fix: Security updates #216
Merged
StepSecurity Actions Security / StepSecurity Required Checks
succeeded
Dec 22, 2025 in 4s
StepSecurity Required Checks
Finished StepSecurity Required Checks
- NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
- Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers
- Script Injection Check - Checks for script injection vulnerabilities in the PR
- NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
Details
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR (showing first 50 of 66 packages)
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| markdownlint-cli | 0.39.0 | 0.47.0 | package-lock.json | 2025-12-11T06:09:36Z |
| markdownlint-cli | 0.39.0 | 0.47.0 | package.json | 2025-12-11T06:09:36Z |
| katex | 0.16.27 | package-lock.json | 2025-12-07T21:01:19Z | |
| markdownlint | 0.33.0 | 0.40.0 | package-lock.json | 2025-12-04T06:33:49Z |
| glob | 10.3.16 | 10.5.0 | package-lock.json | 2025-11-18T01:34:51Z |
| smol-toml | 1.5.2 | package-lock.json | 2025-11-14T13:40:06Z | |
| minimatch | 10.1.1 | package-lock.json | 2025-10-28T22:58:24Z | |
| get-east-asian-width | 1.4.0 | package-lock.json | 2025-09-09T19:36:04Z | |
| strip-ansi | 7.1.2 | package-lock.json | 2025-09-08T15:05:29Z | |
| ansi-regex | 6.2.2 | package-lock.json | 2025-09-08T14:48:14Z | |
| tinyglobby | 0.2.15 | package-lock.json | 2025-09-06T18:52:04Z | |
| string-width | 8.1.0 | package-lock.json | 2025-09-01T11:47:08Z | |
| fdir | 6.5.0 | package-lock.json | 2025-08-14T16:56:03Z | |
| picomatch | 4.0.3 | package-lock.json | 2025-07-15T19:39:26Z | |
| decode-named-character-reference | 1.2.0 | package-lock.json | 2025-06-14T15:17:11Z | |
| @isaacs/brace-expansion | 5.0.0 | package-lock.json | 2025-06-12T20:06:57Z | |
| @isaacs/balanced-match | 4.0.1 | package-lock.json | 2025-06-12T20:05:52Z | |
| ignore | 7.0.5 | package-lock.json | 2025-05-31T02:18:53Z | |
| micromark-extension-directive | 4.0.0 | package-lock.json | 2025-02-27T14:40:06Z | |
| micromark | 4.0.2 | package-lock.json | 2025-02-27T14:04:03Z | |
| micromark-util-types | 2.0.2 | package-lock.json | 2025-02-27T13:55:27Z | |
| micromark-core-commonmark | 2.0.3 | package-lock.json | 2025-02-27T13:49:35Z | |
| micromark-util-subtokenize | 2.1.0 | package-lock.json | 2025-02-27T13:48:52Z | |
| micromark-extension-gfm-table | 2.1.1 | package-lock.json | 2025-01-20T12:24:29Z | |
| @types/ms | 2.1.0 | package-lock.json | 2025-01-16T21:02:46Z | |
| parse-entities | 4.0.2 | package-lock.json | 2024-12-13T11:08:08Z | |
| micromark-util-symbol | 2.0.1 | package-lock.json | 2024-11-12T11:17:55Z | |
| micromark-util-sanitize-uri | 2.0.1 | package-lock.json | 2024-11-12T11:17:48Z | |
| micromark-util-resolve-all | 2.0.1 | package-lock.json | 2024-11-12T11:17:45Z | |
| micromark-util-normalize-identifier | 2.0.1 | package-lock.json | 2024-11-12T11:17:41Z | |
| micromark-util-html-tag-name | 2.0.1 | package-lock.json | 2024-11-12T11:17:37Z | |
| micromark-util-encode | 2.0.1 | package-lock.json | 2024-11-12T11:17:34Z | |
| micromark-util-decode-numeric-character-reference | 2.0.2 | package-lock.json | 2024-11-12T11:17:27Z | |
| micromark-util-combine-extensions | 2.0.1 | package-lock.json | 2024-11-12T11:17:23Z | |
| micromark-util-classify-character | 2.0.1 | package-lock.json | 2024-11-12T11:17:20Z | |
| micromark-util-chunked | 2.0.1 | package-lock.json | 2024-11-12T11:17:17Z | |
| micromark-util-character | 2.1.1 | package-lock.json | 2024-11-12T11:17:13Z | |
| micromark-factory-whitespace | 2.0.1 | package-lock.json | 2024-11-12T11:17:10Z | |
| micromark-factory-title | 2.0.1 | package-lock.json | 2024-11-12T11:17:06Z | |
| micromark-factory-space | 2.0.1 | package-lock.json | 2024-11-12T11:17:03Z | |
| micromark-factory-label | 2.0.1 | package-lock.json | 2024-11-12T11:16:59Z | |
| micromark-factory-destination | 2.0.1 | package-lock.json | 2024-11-12T11:16:55Z | |
| package-json-from-dist | 1.0.1 | package-lock.json | 2024-09-26T18:59:08Z | |
| micromatch | 4.0.8 | 4.0.8 | package-lock.json | 2024-08-23T16:31:18Z |
| @types/unist | 2.0.11 | package-lock.json | 2024-08-15T02:19:24Z | |
| micromark-extension-math | 3.1.0 | package-lock.json | 2024-07-08T10:14:07Z | |
| micromark-extension-gfm-footnote | 2.1.0 | package-lock.json | 2024-07-05T12:22:49Z | |
| micromark-extension-gfm-autolink-literal | 2.1.0 | package-lock.json | 2024-07-05T12:07:39Z | |
