fix: Security updates#29
StepSecurity Required Checks
Finished StepSecurity Required Checks
- NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
- PyPI Package Cooldown Check - Fails if any PyPI package version in the PR was released within the configured cooldown period
- Maven Compromised Packages Check - Checks for compromised Maven package versions in the PR
- Maven Package Cooldown Check - Fails if any Maven package version in the PR was released within the configured cooldown period
- Script Injection Check - Checks for script injection vulnerabilities in the PR
- NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
- PyPI Compromised Packages Check - Checks for compromised PyPI package versions in the PR
- Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers
Details
✅ PyPI Package Cooldown Check
No PyPI package upgrades to recent releases found in current PR.
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ Maven Package Cooldown Check
No Maven package upgrades to recent releases found in current PR.
✅ Maven Compromised Packages Check
No compromised Maven package versions found in current PR.
✅ PyPI Compromised Packages Check
No compromised PyPI package versions found in current PR.
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| electron-to-chromium | 1.5.376 | yarn.lock | 2026-06-19T02:02:43Z | |
| node-releases | 2.0.48 | yarn.lock | 2026-06-18T04:36:52Z | |
| baseline-browser-mapping | 2.10.38 | yarn.lock | 2026-06-17T16:56:25Z | |
| form-data | 4.0.5 | 4.0.6 | yarn.lock | 2026-06-12T17:37:53Z |
| caniuse-lite | 1.0.30001799 | yarn.lock | 2026-06-11T09:52:12Z | |
| js-yaml | 4.1.1 | 4.2.0 | yarn.lock | 2026-05-31T22:17:13Z |
| hasown | 2.0.4 | yarn.lock | 2026-05-28T18:11:39Z | |
| ws | 7.5.10 | 7.5.11 | yarn.lock | 2026-05-22T17:59:29Z |
| browserslist | 4.28.2 | yarn.lock | 2026-03-31T10:24:52Z | |
| update-browserslist-db | 1.2.3 | yarn.lock | 2025-12-16T15:17:57Z | |
| jsesc | 3.1.0 | yarn.lock | 2024-12-11T08:24:34Z | |
| escalade | 3.2.0 | yarn.lock | 2024-08-29T22:59:36Z | |
| convert-source-map | 2.0.0 | yarn.lock | 2022-10-17T22:06:48Z |
⏲️ History
Previous invocation results of same check:
✅ PyPI Package Cooldown Check
No PyPI package upgrades to recent releases found in current PR.
✅ Maven Compromised Packages Check
No compromised Maven package versions found in current PR.
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ Maven Package Cooldown Check
No Maven package upgrades to recent releases found in current PR.
✅ PyPI Compromised Packages Check
No compromised PyPI package versions found in current PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| electron-to-chromium | 1.5.376 | yarn.lock | 2026-06-19T02:02:43Z | |
| node-releases | 2.0.48 | yarn.lock | 2026-06-18T04:36:52Z | |
| baseline-browser-mapping | 2.10.38 | yarn.lock | 2026-06-17T16:56:25Z | |
| form-data | 4.0.5 | 4.0.6 | yarn.lock | 2026-06-12T17:37:53Z |
| caniuse-lite | 1.0.30001799 | yarn.lock | 2026-06-11T09:52:12Z | |
| js-yaml | 4.1.1 | 4.2.0 | yarn.lock | 2026-05-31T22:17:13Z |
| hasown | 2.0.4 | yarn.lock | 2026-05-28T18:11:39Z | |
| ws | 7.5.10 | 7.5.11 | yarn.lock | 2026-05-22T17:59:29Z |
| browserslist | 4.28.2 | yarn.lock | 2026-03-31T10:24:52Z | |
| update-browserslist-db | 1.2.3 | yarn.lock | 2025-12-16T15:17:57Z | |
| jsesc | 3.1.0 | yarn.lock | 2024-12-11T08:24:34Z | |
| escalade | 3.2.0 | yarn.lock | 2024-08-29T22:59:36Z | |
| convert-source-map | 2.0.0 | yarn.lock | 2022-10-17T22:06:48Z |