Skip to content

Update dependency vue-codemirror to v5 #64

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: trunk
Choose a base branch
from

Update dependency vue-codemirror to v5

be5e5aa
Select commit
Loading
Failed to load commit list.
Open

Update dependency vue-codemirror to v5 #64

Update dependency vue-codemirror to v5
be5e5aa
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Jun 30, 2025 in 13m 58s

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: php. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

You have successfully remediated 16 vulnerabilities, but introduced 2 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2024-9506

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/node_modules/@nuxt/vue-app/node_modules/vue/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/node_modules/@nuxt/vue-renderer/node_modules/vue/package.json

Dependency Hierarchy:

-> nuxt-2.10.2.tgz (Root Library)

   -> builder-2.10.2.tgz

     -> vue-app-2.10.2.tgz

       -> ❌ vue-2.7.16.tgz (Vulnerable Library)

Low 3.7 vue-2.7.16.tgz Upgrade to version: vue - 3.0.0 #3

Reachable
CVE-2024-9506

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/node_modules/@nuxt/vue-app/node_modules/@vue/compiler-sfc/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/node_modules/@nuxt/vue-renderer/node_modules/@vue/compiler-sfc/package.json

Dependency Hierarchy:

-> nuxt-2.10.2.tgz (Root Library)

   -> builder-2.10.2.tgz

     -> vue-app-2.10.2.tgz

       -> vue-2.7.16.tgz

         -> ❌ compiler-sfc-2.7.16.tgz (Vulnerable Library)

Low 3.7 compiler-sfc-2.7.16.tgz Upgrade to version: vue - 3.0.0 #3

Reachable

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
GHSA-8x6c-cv3v-vp6g cacheable-request-6.1.0.tgz
GHSA-6chw-6frg-f759 acorn-6.3.0.tgz
GHSA-vjh7-7g9h-fjfh elliptic-6.5.2.tgz
GHSA-7fhm-mqm4-2wp7 acorn-6.3.0.tgz
GHSA-g2q5-5433-rhrf rc-1.2.8.tgz
CVE-2025-50182 urllib3-2.2.3-py3-none-any.whl
GHSA-7fhm-mqm4-2wp7 minimist-1.2.0.tgz
GHSA-vjh7-7g9h-fjfh elliptic-6.5.4.tgz
CVE-2020-7760 codemirror-5.48.4.tgz
GHSA-73qr-pfmq-6rp8 coa-2.0.2.tgz
GHSA-5rrq-pxf6-6jx5 node-forge-0.10.0.tgz
GHSA-gf8q-jrpm-jvxq node-forge-0.10.0.tgz
GHSA-35jh-r3h4-6jhm lodash-4.17.15.tgz
CVE-2024-9506 vue-2.6.10.tgz
CVE-2025-50181 urllib3-2.2.3-py3-none-any.whl
GHSA-7fhm-mqm4-2wp7 minimist-0.0.8.tgz

Base branch total remaining vulnerabilities: 149
Base branch commit: null


Total libraries scanned: 2273

Scan token: a57914b9603b45e3a527485aae06d404

View more details on Dev - Mend for GitHub.com