| jsonc-parser | 3.2.1 | 3.3.1 | package-lock.json | 2024-06-24T21:12:45Z |
| minipass | 7.0.4 | 7.1.2 | package-lock.json | 2024-05-24T00:42:21Z |
⏲️ History
Previous invocation results of same check:
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR (showing first 50 of 66 packages)
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| markdownlint-cli | 0.39.0 | 0.47.0 | package-lock.json | 2025-12-11T06:09:36Z |
| markdownlint-cli | 0.39.0 | 0.47.0 | package.json | 2025-12-11T06:09:36Z |
| katex | 0.16.27 | package-lock.json | 2025-12-07T21:01:19Z | |
| markdownlint | 0.33.0 | 0.40.0 | package-lock.json | 2025-12-04T06:33:49Z |
| glob | 10.3.16 | 10.5.0 | package-lock.json | 2025-11-18T01:34:51Z |
| smol-toml | 1.5.2 | package-lock.json | 2025-11-14T13:40:06Z | |
| minimatch | 10.1.1 | package-lock.json | 2025-10-28T22:58:24Z | |
| get-east-asian-width | 1.4.0 | package-lock.json | 2025-09-09T19:36:04Z | |
| strip-ansi | 7.1.2 | package-lock.json | 2025-09-08T15:05:29Z | |
| ansi-regex | 6.2.2 | package-lock.json | 2025-09-08T14:48:14Z | |
| tinyglobby | 0.2.15 | package-lock.json | 2025-09-06T18:52:04Z | |
| string-width | 8.1.0 | package-lock.json | 2025-09-01T11:47:08Z | |
| fdir | 6.5.0 | package-lock.json | 2025-08-14T16:56:03Z | |
| picomatch | 4.0.3 | package-lock.json | 2025-07-15T19:39:26Z | |
| decode-named-character-reference | 1.2.0 | package-lock.json | 2025-06-14T15:17:11Z | |
| @isaacs/brace-expansion | 5.0.0 | package-lock.json | 2025-06-12T20:06:57Z | |
| @isaacs/balanced-match | 4.0.1 | package-lock.json | 2025-06-12T20:05:52Z | |
| ignore | 7.0.5 | package-lock.json | 2025-05-31T02:18:53Z | |
| micromark-extension-directive | 4.0.0 | package-lock.json | 2025-02-27T14:40:06Z | |
| micromark | 4.0.2 | package-lock.json | 2025-02-27T14:04:03Z | |
| micromark-util-types | 2.0.2 | package-lock.json | 2025-02-27T13:55:27Z | |
| micromark-core-commonmark | 2.0.3 | package-lock.json | 2025-02-27T13:49:35Z | |
| micromark-util-subtokenize | 2.1.0 | package-lock.json | 2025-02-27T13:48:52Z | |
| micromark-extension-gfm-table | 2.1.1 | package-lock.json | 2025-01-20T12:24:29Z | |
| @types/ms | 2.1.0 | package-lock.json | 2025-01-16T21:02:46Z | |
| parse-entities | 4.0.2 | package-lock.json | 2024-12-13T11:08:08Z | |
| micromark-util-symbol | 2.0.1 | package-lock.json | 2024-11-12T11:17:55Z | |
| micromark-util-sanitize-uri | 2.0.1 | package-lock.json | 2024-11-12T11:17:48Z | |
| micromark-util-resolve-all | 2.0.1 | package-lock.json | 2024-11-12T11:17:45Z | |
| micromark-util-normalize-identifier | 2.0.1 | package-lock.json | 2024-11-12T11:17:41Z | |
| micromark-util-html-tag-name | 2.0.1 | package-lock.json | 2024-11-12T11:17:37Z | |
| micromark-util-encode | 2.0.1 | package-lock.json | 2024-11-12T11:17:34Z | |
| micromark-util-decode-numeric-character-reference | 2.0.2 | package-lock.json | 2024-11-12T11:17:27Z | |
| micromark-util-combine-extensions | 2.0.1 | package-lock.json | 2024-11-12T11:17:23Z | |
| micromark-util-classify-character | 2.0.1 | package-lock.json | 2024-11-12T11:17:20Z | |
| micromark-util-chunked | 2.0.1 | package-lock.json | 2024-11-12T11:17:17Z | |
| micromark-util-character | 2.1.1 | package-lock.json | 2024-11-12T11:17:13Z | |
| micromark-factory-whitespace | 2.0.1 | package-lock.json | 2024-11-12T11:17:10Z | |
| micromark-factory-title | 2.0.1 | package-lock.json | 2024-11-12T11:17:06Z | |
| micromark-factory-space | 2.0.1 | package-lock.json | 2024-11-12T11:17:03Z | |
| micromark-factory-label | 2.0.1 | package-lock.json | 2024-11-12T11:16:59Z | |
| micromark-factory-destination | 2.0.1 | package-lock.json | 2024-11-12T11:16:55Z | |
| package-json-from-dist | 1.0.1 | package-lock.json | 2024-09-26T18:59:08Z | |
| micromatch | 4.0.8 | 4.0.8 | package-lock.json | 2024-08-23T16:31:18Z |
| @types/unist | 2.0.11 | package-lock.json | 2024-08-15T02:19:24Z | |
| micromark-extension-math | 3.1.0 | package-lock.json | 2024-07-08T10:14:07Z | |
| micromark-extension-gfm-footnote | 2.1.0 | package-lock.json | 2024-07-05T12:22:49Z | |
| micromark-extension-gfm-autolink-literal | 2.1.0 | package-lock.json | 2024-07-05T12:07:39Z | |
| jsonc-parser | 3.2.1 | 3.3.1 | package-lock.json | 2024-06-24T21:12:45Z |
| minipass | 7.0.4 | 7.1.2 | package-lock.json | 2024-05-24T00:42:21Z |
⏲️ History
Previous invocation results of same check:
Loading