Skip to content

fix: Security updates #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Raj-StepSecurity merged 1 commit into from
Feb 2, 2026
+2,108 −1,465

fix: apply audit fixes

2bdaf96
Select commit
Loading
Failed to load commit list.
Merged

fix: Security updates #40

fix: apply audit fixes
2bdaf96
Select commit
Loading
Failed to load commit list.
StepSecurity Actions Security / StepSecurity Required Checks succeeded Feb 2, 2026 in 6s

StepSecurity Required Checks

Finished StepSecurity Required Checks

  • NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
  • NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
  • Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers
  • Script Injection Check - Checks for script injection vulnerabilities in the PR

Details

✅ Script Injection Vulnerabilities Check

No Script Injection vulnerabilities found in this PR.

✅ Pwn Request Vulnerabilities Check

No Pwn Request vulnerabilities found in this PR.

✅ NPM Compromised Packages Check

No Compromised npm packages are added in current PR.

✅ NPM Package Cooldown Check

No npm package upgrades to recent releases found in current PR.

The following npm packages are inspected in current PR (showing first 50 of 123 packages)

Package Name Previous Version Current Version file Current Version Release Date
which-typed-array 1.1.11 1.1.20 package-lock.json 2026-01-14T21:25:14Z
axe-core 4.6.3 4.11.1 package-lock.json 2026-01-06T18:51:14Z
es-abstract 1.22.2 1.24.1 package-lock.json 2025-12-13T07:06:24Z
@eslint-community/regexpp 4.6.2 4.12.2 package-lock.json 2025-10-22T11:56:00Z
resolve 1.20.0 1.22.11 package-lock.json 2025-10-20T20:44:41Z
semver 7.5.4 7.7.3 package-lock.json 2025-10-07T18:00:51Z
is-generator-function 1.1.2 package-lock.json 2025-09-30T18:41:14Z
generator-function 2.0.1 package-lock.json 2025-09-30T18:23:33Z
eslint-plugin-import 2.25.2 2.32.0 package-lock.json 2025-06-20T21:59:09Z
eslint-module-utils 2.7.0 2.12.1 package-lock.json 2025-06-20T02:34:20Z
brace-expansion 2.0.2 package-lock.json 2025-06-11T08:48:36Z
acorn 8.10.0 8.15.0 package-lock.json 2025-06-08T16:23:04Z
array-includes 3.1.6 3.1.9 package-lock.json 2025-06-02T05:01:20Z
array.prototype.findlastindex 1.2.6 package-lock.json 2025-03-14T18:20:03Z
call-bound 1.0.4 package-lock.json 2025-03-03T17:50:03Z
