Skip to content

Update dependency @vue/test-utils_v3 to v2.4.0 #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: trunk
Choose a base branch
from

Update dependency @vue/test-utils_v3 to v2.4.0

2eee3f8
Select commit
Loading
Failed to load commit list.
Open

Update dependency @vue/test-utils_v3 to v2.4.0 #131

Update dependency @vue/test-utils_v3 to v2.4.0
2eee3f8
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Mar 27, 2026 in 9m 4s

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: php. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

You have successfully remediated 15 vulnerabilities, but introduced 42 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2026-33750

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> mocha-7.2.0.tgz (Root Library)

   -> minimatch-3.0.4.tgz

     -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-1.1.11.tgz mocha-7.2.0.tgz Transitive Upgrade to version brace-expansion - 5.0.5 or greater #31

Reachable
CVE-2026-33750

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> eslint-config-base-2.0.0.tgz (Root Library)

   -> eslint-config-airbnb-base-15.0.0.tgz

     -> eslint-plugin-import-2.27.5.tgz

       -> minimatch-3.1.2.tgz

         -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-1.1.11.tgz eslint-config-base-2.0.0.tgz Transitive Upgrade to version brace-expansion - 5.0.5 or greater #25

Reachable
CVE-2026-33750

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library)

   -> minimatch-3.0.4.tgz

     -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-1.1.11.tgz fork-ts-checker-webpack-plugin-6.5.3.tgz Transitive Upgrade to version brace-expansion - 5.0.5 or greater #14

Reachable
CVE-2026-33750

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> glob-7.1.4.tgz (Root Library)

   -> minimatch-3.0.4.tgz

     -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-1.1.11.tgz glob-7.1.4.tgz Transitive Upgrade to version brace-expansion - 5.0.5 or greater #21

Reachable
CVE-2026-33750

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> webpack-plugin-injector-1.0.7.tgz (Root Library)

   -> copy-webpack-plugin-5.1.2.tgz

     -> minimatch-3.1.2.tgz

       -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-1.1.11.tgz webpack-plugin-injector-1.0.7.tgz Transitive Upgrade to version brace-expansion - 5.0.5 or greater #4

Reachable
CVE-2026-33750

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> nuxt-2.10.2.tgz (Root Library)

   -> webpack-2.10.2.tgz

     -> webpack-4.41.2.tgz

       -> watchpack-1.6.0.tgz

         -> chokidar-2.1.8.tgz

           -> fsevents-1.2.9.tgz

             -> node-pre-gyp-0.12.0.tgz

               -> rimraf-2.6.3.tgz

                 -> glob-7.1.3.tgz

                   -> minimatch-3.0.4.tgz

                     -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-1.1.11.tgz nuxt-2.10.2.tgz Transitive Upgrade to version brace-expansion - 5.0.5 or greater #2

Reachable
CVE-2025-53892

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> ❌ vue-i18n-9.2.2.tgz (Vulnerable Library)

Medium 6.1 Direct vue-i18n-9.2.2.tgz vue-i18n-9.2.2.tgz https://github.com/intlify/vue-i18n.git - no_fix None

Reachable
CVE-2026-25645

Path to dependency file: /src/Core/DevOps/Locust/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260327105405_PKBERB/python_DHFLIW/202603271054061/env/lib/python3.9/site-packages/requests-2.32.5.dist-info

Dependency Hierarchy:

-> ❌ requests-2.32.5-py3-none-any.whl (Vulnerable Library)

Medium 4.4 Direct requests-2.32.5-py3-none-any.whl requests-2.32.5-py3-none-any.whl Upgrade to version requests - 2.33.0 or greater None

Reachable
CVE-2025-54798

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> ❌ tmp-0.2.1.tgz (Vulnerable Library)

Low 2.5 Transitive tmp-0.2.1.tgz cypress-3.1.2.tgz Transitive 0.2.4 None

Reachable
CVE-2025-7783

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ form-data-2.3.3.tgz (Vulnerable Library)

High 8.7 Transitive form-data-2.3.3.tgz cypress-3.1.2.tgz None

Unreachable
CVE-2026-33895

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> webpack-dev-server-3.11.3.tgz (Root Library)

   -> selfsigned-1.10.11.tgz

     -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 Transitive node-forge-0.10.0.tgz webpack-dev-server-3.11.3.tgz Transitive Upgrade to version node-forge - 1.4.0 or greater #20

