Skip to content

Update dependency tar to v7#13

Open
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/tar-7.x
Open

Update dependency tar to v7#13
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/tar-7.x

Update dependency tar to v7

139e897
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Jun 26, 2026 in 14m 3s

Security Report

You have successfully remediated 3 vulnerabilities, but introduced 5 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-941441-362681

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json,/package.json

Dependency Hierarchy:

-> core-2.0.0-alpha.64.tgz (Root Library)

   -> shelljs-0.8.4.tgz

     -> glob-7.1.6.tgz

       -> ❌ once-1.4.0.tgz (Vulnerable Library)

Critical 9.8 Transitive once-1.4.0.tgz core-2.0.0-alpha.64.tgz None
CVE-941441-362681

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json,/package.json

Dependency Hierarchy:

-> cmake-js-6.2.1.tgz (Root Library)

   -> unzipper-0.8.14.tgz

     -> fstream-1.0.12.tgz

       -> rimraf-2.7.1.tgz

         -> glob-7.1.7.tgz

           -> ❌ once-1.4.0.tgz (Vulnerable Library)

Critical 9.8 Transitive once-1.4.0.tgz cmake-js-6.2.1.tgz None
CVE-941441-362681

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json,/package.json

Dependency Hierarchy:

-> preset-classic-2.0.0-alpha.64.tgz (Root Library)

   -> plugin-content-docs-2.0.0-alpha.64.tgz

     -> execa-3.4.0.tgz

       -> get-stream-5.2.0.tgz

         -> pump-3.0.0.tgz

           -> ❌ once-1.4.0.tgz (Vulnerable Library)

Critical 9.8 Transitive once-1.4.0.tgz preset-classic-2.0.0-alpha.64.tgz None
CVE-2026-23950

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> qode-18.12.1.tgz (Root Library)

   -> ❌ tar-6.2.1.tgz (Vulnerable Library)

High 8.8 Transitive tar-6.2.1.tgz qode-18.12.1.tgz Transitive 7.5.4 None
CVE-2026-24842

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> qode-18.12.1.tgz (Root Library)

   -> ❌ tar-6.2.1.tgz (Vulnerable Library)

High 8.2 Transitive tar-6.2.1.tgz qode-18.12.1.tgz Transitive 7.5.7 None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2022-25881 http-cache-semantics-4.1.0.tgz
CVE-2026-24842 tar-6.1.11.tgz
CVE-2026-23950 tar-6.1.11.tgz

Base branch total remaining vulnerabilities: 202
Base branch commit: null


Total libraries scanned: 1462

Scan token: f1cc4d0d1e5245c29c7fd0bd3b9e72bf