Skip to content

chore(deps): update all non-major dependencies #493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update all non-major dependencies #493

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 19, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
node-sarif-builder 3.3.0 -> 3.3.1 age confidence
rimraf 6.1.0 -> 6.1.2 age confidence

Release Notes

nvuillam/node-sarif-builder (node-sarif-builder)

v3.3.1

Compare Source

  • Upgrade NPM dependencies
isaacs/rimraf (rimraf)

v6.1.2

Compare Source

v6.1.1

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link

github-actions bot commented Nov 19, 2025
edited
Loading

MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ DOCKERFILE hadolint 1 0 0 0.03s
✅ GROOVY npm-groovy-lint 10 3 0 0 24.6s
✅ JAVASCRIPT prettier 99 99 0 0 3.64s
✅ JSON jsonlint 8 0 0 0.22s
✅ JSON npm-package-json-lint yes no no 0.69s
✅ JSON prettier 8 3 0 0 1.03s
✅ JSON v8r 8 0 0 9.92s
⚠️ MARKDOWN markdownlint 7 2 2 0 2.59s
✅ MARKDOWN markdown-table-formatter 7 5 0 0 0.61s
✅ REPOSITORY gitleaks yes no no 11.14s
✅ REPOSITORY git_diff yes no no 0.14s
❌ REPOSITORY grype yes 3 no 25.7s
✅ REPOSITORY secretlint yes no no 0.92s
❌ REPOSITORY trivy yes 1 no 7.22s
✅ REPOSITORY trufflehog yes no no 3.34s
✅ SPELL cspell 137 0 0 6.41s
⚠️ SPELL lychee 18 12 0 23.73s
✅ XML xmllint 1 0 0 0 0.19s
✅ YAML prettier 3 0 0 0 0.88s
✅ YAML v8r 3 0 0 6.27s
✅ YAML yamllint 3 0 0 0.6s

Detailed Issues

❌ REPOSITORY / grype - 3 errors 
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME          INSTALLED  FIXED IN  TYPE          VULNERABILITY        SEVERITY  EPSS           RISK   
glob          10.4.5     10.5.0    npm           GHSA-5j98-mcp5-4vw2  High      < 0.1% (12th)  < 0.1  
glob          11.0.3     11.1.0    npm           GHSA-5j98-mcp5-4vw2  High      < 0.1% (12th)  < 0.1  
logback-core  1.5.18     1.5.19    java-archive  GHSA-25qh-j22f-pwp8  Medium    < 0.1% (11th)  < 0.1
[0025] ERROR discovered vulnerabilities at or above the severity threshold
❌ REPOSITORY / trivy - 1 error 
2025-11-23T08:30:08Z	INFO	[vulndb] Need to update DB
2025-11-23T08:30:08Z	INFO	[vulndb] Downloading vulnerability DB...
2025-11-23T08:30:08Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
28.59 MiB / 76.03 MiB [---------------------->______________________________________] 37.60% ? p/s ?69.28 MiB / 76.03 MiB [------------------------------------------------------->_____] 91.12% ? p/s ?76.03 MiB / 76.03 MiB [----------------------------------------------------------->] 100.00% ? p/s ?76.03 MiB / 76.03 MiB [---------------------------------------------->] 100.00% 79.12 MiB p/s ETA 0s76.03 MiB / 76.03 MiB [---------------------------------------------->] 100.00% 79.12 MiB p/s ETA 0s76.03 MiB / 76.03 MiB [---------------------------------------------->] 100.00% 79.12 MiB p/s ETA 0s76.03 MiB / 76.03 MiB [---------------------------------------------->] 100.00% 74.01 MiB p/s ETA 0s76.03 MiB / 76.03 MiB [---------------------------------------------->] 100.00% 74.01 MiB p/s ETA 0s76.03 MiB / 76.03 MiB [---------------------------------------------->] 100.00% 74.01 MiB p/s ETA 0s76.03 MiB / 76.03 MiB [---------------------------------------------->] 100.00% 69.24 MiB p/s ETA 0s76.03 MiB / 76.03 MiB [---------------------------------------------->] 100.00% 69.24 MiB p/s ETA 0s76.03 MiB / 76.03 MiB [---------------------------------------------->] 100.00% 69.24 MiB p/s ETA 0s76.03 MiB / 76.03 MiB [---------------------------------------------->] 100.00% 64.77 MiB p/s ETA 0s76.03 MiB / 76.03 MiB [-------------------------------------------------] 100.00% 30.62 MiB p/s 2.7s2025-11-23T08:30:13Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2025-11-23T08:30:13Z	INFO	[vuln] Vulnerability scanning is enabled
2025-11-23T08:30:13Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-11-23T08:30:13Z	INFO	[misconfig] Need to update the checks bundle
2025-11-23T08:30:13Z	INFO	[misconfig] Downloading the checks bundle...
165.46 KiB / 165.46 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-11-23T08:30:15Z	INFO	Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2025-11-23T08:30:15Z	INFO	Number of language-specific files	num=1
2025-11-23T08:30:15Z	INFO	[npm] Detecting vulnerabilities...
2025-11-23T08:30:15Z	INFO	Detected config files	num=1

