Update dependency node-fetch to v2.6.7 #14
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2026-33937Path to dependency file: /ndp-check-redirects/package.json Path to vulnerable library: /ndp-check-redirects/package.json Dependency Hierarchy: -> jest-24.9.0.tgz (Root Library) -> jest-cli-24.9.0.tgz -> core-24.9.0.tgz -> reporters-24.9.0.tgz -> istanbul-reports-2.2.6.tgz -> ❌ handlebars-4.5.3.tgz (Vulnerable Library) |
 Critical |
9.8 | Transitive handlebars-4.5.3.tgz |
jest-24.9.0.tgz | Transitive Upgrade to version handlebars - 4.7.9 or greater |
#1 |
|
CVE-2026-33941Path to dependency file: /ndp-check-redirects/package.json Path to vulnerable library: /ndp-check-redirects/package.json Dependency Hierarchy: -> jest-24.9.0.tgz (Root Library) -> jest-cli-24.9.0.tgz -> core-24.9.0.tgz -> reporters-24.9.0.tgz -> istanbul-reports-2.2.6.tgz -> ❌ handlebars-4.5.3.tgz (Vulnerable Library) |
 High |
8.2 | Transitive handlebars-4.5.3.tgz |
jest-24.9.0.tgz | Transitive Upgrade to version handlebars - 4.7.9 or greater |
#1 |
|
CVE-2026-33940Path to dependency file: /ndp-check-redirects/package.json Path to vulnerable library: /ndp-check-redirects/package.json Dependency Hierarchy: -> jest-24.9.0.tgz (Root Library) -> jest-cli-24.9.0.tgz -> core-24.9.0.tgz -> reporters-24.9.0.tgz -> istanbul-reports-2.2.6.tgz -> ❌ handlebars-4.5.3.tgz (Vulnerable Library) |
High |
8.1 | Transitive handlebars-4.5.3.tgz |
jest-24.9.0.tgz | Transitive Upgrade to version handlebars - 4.7.9 or greater |
#1 |
|
CVE-2026-33938Path to dependency file: /ndp-check-redirects/package.json Path to vulnerable library: /ndp-check-redirects/package.json Dependency Hierarchy: -> jest-24.9.0.tgz (Root Library) -> jest-cli-24.9.0.tgz -> core-24.9.0.tgz -> reporters-24.9.0.tgz -> istanbul-reports-2.2.6.tgz -> ❌ handlebars-4.5.3.tgz (Vulnerable Library) |
High |
8.1 | Transitive handlebars-4.5.3.tgz |
jest-24.9.0.tgz | Transitive Upgrade to version handlebars - 4.7.9 or greater |
#1 |
|
CVE-2026-33939Path to dependency file: /ndp-check-redirects/package.json Path to vulnerable library: /ndp-check-redirects/package.json Dependency Hierarchy: -> jest-24.9.0.tgz (Root Library) -> jest-cli-24.9.0.tgz -> core-24.9.0.tgz -> reporters-24.9.0.tgz -> istanbul-reports-2.2.6.tgz -> ❌ handlebars-4.5.3.tgz (Vulnerable Library) |
High |
7.5 | Transitive handlebars-4.5.3.tgz |
jest-24.9.0.tgz | Transitive Upgrade to version handlebars - 4.7.9 or greater |
#1 |
|
CVE-2026-33750Path to dependency file: /codesnippets-auto-pr/package.json Path to vulnerable library: /codesnippets-auto-pr/package.json,/nexmo-changelog/package.json,/openapi-release/package.json,/ndp-check-redirects/package.json,/heroku-review-app/package.json,/submodule-auto-pr/package.json Dependency Hierarchy: -> actions-toolkit-4.0.0.tgz (Root Library) -> flat-cache-2.0.1.tgz -> rimraf-2.6.3.tgz -> glob-7.1.6.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
 Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
actions-toolkit-4.0.0.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
#4 |
|
CVE-2026-33750Path to dependency file: /codesnippets-auto-pr/package.json Path to vulnerable library: /codesnippets-auto-pr/package.json,/nexmo-changelog/package.json,/openapi-release/package.json,/ndp-check-redirects/package.json,/heroku-review-app/package.json,/submodule-auto-pr/package.json Dependency Hierarchy: -> actions-toolkit-2.1.0.tgz (Root Library) -> flat-cache-2.0.1.tgz -> rimraf-2.6.3.tgz -> glob-7.1.4.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
actions-toolkit-2.1.0.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
