chore(deps): update dependency semver to v5.7.2 #181
Security Report
❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: npm. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
Scan Details Report
npm
/tmp/ws-scm/atom/spec/fixtures/packages/package-with-broken-package-json/package.json
| Step | Level | Description | Details |
|---|---|---|---|
| Preparing the project for scan | ⚠Warn | One or more of the installations failed | Fail to run npm install: npm error code EJSONPARSE npm error JSON.parse Invalid package.json: JSONParseError: Unexpected token "I" (0x49), "INVALID npm error JSON.parse " is not valid JSON while parsing 'INVALID npm error JSON.parse ' npm error JSON.parse Failed to parse JSON data. npm error JSON.parse Note: package.json must be actual JSON, not just JavaScript. npm error |
| Resolving the project | ❌Error | Failure to perform the resolution operation due to an issue parsing a file | Invalid package.json file: /tmp/ws-scm/atom/spec/fixtures/packages/package-with-broken-package-json/package.json |
You have successfully remediated 22 vulnerabilities, but introduced 26 new vulnerabilities in this branch.❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2026-26996Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> tree-view-https://www.atom.io/api/packages/tree-view/versions/0.228.0/tarball.tgz (Root Library) -> ❌ minimatch-0.3.0.tgz (Vulnerable Library) |
 High |
7.5 | Transitive minimatch-0.3.0.tgz |
tree-view-https://www.atom.io/api/packages/tree-view/versions/0.228.0/tarball.tgz | Transitive 10.2.1 |
#18 | |
CVE-2026-26996Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> mocha-10.2.0.tgz (Root Library) -> ❌ minimatch-5.0.1.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-5.0.1.tgz |
mocha-10.2.0.tgz | Transitive 10.2.1 |
#37 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/package.json,/script/vsts/package.json Dependency Hierarchy: -> mocha-10.2.0.tgz (Root Library) -> glob-7.2.0.tgz -> ❌ minimatch-3.1.2.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.2.tgz |
mocha-10.2.0.tgz | Transitive 10.2.1 |
#37 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/package.json Dependency Hierarchy: -> settings-view-https://www.atom.io/api/packages/settings-view/versions/0.261.3/tarball.tgz (Root Library) -> glob-4.3.1.tgz -> ❌ minimatch-2.0.10.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-2.0.10.tgz |
settings-view-https://www.atom.io/api/packages/settings-view/versions/0.261.3/tarball.tgz | Transitive 10.2.1 |
#34 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json Dependency Hierarchy: -> webdriverio-5.9.2.tgz (Root Library) -> config-5.9.1.tgz -> glob-7.1.4.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.0.4.tgz |
webdriverio-5.9.2.tgz | Transitive 10.2.1 |
#47 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/package.json,/script/vsts/package.json Dependency Hierarchy: -> glob-7.0.3.tgz (Root Library) -> ❌ minimatch-3.1.2.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.2.tgz |
glob-7.0.3.tgz | Transitive 10.2.1 |
#16 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/package.json Dependency Hierarchy: -> glob-7.0.3.tgz (Root Library) -> ❌ minimatch-2.0.10.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-2.0.10.tgz |
glob-7.0.3.tgz | Transitive 10.2.1 |
#16 | |
CVE-2026-26996Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ minimatch-3.0.5.tgz (Vulnerable Library) |
High |
7.5 | Direct minimatch-3.0.5.tgz |
minimatch-3.0.5.tgz | 10.2.1 | #99 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json Dependency Hierarchy: -> npm-8.19.2.tgz (Root Library) -> ❌ minimatch-5.1.0.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-5.1.0.tgz |
npm-8.19.2.tgz | Transitive 10.2.1 |
#36 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/package.json,/script/vsts/package.json Dependency Hierarchy: -> npm-8.19.2.tgz (Root Library) -> node-gyp-9.1.0.tgz -> glob-7.2.3.tgz -> ❌ minimatch-3.1.2.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.2.tgz |
npm-8.19.2.tgz | Transitive 10.2.1 |
#36 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json Dependency Hierarchy: -> eslint-plugin-node-9.0.1.tgz (Root Library) -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.0.4.tgz |
eslint-plugin-node-9.0.1.tgz | Transitive 10.2.1 |
#43 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json Dependency Hierarchy: -> electron-winstaller-0.0.1.tgz (Root Library) -> asar-1.0.0.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.0.4.tgz |
electron-winstaller-0.0.1.tgz | Transitive 10.2.1 |
#44 | |
CVE-2026-26996Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> jasmine-tagged-1.1.4.tgz (Root Library) -> jasmine-focused-1.0.7.tgz -> jasmine-node-git+https://github.com/kevinsawicki/jasmine-node.git#81af4f953a2b7dfb5bde8331c05362a4b464c5ef.tgz -> gaze-0.3.4.tgz -> fileset-0.1.8.tgz -> ❌ minimatch-0.4.0.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-0.4.0.tgz |
jasmine-tagged-1.1.4.tgz | Transitive 10.2.1 |
#9 | |