Unreachable
CVE-2026-33894

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> webpack-dev-server-3.11.3.tgz (Root Library)

   -> selfsigned-1.10.11.tgz

     -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 Transitive node-forge-0.10.0.tgz webpack-dev-server-3.11.3.tgz Transitive Upgrade to version node-forge - 1.4.0 or greater #20

Unreachable
CVE-2026-33891

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> webpack-dev-server-3.11.3.tgz (Root Library)

   -> selfsigned-1.10.11.tgz

     -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 Transitive node-forge-0.10.0.tgz webpack-dev-server-3.11.3.tgz Transitive Upgrade to version node-forge - 1.4.0 or greater #20

Unreachable
CVE-2026-33671

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> mocha-7.2.0.tgz (Root Library)

   -> chokidar-3.3.0.tgz

     -> anymatch-3.1.3.tgz

       -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

High 7.5 Transitive picomatch-2.3.1.tgz mocha-7.2.0.tgz Transitive Upgrade to version picomatch - 4.0.4 or greater #31

Unreachable
CVE-2026-33671

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> jest-environment-jsdom-29.5.0.tgz (Root Library)

   -> jest-util-29.5.0.tgz

     -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

High 7.5 Transitive picomatch-2.3.1.tgz jest-environment-jsdom-29.5.0.tgz Transitive Upgrade to version picomatch - 4.0.4 or greater None

Unreachable
CVE-2026-33671

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library)

   -> chokidar-3.4.2.tgz

     -> anymatch-3.1.1.tgz

       -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

High 7.5 Transitive picomatch-2.3.1.tgz fork-ts-checker-webpack-plugin-6.5.3.tgz Transitive Upgrade to version picomatch - 4.0.4 or greater #14

Unreachable
CVE-2026-33671

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> ts-loader-8.4.0.tgz (Root Library)

   -> micromatch-4.0.5.tgz

     -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

High 7.5 Transitive picomatch-2.3.1.tgz ts-loader-8.4.0.tgz Transitive Upgrade to version picomatch - 4.0.4 or greater #23

Unreachable
CVE-2026-33671

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> sass-1.51.0.tgz (Root Library)

   -> chokidar-3.5.3.tgz

     -> readdirp-3.6.0.tgz

       -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

High 7.5 Transitive picomatch-2.3.1.tgz sass-1.51.0.tgz Transitive Upgrade to version picomatch - 4.0.4 or greater #22

Unreachable
CVE-2026-33671

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> sass-1.51.0.tgz (Root Library)

   -> chokidar-3.5.3.tgz

     -> anymatch-3.1.2.tgz

       -> ❌ picomatch-2.0.7.tgz (Vulnerable Library)

High 7.5 Transitive picomatch-2.0.7.tgz sass-1.51.0.tgz Transitive Upgrade to version picomatch - 4.0.4 or greater #22

Unreachable
CVE-2026-33671

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> nuxt-2.10.2.tgz (Root Library)

   -> builder-2.10.2.tgz

     -> chokidar-3.3.0.tgz

       -> anymatch-3.1.1.tgz

         -> ❌ picomatch-2.0.7.tgz (Vulnerable Library)

High 7.5 Transitive picomatch-2.0.7.tgz nuxt-2.10.2.tgz Transitive Upgrade to version picomatch - 4.0.4 or greater #2

Unreachable
CVE-2026-33896

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> webpack-dev-server-3.11.3.tgz (Root Library)

   -> selfsigned-1.10.11.tgz

     -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.4 Transitive node-forge-0.10.0.tgz webpack-dev-server-3.11.3.tgz Transitive Upgrade to version node-forge - 1.4.0 or greater #20

Unreachable
CVE-2023-28155

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> ❌ request-2.88.12.tgz (Vulnerable Library)

Medium 6.1 Transitive request-2.88.12.tgz cypress-3.1.2.tgz Transitive 3.0.0 None

Unreachable
CVE-2026-33672

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> mocha-7.2.0.tgz (Root Library)

   -> chokidar-3.3.0.tgz

     -> anymatch-3.1.3.tgz

       -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

Medium 5.3 Transitive picomatch-2.3.1.tgz mocha-7.2.0.tgz Transitive Upgrade to version picomatch - 3.0.2 or greater #31

Unreachable
CVE-2026-33672

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> jest-environment-jsdom-29.5.0.tgz (Root Library)