es-shim-unscopables 1.0.0 1.1.0 package-lock.json 2025-02-12T04:10:24Z
for-each 0.3.3 0.3.5 package-lock.json 2025-02-11T06:56:03Z
possible-typed-array-names 1.1.0 package-lock.json 2025-02-07T05:04:15Z
is-boolean-object 1.1.2 1.2.2 package-lock.json 2025-02-05T02:48:12Z
object-inspect 1.12.3 1.13.4 package-lock.json 2025-02-05T01:26:10Z
is-weakref 1.0.2 1.1.1 package-lock.json 2025-02-03T23:37:46Z
import-fresh 3.3.0 3.3.1 package-lock.json 2025-02-02T09:45:41Z
@ungap/structured-clone 1.3.0 package-lock.json 2025-01-23T14:13:01Z
is-async-function 2.1.1 package-lock.json 2025-01-23T06:28:33Z
async-function 1.0.0 package-lock.json 2025-01-23T03:15:54Z
regexp.prototype.flags 1.5.1 1.5.4 package-lock.json 2025-01-03T00:40:33Z
reflect.getprototypeof 1.0.10 package-lock.json 2025-01-02T21:23:14Z
set-proto 1.0.0 package-lock.json 2024-12-30T23:30:07Z
own-keys 1.0.1 package-lock.json 2024-12-29T23:18:26Z
safe-push-apply 1.0.0 package-lock.json 2024-12-29T03:51:58Z
is-core-module 2.7.0 2.16.1 package-lock.json 2024-12-21T21:23:27Z
function.prototype.name 1.1.6 1.1.8 package-lock.json 2024-12-20T05:47:41Z
data-view-byte-length 1.0.2 package-lock.json 2024-12-20T04:57:35Z
data-view-buffer 1.0.2 package-lock.json 2024-12-20T04:53:13Z
array-buffer-byte-length 1.0.0 1.0.2 package-lock.json 2024-12-20T01:21:57Z
object.values 1.1.5 1.2.1 package-lock.json 2024-12-19T06:39:08Z
data-view-byte-offset 1.0.1 package-lock.json 2024-12-19T05:59:20Z
typed-array-byte-offset 1.0.0 1.0.4 package-lock.json 2024-12-19T05:58:33Z
object.assign 4.1.4 4.1.7 package-lock.json 2024-12-18T20:54:22Z
has-bigints 1.0.2 1.1.0 package-lock.json 2024-12-18T17:37:33Z
is-typed-array 1.1.12 1.1.15 package-lock.json 2024-12-18T17:20:07Z
is-shared-array-buffer 1.0.2 1.0.4 package-lock.json 2024-12-18T16:27:56Z
typed-array-buffer 1.0.0 1.0.3 package-lock.json 2024-12-18T16:26:28Z
typed-array-byte-length 1.0.0 1.0.3 package-lock.json 2024-12-17T22:33:13Z
get-symbol-description 1.0.0 1.1.0 package-lock.json 2024-12-17T16:51:13Z
is-weakset 2.0.2 2.0.4 package-lock.json 2024-12-17T05:37:43Z
is-finalizationregistry 1.1.1 package-lock.json 2024-12-17T05:37:19Z
is-array-buffer 3.0.2 3.0.5 package-lock.json 2024-12-16T16:46:47Z
unbox-primitive 1.0.2 1.1.0 package-lock.json 2024-12-16T06:45:03Z
which-boxed-primitive 1.0.2 1.1.1 package-lock.json 2024-12-16T05:48:44Z
⏲️ History