CVE-2026-26996Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> jasmine-tagged-1.1.4.tgz (Root Library) -> jasmine-focused-1.0.7.tgz -> jasmine-node-git+https://github.com/kevinsawicki/jasmine-node.git#81af4f953a2b7dfb5bde8331c05362a4b464c5ef.tgz -> gaze-0.3.4.tgz -> fileset-0.1.8.tgz -> glob-3.2.11.tgz -> ❌ minimatch-0.3.0.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-0.3.0.tgz |
jasmine-tagged-1.1.4.tgz | Transitive 10.2.1 |
#9 | |
CVE-2026-26996Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> jasmine-tagged-1.1.4.tgz (Root Library) -> jasmine-focused-1.0.7.tgz -> jasmine-node-git+https://github.com/kevinsawicki/jasmine-node.git#81af4f953a2b7dfb5bde8331c05362a4b464c5ef.tgz -> gaze-0.3.4.tgz -> ❌ minimatch-0.2.14.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-0.2.14.tgz |
jasmine-tagged-1.1.4.tgz | Transitive 10.2.1 |
#9 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json Dependency Hierarchy: -> fs-extra-0.30.0.tgz (Root Library) -> rimraf-2.6.2.tgz -> glob-7.1.2.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.0.4.tgz |
fs-extra-0.30.0.tgz | Transitive 10.2.1 |
#50 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/package.json Dependency Hierarchy: -> coffeelint-1.15.7.tgz (Root Library) -> glob-4.5.3.tgz -> ❌ minimatch-2.0.10.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-2.0.10.tgz |
coffeelint-1.15.7.tgz | Transitive 10.2.1 |
#26 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/package.json Dependency Hierarchy: -> babel-core-5.8.38.tgz (Root Library) -> ❌ minimatch-2.0.10.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-2.0.10.tgz |
babel-core-5.8.38.tgz | Transitive 10.2.1 |
#7 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/package.json,/script/vsts/package.json Dependency Hierarchy: -> atom-package-manager-2.6.5.tgz (Root Library) -> mv-2.1.1.tgz -> rimraf-2.4.5.tgz -> glob-6.0.4.tgz -> ❌ minimatch-3.1.2.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.2.tgz |
atom-package-manager-2.6.5.tgz | Transitive 10.2.1 |
#3 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/package.json Dependency Hierarchy: -> legal-eagle-0.14.0.tgz (Root Library) -> read-installed-3.1.3.tgz -> read-package-json-1.3.3.tgz -> glob-5.0.15.tgz -> ❌ minimatch-2.0.10.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-2.0.10.tgz |
legal-eagle-0.14.0.tgz | Transitive 10.2.1 |
#25 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json Dependency Hierarchy: -> electron-packager-16.0.0.tgz (Root Library) -> universal-1.3.1.tgz -> dir-compare-2.4.0.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.0.4.tgz |
electron-packager-16.0.0.tgz | Transitive 10.2.1 |
#40 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/apm/package.json,/package.json,/script/vsts/package.json Dependency Hierarchy: -> electron-packager-16.0.0.tgz (Root Library) -> universal-1.3.1.tgz -> ❌ minimatch-3.1.2.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.2.tgz |
electron-packager-16.0.0.tgz | Transitive 10.2.1 |
#40 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json,/package.json Dependency Hierarchy: -> scandal-3.2.0.tgz (Root Library) -> ❌ minimatch-2.0.10.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-2.0.10.tgz |
scandal-3.2.0.tgz | Transitive 10.2.1 |
#46 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json Dependency Hierarchy: -> eslint-5.16.0.tgz (Root Library) -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.0.4.tgz |
eslint-5.16.0.tgz | Transitive 10.2.1 |
#23 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json Dependency Hierarchy: -> eslint-plugin-import-2.17.2.tgz (Root Library) -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.0.4.tgz |
eslint-plugin-import-2.17.2.tgz | Transitive 10.2.1 |
#24 | |
CVE-2026-26996Path to dependency file: /script/package.json Path to vulnerable library: /script/package.json Dependency Hierarchy: -> stylelint-9.3.0.tgz (Root Library) -> globby-8.0.1.tgz -> glob-7.1.2.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.0.4.tgz |
stylelint-9.3.0.tgz | Transitive 10.2.1 |
#19 |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| GHSA-xf5p-87ch-gxw2 | marked-0.5.2.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-6.1.0.tgz |
| GHSA-2pr6-76vf-7546 | js-yaml-3.6.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-1.1.3.tgz |
| CVE-2019-10747 | set-value-0.4.3.tgz |
| CVE-2025-404142 | buffers-0.1.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.8.tgz |
| CVE-2022-25883 | semver-5.5.1.tgz |
| GHSA-f7xj-rg7h-mc87 | stylelint-9.3.0.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-2.1.4.tgz |
| CVE-2019-10747 | set-value-2.0.0.tgz |
| GHSA-ch52-vgq2-943f | marked-0.5.2.tgz |
| GHSA-7m7q-q53v-j47v | marked-0.5.2.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-7.0.2.tgz |
| GHSA-8j8c-7jfh-h6hx | js-yaml-3.6.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-1.2.0.tgz |
| GHSA-g95f-p29q-9xw4 | braces-1.8.5.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.10.tgz |
| GHSA-7wwv-vh3v-89cq | highlight.js-9.16.2.tgz |
| GHSA-xf5p-87ch-gxw2 | marked-0.3.19.tgz |
| CVE-2022-25881 | http-cache-semantics-3.8.1.tgz |
| GHSA-ch52-vgq2-943f | marked-0.6.3.tgz |
Base branch total remaining vulnerabilities: 250
Base branch commit: 516d2ba6154c1452a1ee42314809c66edc833096
Total libraries scanned: 2251
Scan token: 344ad0a53a0b40c89c246a758ec8f20c