Skip to content

chore(deps): update dependency lodash.template to v4.18.0 #188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: electron-upgrade
Choose a base branch
from

chore(deps): update dependency lodash.template to v4.18.0

1bab71b
Select commit
Loading
Failed to load commit list.
Open

chore(deps): update dependency lodash.template to v4.18.0 #188

chore(deps): update dependency lodash.template to v4.18.0
1bab71b
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Apr 1, 2026 in 21m 3s

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: npm. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

npm

/tmp/ws-scm/atom/spec/fixtures/packages/package-with-broken-package-json/package.json
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed Fail to run npm install:
npm error code EJSONPARSE
npm error JSON.parse Invalid package.json: JSONParseError: Unexpected token "I" (0x49), "INVALID
npm error JSON.parse " is not valid JSON while parsing 'INVALID
npm error JSON.parse '
npm error JSON.parse Failed to parse JSON data.
npm error JSON.parse Note: package.json must be actual JSON, not just JavaScript.
npm error
Resolving the project ❌Error Failure to perform the resolution operation due to an issue parsing a file Invalid package.json file: /tmp/ws-scm/atom/spec/fixtures/packages/package-with-broken-package-json/package.json

You have successfully remediated 21 vulnerabilities, but introduced 4 new vulnerabilities in this branch.

❌ New vulnerabilities:
Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2026-34601

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jasmine-reporters-2.5.0.tgz (Root Library)

   -> ❌ xmldom-0.7.9.tgz (Vulnerable Library)

High 7.5 Transitive xmldom-0.7.9.tgz jasmine-reporters-2.5.0.tgz Transitive Upgrade to version @xmldom/xmldom - 0.8.12 or greater #96
CVE-2026-34601

Path to dependency file: /apm/package.json

Path to vulnerable library: /apm/package.json

Dependency Hierarchy:

-> atom-package-manager-2.6.5.tgz (Root Library)

   -> plist-0.4.4.tgz

     -> ❌ xmldom-0.1.31.tgz (Vulnerable Library)

High 7.5 Transitive xmldom-0.1.31.tgz atom-package-manager-2.6.5.tgz Transitive Upgrade to version @xmldom/xmldom - 0.8.12 or greater #3
CVE-2026-26996

Path to dependency file: /packages/deprecation-cop/package.json

Path to vulnerable library: /packages/deprecation-cop/node_modules/minimatch/package.json,/packages/dev-live-reload/node_modules/minimatch/package.json,/packages/exception-reporting/node_modules/minimatch/package.json,/packages/git-diff/node_modules/minimatch/package.json

Dependency Hierarchy:

-> fs-plus-3.1.1.tgz (Root Library)

   -> rimraf-2.7.1.tgz

     -> glob-7.2.3.tgz

       -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz fs-plus-3.1.1.tgz Transitive 10.2.1 #77
CVE-2026-34043

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> mocha-10.2.0.tgz (Root Library)

   -> ❌ serialize-javascript-6.0.0.tgz (Vulnerable Library)

Medium 5.9 Transitive serialize-javascript-6.0.0.tgz mocha-10.2.0.tgz Transitive Upgrade to version serialize-javascript - 7.0.5 or greater #37

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
GHSA-xf5p-87ch-gxw2 marked-0.5.2.tgz
GHSA-8x6c-cv3v-vp6g cacheable-request-6.1.0.tgz
CVE-2026-33750 brace-expansion-1.1.12.tgz
GHSA-2pr6-76vf-7546 js-yaml-3.6.1.tgz
GHSA-7fhm-mqm4-2wp7 minimist-1.1.3.tgz
CVE-2021-23337 lodash.template-4.5.0.tgz
CVE-2025-404142 buffers-0.1.1.tgz
GHSA-7fhm-mqm4-2wp7 minimist-0.0.8.tgz
GHSA-f7xj-rg7h-mc87 stylelint-9.3.0.tgz
GHSA-8x6c-cv3v-vp6g cacheable-request-2.1.4.tgz
GHSA-ch52-vgq2-943f marked-0.5.2.tgz
GHSA-7m7q-q53v-j47v marked-0.5.2.tgz
GHSA-8x6c-cv3v-vp6g cacheable-request-7.0.2.tgz
GHSA-8j8c-7jfh-h6hx js-yaml-3.6.1.tgz
GHSA-7fhm-mqm4-2wp7 minimist-1.2.0.tgz
GHSA-g95f-p29q-9xw4 braces-1.8.5.tgz
GHSA-7fhm-mqm4-2wp7 minimist-0.0.10.tgz
GHSA-7wwv-vh3v-89cq highlight.js-9.16.2.tgz
GHSA-xf5p-87ch-gxw2 marked-0.3.19.tgz
CVE-2022-25881 http-cache-semantics-3.8.1.tgz
GHSA-ch52-vgq2-943f marked-0.6.3.tgz

Base branch total remaining vulnerabilities: 271
Base branch commit: 516d2ba6154c1452a1ee42314809c66edc833096


Total libraries scanned: 2251

Scan token: 8d8d4d7ca66b45dbb0ddf50c44bcfc10

View more details on Dev - Mend for GitHub.com