Previous invocation results of same check:

✅ Pwn Request Vulnerabilities Check

No Pwn Request vulnerabilities found in this PR.

✅ Script Injection Vulnerabilities Check

No Script Injection vulnerabilities found in this PR.

✅ NPM Compromised Packages Check

No Compromised npm packages are added in current PR.

✅ NPM Package Cooldown Check

No npm package upgrades to recent releases found in current PR.

The following npm packages are inspected in current PR (showing first 50 of 123 packages)

Package Name Previous Version Current Version file Current Version Release Date
which-typed-array 1.1.11 1.1.20 package-lock.json 2026-01-14T21:25:14Z
axe-core 4.6.3 4.11.1 package-lock.json 2026-01-06T18:51:14Z
es-abstract 1.22.2 1.24.1 package-lock.json 2025-12-13T07:06:24Z
@eslint-community/regexpp 4.6.2 4.12.2 package-lock.json 2025-10-22T11:56:00Z
resolve 1.20.0 1.22.11 package-lock.json 2025-10-20T20:44:41Z
semver 7.5.4 7.7.3 package-lock.json 2025-10-07T18:00:51Z
is-generator-function 1.1.2 package-lock.json 2025-09-30T18:41:14Z
generator-function 2.0.1 package-lock.json 2025-09-30T18:23:33Z
eslint-plugin-import 2.25.2 2.32.0 package-lock.json 2025-06-20T21:59:09Z
eslint-module-utils 2.7.0 2.12.1 package-lock.json 2025-06-20T02:34:20Z
brace-expansion 2.0.2 package-lock.json 2025-06-11T08:48:36Z
acorn 8.10.0 8.15.0 package-lock.json 2025-06-08T16:23:04Z
array-includes 3.1.6 3.1.9 package-lock.json 2025-06-02T05:01:20Z
array.prototype.findlastindex 1.2.6 package-lock.json 2025-03-14T18:20:03Z
call-bound 1.0.4 package-lock.json 2025-03-03T17:50:03Z
es-shim-unscopables 1.0.0 1.1.0 package-lock.json 2025-02-12T04:10:24Z
for-each 0.3.3 0.3.5 package-lock.json 2025-02-11T06:56:03Z
possible-typed-array-names 1.1.0 package-lock.json 2025-02-07T05:04:15Z
is-boolean-object 1.1.2 1.2.2 package-lock.json 2025-02-05T02:48:12Z
object-inspect 1.12.3 1.13.4 package-lock.json 2025-02-05T01:26:10Z
is-weakref 1.0.2 1.1.1 package-lock.json 2025-02-03T23:37:46Z
import-fresh 3.3.0 3.3.1 package-lock.json 2025-02-02T09:45:41Z
@ungap/structured-clone 1.3.0 package-lock.json 2025-01-23T14:13:01Z
is-async-function 2.1.1 package-lock.json 2025-01-23T06:28:33Z
async-function 1.0.0 package-lock.json 2025-01-23T03:15:54Z
regexp.prototype.flags 1.5.1 1.5.4 package-lock.json 2025-01-03T00:40:33Z
reflect.getprototypeof 1.0.10 package-lock.json 2025-01-02T21:23:14Z
set-proto 1.0.0 package-lock.json 2024-12-30T23:30:07Z
own-keys 1.0.1 package-lock.json 2024-12-29T23:18:26Z
safe-push-apply 1.0.0 package-lock.json 2024-12-29T03:51:58Z
is-core-module 2.7.0 2.16.1 package-lock.json 2024-12-21T21:23:27Z
function.prototype.name 1.1.6 1.1.8 package-lock.json 2024-12-20T05:47:41Z
data-view-byte-length 1.0.2 package-lock.json 2024-12-20T04:57:35Z
data-view-buffer 1.0.2 package-lock.json 2024-12-20T04:53:13Z
array-buffer-byte-length 1.0.0 1.0.2 package-lock.json 2024-12-20T01:21:57Z
object.values 1.1.5 1.2.1 package-lock.json 2024-12-19T06:39:08Z
data-view-byte-offset 1.0.1 package-lock.json 2024-12-19T05:59:20Z
typed-array-byte-offset 1.0.0 1.0.4 package-lock.json 2024-12-19T05:58:33Z
object.assign 4.1.4 4.1.7 package-lock.json 2024-12-18T20:54:22Z
has-bigints 1.0.2 1.1.0 package-lock.json 2024-12-18T17:37:33Z
is-typed-array 1.1.12 1.1.15 package-lock.json 2024-12-18T17:20:07Z
is-shared-array-buffer 1.0.2 1.0.4 package-lock.json 2024-12-18T16:27:56Z
typed-array-buffer 1.0.0 1.0.3 package-lock.json 2024-12-18T16:26:28Z
typed-array-byte-length 1.0.0 1.0.3 package-lock.json 2024-12-17T22:33:13Z
get-symbol-description 1.0.0 1.1.0 package-lock.json 2024-12-17T16:51:13Z
is-weakset 2.0.2 2.0.4 package-lock.json 2024-12-17T05:37:43Z
is-finalizationregistry 1.1.1 package-lock.json 2024-12-17T05:37:19Z
is-array-buffer 3.0.2 3.0.5 package-lock.json 2024-12-16T16:46:47Z
unbox-primitive 1.0.2 1.1.0 package-lock.json 2024-12-16T06:45:03Z
which-boxed-primitive 1.0.2 1.1.1 package-lock.json 2024-12-16T05:48:44Z
⏲️ History

Previous invocation results of same check:

View more details on StepSecurity Actions Security