#7 |
|
CVE-2026-33750Path to dependency file: /codesnippets-auto-pr/package.json Path to vulnerable library: /codesnippets-auto-pr/package.json,/nexmo-changelog/package.json,/openapi-release/package.json,/ndp-check-redirects/package.json,/heroku-review-app/package.json,/submodule-auto-pr/package.json Dependency Hierarchy: -> actions-toolkit-2.0.0.tgz (Root Library) -> flat-cache-2.0.1.tgz -> rimraf-2.6.3.tgz -> glob-7.1.4.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
actions-toolkit-2.0.0.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
#2 |
|
CVE-2026-33750Path to dependency file: /codesnippets-auto-pr/package.json Path to vulnerable library: /codesnippets-auto-pr/package.json,/nexmo-changelog/package.json,/openapi-release/package.json,/ndp-check-redirects/package.json,/heroku-review-app/package.json,/submodule-auto-pr/package.json Dependency Hierarchy: -> actions-toolkit-2.2.0.tgz (Root Library) -> flat-cache-2.0.1.tgz -> rimraf-2.6.3.tgz -> glob-7.1.5.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
actions-toolkit-2.2.0.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
#6 |
|
CVE-2026-33750Path to dependency file: /codesnippets-auto-pr/package.json Path to vulnerable library: /codesnippets-auto-pr/package.json,/nexmo-changelog/package.json,/openapi-release/package.json,/ndp-check-redirects/package.json,/heroku-review-app/package.json,/submodule-auto-pr/package.json Dependency Hierarchy: -> jest-24.9.0.tgz (Root Library) -> jest-cli-24.9.0.tgz -> jest-config-24.9.0.tgz -> glob-7.1.4.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
jest-24.9.0.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
#1 |
|
CVE-2026-33916Path to dependency file: /ndp-check-redirects/package.json Path to vulnerable library: /ndp-check-redirects/package.json Dependency Hierarchy: -> jest-24.9.0.tgz (Root Library) -> jest-cli-24.9.0.tgz -> core-24.9.0.tgz -> reporters-24.9.0.tgz -> istanbul-reports-2.2.6.tgz -> ❌ handlebars-4.5.3.tgz (Vulnerable Library) |
Medium |
4.7 | Transitive handlebars-4.5.3.tgz |
jest-24.9.0.tgz | Transitive Upgrade to version handlebars - 4.7.9 or greater |
#1 |
|
CVE-2026-33532Path to dependency file: /ndp-check-redirects/package.json Path to vulnerable library: /ndp-check-redirects/package.json Dependency Hierarchy: -> ❌ yaml-1.6.0.tgz (Vulnerable Library) |
Medium |
4.3 | Direct yaml-1.6.0.tgz |
yaml-1.6.0.tgz | Upgrade to version yaml - 2.8.3 or greater | None |
|
CVE-952079-685214Path to dependency file: /nexmo-changelog/package.json Path to vulnerable library: /nexmo-changelog/package.json Dependency Hierarchy: -> ❌ node-fetch-2.6.7.tgz (Vulnerable Library) |
Critical |
9.8 | Direct node-fetch-2.6.7.tgz |
node-fetch-2.6.7.tgz | None |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-561003-132867 | tmp-0.0.33.tgz |
| CVE-2022-37598 | uglify-js-3.7.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | acorn-6.4.0.tgz |
| CVE-2025-54798 | tmp-0.0.33.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-1.2.0.tgz |
| GHSA-6chw-6frg-f759 | acorn-6.4.0.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.10.tgz |
| CVE-2020-15366 | ajv-6.10.0.tgz |
| CVE-2021-23337 | lodash-4.17.19.tgz |
| GHSA-35jh-r3h4-6jhm | lodash-4.17.19.tgz |
| CVE-2020-28500 | lodash-4.17.19.tgz |
| CVE-2025-69873 | ajv-6.10.0.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.8.tgz |
Base branch total remaining vulnerabilities: 97
Base branch commit: 1fa94290fb5d5a75015c22faad5467200e4eff4a
Total libraries scanned: 609
Scan token: 4c3e3d7771e84a7fa7f5b9fa8574466c