Skip to content

Update dependency @storybook/addon-webpack5-compiler-babel to v4 (main) #134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency @storybook/addon-webpack5-compiler-babel to v4

d030fee
Select commit
Loading
Failed to load commit list.
Open

Update dependency @storybook/addon-webpack5-compiler-babel to v4 (main) #134

Update dependency @storybook/addon-webpack5-compiler-babel to v4
d030fee
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Nov 25, 2025 in 21m 53s

Security Report

33 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-616547-419802

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sdk-1.13.2.tgz (Root Library)

   -> express-5.0.1.tgz

     -> ❌ parseurl-1.3.3.tgz (Vulnerable Library)

Critical 9.8 Transitive parseurl-1.3.3.tgz sdk-1.13.2.tgz None
CVE-398484-724968

Dependency Hierarchy:

-> elastic-apm-node-4.13.0.tgz (Root Library)

   -> agentkeepalive-4.2.1.tgz

     -> humanize-ms-1.2.1.tgz

       -> ❌ ms-2.1.3.tgz (Vulnerable Library)

Critical 9.8 Transitive ms-2.1.3.tgz elastic-apm-node-4.13.0.tgz None
CVE-398484-724968

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> debug-4.3.7.tgz

     -> ❌ ms-2.1.3.tgz (Vulnerable Library)

Critical 9.8 Transitive ms-2.1.3.tgz bump-cli-2.8.4.tgz None
CVE-398484-724968

Dependency Hierarchy:

-> jsonwebtoken-9.0.2.tgz (Root Library)

   -> ❌ ms-2.1.3.tgz (Vulnerable Library)

Critical 9.8 Transitive ms-2.1.3.tgz jsonwebtoken-9.0.2.tgz None
CVE-398484-724968

Dependency Hierarchy:

-> elasticsearch-9.1.1.tgz (Root Library)

   -> transport-9.0.1.tgz

     -> ❌ ms-2.1.3.tgz (Vulnerable Library)

Critical 9.8 Transitive ms-2.1.3.tgz elasticsearch-9.1.1.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> glob-7.2.3.tgz

     -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz cli-1.34.5.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> inquirer-8.2.7.tgz (Root Library)

   -> ora-5.4.1.tgz

     -> bl-4.1.0.tgz

       -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz inquirer-8.2.7.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> openpgp-5.11.3.tgz (Root Library)

   -> asn1.js-5.4.1.tgz

     -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz openpgp-5.11.3.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> del-6.1.1.tgz (Root Library)

   -> rimraf-3.0.2.tgz

     -> glob-7.2.3.tgz

       -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz del-6.1.1.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> wellknown-0.5.0.tgz (Root Library)

   -> concat-stream-1.5.2.tgz

     -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz wellknown-0.5.0.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> borc-3.0.0.tgz (Root Library)

   -> readable-stream-3.6.2.tgz

     -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz borc-3.0.0.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> sdk-1.13.2.tgz (Root Library)

   -> express-5.0.1.tgz

     -> http-errors-2.0.0.tgz

       -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz sdk-1.13.2.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> server-11.11.0.tgz (Root Library)

   -> multipipe-1.0.2.tgz

     -> duplexer2-0.1.4.tgz

       -> readable-stream-2.3.8.tgz

         -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz server-11.11.0.tgz None
CVE-2025-12735

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ expr-eval-2.0.2.tgz (Vulnerable Library)

Critical 9.8 Direct expr-eval-2.0.2.tgz expr-eval-2.0.2.tgz expr-eval-fork - 3.0.0 None
CVE-154062-641864

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sdk-1.13.2.tgz (Root Library)

   -> express-5.0.1.tgz

     -> on-finished-2.4.1.tgz

       -> ❌ ee-first-1.1.1.tgz (Vulnerable Library)

Critical 9.8 Transitive ee-first-1.1.1.tgz sdk-1.13.2.tgz None
CVE-121740-819191

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json,/package.json

Dependency Hierarchy:

-> ❌ lodash-4.17.21.tgz (Vulnerable Library)

Critical 9.8 Direct lodash-4.17.21.tgz lodash-4.17.21.tgz None
CVE-105163-391686

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ jquery-3.7.1.tgz (Vulnerable Library)

Critical 9.8 Direct jquery-3.7.1.tgz jquery-3.7.1.tgz None
CVE-2022-1227

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> redoc-2.5.0.tgz

     -> ❌ prismjs-1.29.0.tgz (Vulnerable Library)

High 8.8 Transitive prismjs-1.29.0.tgz cli-1.34.5.tgz Transitive github.com/containers/psgo - v1.7.2,react - 15.0.1,https://github.com/containers/psgo.git - no_fix,https://github.com/containers/podman.git - no_fix None
CVE-2025-59840

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ vega-5.33.0.tgz (Vulnerable Library)

High 8.1 Direct vega-5.33.0.tgz vega-5.33.0.tgz vega-interpreter - 2.2.1,vega-interpreter - 1.2.1,vega-expression - 5.2.1,vega-expression - 6.1.0,vega - 6.2.0,vega - 6.2.0 None
MSC-2025-10528

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ jquery-3.7.1.tgz (Vulnerable Library)

High 7.8 Direct jquery-3.7.1.tgz jquery-3.7.1.tgz None
CVE-2025-64756

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> tar-7.4.3.tgz (Root Library)

   -> minizlib-3.0.1.tgz

     -> rimraf-5.0.10.tgz

       -> ❌ glob-10.4.5.tgz (Vulnerable Library)

High 7.5 Transitive glob-10.4.5.tgz tar-7.4.3.tgz Transitive glob - 11.1.0,glob - 10.5.0 None
CVE-2025-64756

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> archiver-7.0.1.tgz (Root Library)

   -> archiver-utils-5.0.2.tgz

     -> ❌ glob-10.4.5.tgz (Vulnerable Library)

High 7.5 Transitive glob-10.4.5.tgz archiver-7.0.1.tgz Transitive glob - 11.1.0,glob - 10.5.0 None
CVE-2025-58754

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> ❌ axios-1.7.7.tgz (Vulnerable Library)

High 7.5 Transitive axios-1.7.7.tgz bump-cli-2.8.4.tgz Transitive 1.12.0 None
CVE-2025-57319

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> elastic-apm-node-4.13.0.tgz (Root Library)

   -> pino-8.15.1.tgz

     -> ❌ fast-redact-3.1.2.tgz (Vulnerable Library)

High 7.5 Transitive fast-redact-3.1.2.tgz elastic-apm-node-4.13.0.tgz None
CVE-2025-11362

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ pdfmake-0.2.15.tgz (Vulnerable Library)

High 7.5 Direct pdfmake-0.2.15.tgz pdfmake-0.2.15.tgz pdfmake - 0.3.0-beta.17,pdfmake - 0.3.0-beta.17 None
CVE-2012-3412

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> redoc-2.5.0.tgz

     -> ❌ prismjs-1.29.0.tgz (Vulnerable Library)

High 7.5 Transitive prismjs-1.29.0.tgz cli-1.34.5.tgz Transitive 3.2.30 None
CVE-2025-13204

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ expr-eval-2.0.2.tgz (Vulnerable Library)

High 7.3 Direct expr-eval-2.0.2.tgz expr-eval-2.0.2.tgz None
CVE-2015-9251

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ jquery-3.7.1.tgz (Vulnerable Library)

Medium 6.1 Direct jquery-3.7.1.tgz jquery-3.7.1.tgz jquery - 3.0.0,org.webjars.npm:jquery:1.12.2,jQuery - 3.0.0,jquery-rails - 4.2.0,jquery - 1.12.2,org.webjars.npm:jquery:3.0.0,jQuery - 1.12.2,jQuery - 3.0.0,org.webjars.npm:jquery:1.12.2,org.webjars.npm:jquery:3.0.0,jquery - 3.0.0,jquery - 1.12.2,jQuery - 1.12.2,jquery-rails - 4.2.0 None
MSC-2025-10533

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ jquery-3.7.1.tgz (Vulnerable Library)

Medium 5.3 Direct jquery-3.7.1.tgz jquery-3.7.1.tgz None
CVE-2019-3820

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ jquery-3.7.1.tgz (Vulnerable Library)

Medium 4.3 Direct jquery-3.7.1.tgz jquery-3.7.1.tgz None
CVE-2025-5889

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> glob-7.2.3.tgz

     -> minimatch-3.1.2.tgz

       -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)

Low 3.1 Transitive brace-expansion-1.1.11.tgz cli-1.34.5.tgz Transitive 2.0.2 None
CVE-2025-5889

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> openapi-core-1.34.5.tgz

     -> minimatch-5.1.6.tgz

       -> ❌ brace-expansion-2.0.1.tgz (Vulnerable Library)

Low 3.1 Transitive brace-expansion-2.0.1.tgz cli-1.34.5.tgz Transitive 2.0.2 None
CVE-2025-5889

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> core-1.20.4.tgz

     -> ejs-3.1.10.tgz

       -> jake-10.9.2.tgz

         -> filelist-1.0.4.tgz

           -> minimatch-5.1.6.tgz

             -> ❌ brace-expansion-2.0.1.tgz (Vulnerable Library)

Low 3.1 Transitive brace-expansion-2.0.1.tgz bump-cli-2.8.4.tgz Transitive 2.0.2 None

Base branch total remaining vulnerabilities: 0
Base branch commit: 0d4c439f850955161bb80b25f879aa3be0fbc60d


Total libraries scanned: 3092

Scan token: 471f0f384dfb4379acba6f151adf0a16

View more details on Dev - Mend for GitHub.com