Skip to content

fix: Security updates #85

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Raj-StepSecurity merged 2 commits into from
Mar 27, 2026

fix: apply audit fixes

daa648c
Select commit
Loading
Failed to load commit list.
Merged

fix: Security updates #85

fix: apply audit fixes
daa648c
Select commit
Loading
Failed to load commit list.
StepSecurity Actions Security / StepSecurity Required Checks succeeded Mar 27, 2026 in 0s

StepSecurity Required Checks

Finished StepSecurity Required Checks

  • Script Injection Check - Checks for script injection vulnerabilities in the PR
  • NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
  • NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
  • Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers

Details

✅ NPM Compromised Packages Check

No Compromised npm packages are added in current PR.

✅ Pwn Request Vulnerabilities Check

No Pwn Request vulnerabilities found in this PR.

✅ Script Injection Vulnerabilities Check

No Script Injection vulnerabilities found in this PR.

✅ NPM Package Cooldown Check

No npm package upgrades to recent releases found in current PR.

The following npm packages are inspected in current PR

Package Name Previous Version Current Version file Current Version Release Date
picomatch 2.3.1 4.0.4 package-lock.json 2026-03-23T20:39:47Z
typescript-eslint 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:56Z
@typescript-eslint/eslint-plugin 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:49Z
@typescript-eslint/type-utils 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:36Z
@typescript-eslint/utils 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:29Z
@typescript-eslint/parser 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:29Z
@typescript-eslint/scope-manager 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:21Z
@typescript-eslint/typescript-estree 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:13Z
@typescript-eslint/visitor-keys 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:05Z
@typescript-eslint/project-service 8.57.2 package-lock.json 2026-03-23T17:19:04Z
@typescript-eslint/types 8.2.0 8.57.2 package-lock.json 2026-03-23T17:18:58Z
@typescript-eslint/tsconfig-utils 8.57.2 package-lock.json 2026-03-23T17:18:57Z
yaml 2.7.1 2.8.3 package-lock.json 2026-03-21T10:37:06Z
ts-api-utils 1.3.0 2.5.0 package-lock.json 2026-03-19T02:50:49Z
eslint 9.39.2 9.39.4 package-lock.json 2026-03-06T21:46:46Z
@eslint/js 9.39.2 9.39.4 package-lock.json 2026-03-06T21:21:15Z
@eslint/eslintrc 3.3.3 3.3.5 package-lock.json 2026-03-06T21:11:32Z
@eslint/config-array 0.21.1 0.21.2 package-lock.json 2026-03-06T19:44:45Z
semver 7.6.3 7.7.4 package-lock.json 2026-02-05T17:23:11Z
debug 4.3.6 4.4.3 package-lock.json 2025-09-13T17:25:19Z
tinyglobby 0.2.15 package-lock.json 2025-09-06T18:52:04Z
fdir 6.5.0 package-lock.json 2025-08-14T16:56:03Z
ms 2.1.2 2.1.3 package-lock.json 2020-12-08T13:54:35Z
⏲️ History

Previous invocation results of same check:

✅ Pwn Request Vulnerabilities Check

No Pwn Request vulnerabilities found in this PR.

✅ Script Injection Vulnerabilities Check

No Script Injection vulnerabilities found in this PR.

✅ NPM Compromised Packages Check

No Compromised npm packages are added in current PR.

✅ NPM Package Cooldown Check

No npm package upgrades to recent releases found in current PR.

The following npm packages are inspected in current PR

Package Name Previous Version Current Version file Current Version Release Date
picomatch 2.3.1 4.0.4 package-lock.json 2026-03-23T20:39:47Z
typescript-eslint 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:56Z
@typescript-eslint/eslint-plugin 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:49Z
@typescript-eslint/type-utils 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:36Z
@typescript-eslint/utils 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:29Z
@typescript-eslint/parser 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:29Z
@typescript-eslint/scope-manager 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:21Z
@typescript-eslint/typescript-estree 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:13Z
@typescript-eslint/visitor-keys 8.2.0 8.57.2 package-lock.json 2026-03-23T17:19:05Z
@typescript-eslint/project-service 8.57.2 package-lock.json 2026-03-23T17:19:04Z
@typescript-eslint/types 8.2.0 8.57.2 package-lock.json 2026-03-23T17:18:58Z
@typescript-eslint/tsconfig-utils 8.57.2 package-lock.json 2026-03-23T17:18:57Z
yaml 2.7.1 2.8.3 package-lock.json 2026-03-21T10:37:06Z
ts-api-utils 1.3.0 2.5.0 package-lock.json 2026-03-19T02:50:49Z
eslint 9.39.2 9.39.4 package-lock.json 2026-03-06T21:46:46Z
@eslint/js 9.39.2 9.39.4 package-lock.json 2026-03-06T21:21:15Z
@eslint/eslintrc 3.3.3 3.3.5 package-lock.json 2026-03-06T21:11:32Z
@eslint/config-array 0.21.1 0.21.2 package-lock.json 2026-03-06T19:44:45Z
semver 7.6.3 7.7.4 package-lock.json 2026-02-05T17:23:11Z
debug 4.3.6 4.4.3 package-lock.json 2025-09-13T17:25:19Z
tinyglobby 0.2.15 package-lock.json 2025-09-06T18:52:04Z
fdir 6.5.0 package-lock.json 2025-08-14T16:56:03Z
ms 2.1.2 2.1.3 package-lock.json 2020-12-08T13:54:35Z
View more details on StepSecurity Actions Security