Skip to content

Update dependency vue-codemirror to v5 #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: trunk
Choose a base branch
from

Update dependency vue-codemirror to v5

1238fc1
Select commit
Loading
Failed to load commit list.
Open

Update dependency vue-codemirror to v5 #66

Update dependency vue-codemirror to v5
1238fc1
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Jun 30, 2025 in 59m 25s

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: php. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

You have successfully remediated 20 vulnerabilities, but introduced 2 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2024-9506

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/node_modules/@nuxt/vue-renderer/node_modules/vue/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/node_modules/@nuxt/vue-app/node_modules/vue/package.json

Dependency Hierarchy:

-> nuxt-2.10.2.tgz (Root Library)

   -> builder-2.10.2.tgz

     -> vue-app-2.10.2.tgz

       -> ❌ vue-2.7.16.tgz (Vulnerable Library)

Low 3.7 vue-2.7.16.tgz Upgrade to version: vue - 3.0.0-alpha.0 #3

Unreachable
CVE-2024-9506

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/node_modules/@nuxt/vue-app/node_modules/@vue/compiler-sfc/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/node_modules/@nuxt/vue-renderer/node_modules/@vue/compiler-sfc/package.json

Dependency Hierarchy:

-> nuxt-2.10.2.tgz (Root Library)

   -> builder-2.10.2.tgz

     -> vue-app-2.10.2.tgz

       -> vue-2.7.16.tgz

         -> ❌ compiler-sfc-2.7.16.tgz (Vulnerable Library)

Low 3.7 compiler-sfc-2.7.16.tgz Upgrade to version: vue - 3.0.0-alpha.0 #3

Unreachable

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2021-33502 normalize-url-3.3.0.tgz
GHSA-8x6c-cv3v-vp6g cacheable-request-6.1.0.tgz
CVE-2021-33502 normalize-url-1.9.1.tgz
GHSA-6chw-6frg-f759 acorn-6.3.0.tgz
GHSA-vjh7-7g9h-fjfh elliptic-6.5.2.tgz
GHSA-7fhm-mqm4-2wp7 acorn-6.3.0.tgz
GHSA-g2q5-5433-rhrf rc-1.2.8.tgz
CVE-2025-50182 urllib3-2.2.3-py3-none-any.whl
GHSA-7fhm-mqm4-2wp7 minimist-1.2.0.tgz
GHSA-vjh7-7g9h-fjfh elliptic-6.5.4.tgz
CVE-2021-33587 css-what-2.1.3.tgz
CVE-2020-7760 codemirror-5.48.4.tgz
CVE-2021-33587 css-what-3.2.1.tgz
GHSA-73qr-pfmq-6rp8 coa-2.0.2.tgz
GHSA-5rrq-pxf6-6jx5 node-forge-0.10.0.tgz
GHSA-gf8q-jrpm-jvxq node-forge-0.10.0.tgz
GHSA-35jh-r3h4-6jhm lodash-4.17.15.tgz
CVE-2024-9506 vue-2.6.10.tgz
CVE-2025-50181 urllib3-2.2.3-py3-none-any.whl
GHSA-7fhm-mqm4-2wp7 minimist-0.0.8.tgz

Base branch total remaining vulnerabilities: 153
Base branch commit: c3bfeab8ee549fbc0a78e721eeab90ec8dc4e9ce


Total libraries scanned: 2272

Scan token: d0d85291b4f0420299cb72d75ff1198b

View more details on Dev - Mend for GitHub.com