Report Summary

┌───────────────────┬────────────┬─────────────────┬───────────────────┐
│      Target       │    Type    │ Vulnerabilities │ Misconfigurations │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ package-lock.json │    npm     │        2        │         -         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ Dockerfile        │ dockerfile │        -        │         0         │
└───────────────────┴────────────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/v0.67/docs/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


package-lock.json (npm)
=======================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ glob    │ CVE-2025-64756 │ HIGH     │ fixed  │ 10.4.5            │ 11.1.0, 10.5.0 │ glob CLI: Command injection via -c/--cmd executes matches │
│         │                │          │        │                   │                │ with shell:true                                           │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-64756                │
│         │                │          │        ├───────────────────┤                │                                                           │
│         │                │          │        │ 11.0.3            │                │                                                           │
│         │                │          │        │                   │                │                                                           │
│         │                │          │        │                   │                │                                                           │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

📣 Notices:
  - Version 0.67.2 of Trivy is now available, current version is 0.67.0

To suppress version checks, run Trivy scans with the --skip-version-check flag
⚠️ SPELL / lychee - 12 errors 
[WARN ] Error creating request: InvalidPathToUri("/lib/java/logback.xml")
[403] https://www.npmjs.com/package/insight | Network error: Forbidden
[403] https://www.npmjs.com/package/java-caller | Network error: Forbidden
[403] https://www.npmjs.com/package/amplitude | Network error: Forbidden
[403] https://www.npmjs.com/package/analytics | Network error: Forbidden
[403] https://www.npmjs.com/package/java-caller | Error (cached)
[403] https://npmjs.org/package/npm-groovy-lint | Network error: Forbidden
[403] https://www.npmjs.com/package/insight | Error (cached)
[403] https://www.npmjs.com/package/java-caller | Error (cached)
[403] https://www.npmjs.com/package/analytics | Error (cached)
[403] https://npmjs.org/package/npm-groovy-lint | Error (cached)
[403] https://www.npmjs.com/package/amplitude | Error (cached)
[403] https://www.npmjs.com/package/java-caller | Error (cached)
[IGNORED] git+https://github.com/nvuillam/npm-groovy-lint.git | Unsupported: Error creating request client: builder error for url (git+https://github.com/nvuillam/npm-groovy-lint.git)
📝 Summary
---------------------
🔍 Total..........326
✅ Successful.....305
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........8
❓ Unknown..........0
🚫 Errors..........12

Errors in CHANGELOG.md
[403] https://www.npmjs.com/package/java-caller | Error (cached)
[403] https://www.npmjs.com/package/insight | Error (cached)
[403] https://www.npmjs.com/package/analytics | Error (cached)

Errors in docs/index.md
[403] https://npmjs.org/package/npm-groovy-lint | Error (cached)
[403] https://www.npmjs.com/package/java-caller | Error (cached)
[403] https://www.npmjs.com/package/amplitude | Error (cached)

Errors in README.md
[403] https://www.npmjs.com/package/java-caller | Error (cached)
[403] https://www.npmjs.com/package/amplitude | Network error: Forbidden
[403] https://npmjs.org/package/npm-groovy-lint | Network error: Forbidden

Errors in docs/CHANGELOG.md
[403] https://www.npmjs.com/package/analytics | Network error: Forbidden
[403] https://www.npmjs.com/package/insight | Network error: Forbidden
[403] https://www.npmjs.com/package/java-caller | Network error: Forbidden
⚠️ MARKDOWN / markdownlint - 2 errors 
docs/index.md:38:65 MD059/descriptive-link-text Link text should be descriptive [Context: "[**here**]"]
README.md:38:65 MD059/descriptive-link-text Link text should be descriptive [Context: "[**here**]"]

See detailed reports in MegaLinter artifacts

MegaLinter is graciously provided by OX Security

@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 9845cf5 to 11d3100 Compare November 23, 2025 08:28
@renovate renovate bot changed the title chore(deps): update dependency rimraf to v6.1.2 chore(deps): update all non-major dependencies Nov 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant