Skip to content

Update dependency cmake-js to v8#12

Open
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/cmake-js-8.x
Open

Update dependency cmake-js to v8#12
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/cmake-js-8.x

Update dependency cmake-js to v8

7b893b5
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Jun 26, 2026 in 14m 18s

Security Report

You have successfully remediated 17 vulnerabilities, but introduced 3 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-941441-362681

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.0.0-alpha.64.tgz (Root Library)

   -> shelljs-0.8.4.tgz

     -> glob-7.1.6.tgz

       -> ❌ once-1.4.0.tgz (Vulnerable Library)

Critical 9.8 Transitive once-1.4.0.tgz core-2.0.0-alpha.64.tgz None
CVE-941441-362681

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> preset-classic-2.0.0-alpha.64.tgz (Root Library)

   -> plugin-content-docs-2.0.0-alpha.64.tgz

     -> execa-3.4.0.tgz

       -> get-stream-5.2.0.tgz

         -> pump-3.0.0.tgz

           -> ❌ once-1.4.0.tgz (Vulnerable Library)

Critical 9.8 Transitive once-1.4.0.tgz preset-classic-2.0.0-alpha.64.tgz None
CVE-398484-724968

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> cmake-js-8.0.0.tgz (Root Library)

   -> debug-4.4.3.tgz

     -> ❌ ms-2.1.3.tgz (Vulnerable Library)

Critical 9.8 Transitive ms-2.1.3.tgz cmake-js-8.0.0.tgz None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2022-0155 follow-redirects-1.14.1.tgz
CVE-2026-23950 tar-4.4.19.tgz
CVE-2025-62718 axios-0.21.1.tgz
CVE-2026-40175 axios-0.21.1.tgz
CVE-2026-24842 tar-4.4.19.tgz
CVE-495493-603164 delegates-1.0.0.tgz
CVE-2022-25881 http-cache-semantics-4.1.0.tgz
CVE-2021-3749 axios-0.21.1.tgz
CVE-2026-2950 lodash-4.17.21.tgz
CVE-2023-45857 axios-0.21.1.tgz
CVE-2022-0536 follow-redirects-1.14.1.tgz
CVE-121740-819191 lodash-4.17.21.tgz
CVE-2026-39865 axios-0.21.1.tgz
WS-2023-0439 axios-0.21.1.tgz
CVE-2025-58754 axios-0.21.1.tgz
CVE-2026-25639 axios-0.21.1.tgz
CVE-2026-4800 lodash-4.17.21.tgz

Base branch total remaining vulnerabilities: 202
Base branch commit: null


Total libraries scanned: 1429

Scan token: dca969834a504f93ae3485850881ae4d

View more details on Dev - Mend for GitHub.com