.4 | package-lock.json | 2024-12-18T16:27:56Z |
| typed-array-buffer | 1.0.0 | 1.0.3 | package-lock.json | 2024-12-18T16:26:28Z |
| typed-array-byte-length | 1.0.0 | 1.0.3 | package-lock.json | 2024-12-17T22:33:13Z |
| get-symbol-description | 1.0.0 | 1.1.0 | package-lock.json | 2024-12-17T16:51:13Z |
| is-weakset | 2.0.2 | 2.0.4 | package-lock.json | 2024-12-17T05:37:43Z |
| is-finalizationregistry | 1.0.2 | 1.1.1 | package-lock.json | 2024-12-17T05:37:19Z |
| is-array-buffer | 3.0.2 | 3.0.5 | package-lock.json | 2024-12-16T16:46:47Z |
| unbox-primitive | 1.0.2 | 1.1.0 | package-lock.json | 2024-12-16T06:45:03Z |
| which-boxed-primitive | 1.0.2 | 1.1.1 | package-lock.json | 2024-12-16T05:48:44Z |
| is-number-object | 1.0.7 | 1.1.1 | package-lock.json | 2024-12-16T02:59:16Z |
| is-string | 1.0.7 | 1.1.1 | package-lock.json | 2024-12-16T02:59:00Z |
| array.prototype.flatmap | 1.3.2 | 1.3.3 | package-lock.json | 2024-12-16T00:45:39Z |
| array.prototype.flat | 1.3.2 | 1.3.3 | package-lock.json | 2024-12-15T22:32:44Z |
| arraybuffer.prototype.slice | 1.0.2 | 1.0.4 | package-lock.json | 2024-12-15T21:56:20Z |
| stop-iteration-iterator | 1.1.0 | package-lock.json | 2024-12-13T22:33:32Z | |
| internal-slot | 1.0.6 | 1.1.0 | package-lock.json | 2024-12-13T16:02:29Z |
| which-builtin-type | 1.1.3 | 1.2.1 | package-lock.json | 2024-12-13T07:41:11Z |
⏲️ History
Previous invocation results of same check:
Loading