   -> jest-util-29.5.0.tgz

     -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

Medium 5.3 Transitive picomatch-2.3.1.tgz jest-environment-jsdom-29.5.0.tgz Transitive Upgrade to version picomatch - 3.0.2 or greater None

Unreachable
CVE-2026-33672

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library)

   -> chokidar-3.4.2.tgz

     -> anymatch-3.1.1.tgz

       -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

Medium 5.3 Transitive picomatch-2.3.1.tgz fork-ts-checker-webpack-plugin-6.5.3.tgz Transitive Upgrade to version picomatch - 3.0.2 or greater #14

Unreachable
CVE-2026-33672

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> ts-loader-8.4.0.tgz (Root Library)

   -> micromatch-4.0.5.tgz

     -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

Medium 5.3 Transitive picomatch-2.3.1.tgz ts-loader-8.4.0.tgz Transitive Upgrade to version picomatch - 3.0.2 or greater #23

Unreachable
CVE-2026-33672

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> sass-1.51.0.tgz (Root Library)

   -> chokidar-3.5.3.tgz

     -> readdirp-3.6.0.tgz

       -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

Medium 5.3 Transitive picomatch-2.3.1.tgz sass-1.51.0.tgz Transitive Upgrade to version picomatch - 3.0.2 or greater #22

Unreachable
CVE-2026-33672

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> sass-1.51.0.tgz (Root Library)

   -> chokidar-3.5.3.tgz

     -> anymatch-3.1.2.tgz

       -> ❌ picomatch-2.0.7.tgz (Vulnerable Library)

Medium 5.3 Transitive picomatch-2.0.7.tgz sass-1.51.0.tgz Transitive Upgrade to version picomatch - 3.0.2 or greater #22

Unreachable
CVE-2026-33672

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> nuxt-2.10.2.tgz (Root Library)

   -> builder-2.10.2.tgz

     -> chokidar-3.3.0.tgz

       -> anymatch-3.1.1.tgz

         -> ❌ picomatch-2.0.7.tgz (Vulnerable Library)

Medium 5.3 Transitive picomatch-2.0.7.tgz nuxt-2.10.2.tgz Transitive Upgrade to version picomatch - 3.0.2 or greater #2

Unreachable
CVE-2026-33532

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library)

   -> cosmiconfig-6.0.0.tgz

     -> ❌ yaml-1.10.2.tgz (Vulnerable Library)

Medium 4.3 Transitive yaml-1.10.2.tgz fork-ts-checker-webpack-plugin-6.5.3.tgz Transitive Upgrade to version yaml - 2.8.3 or greater #14

Unreachable
CVE-2026-2391

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ qs-6.10.4.tgz (Vulnerable Library)

Low 3.7 Transitive qs-6.10.4.tgz cypress-3.1.2.tgz Transitive 6.14.2 None

Unreachable
CVE-2025-15284

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ qs-6.10.4.tgz (Vulnerable Library)

Low 3.7 Transitive qs-6.10.4.tgz cypress-3.1.2.tgz Transitive qs - 6.14.1 None

Unreachable
CVE-893166-217151

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ form-data-2.3.3.tgz (Vulnerable Library)

Critical 9.8 Transitive form-data-2.3.3.tgz cypress-3.1.2.tgz None
CVE-814504-1548

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ isstream-0.1.2.tgz (Vulnerable Library)

Critical 9.8 Transitive isstream-0.1.2.tgz cypress-3.1.2.tgz None
CVE-72435-185255

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> http-signature-1.3.6.tgz

         -> sshpk-1.17.0.tgz

           -> ❌ tweetnacl-0.14.5.tgz (Vulnerable Library)

Critical 9.8 Transitive tweetnacl-0.14.5.tgz cypress-3.1.2.tgz None
CVE-607537-903744

Path to dependency file: /src/Storefront/Resources/app/storefront/package.json

Path to vulnerable library: /src/Storefront/Resources/app/storefront/package.json

Dependency Hierarchy:

-> terser-webpack-plugin-5.3.6.tgz (Root Library)

   -> schema-utils-3.1.1.tgz

     -> ❌ ajv-6.12.6.tgz (Vulnerable Library)

Critical 9.8 Transitive ajv-6.12.6.tgz terser-webpack-plugin-5.3.6.tgz None
CVE-607537-903744

Path to dependency file: /src/Storefront/Resources/app/storefront/package.json

Path to vulnerable library: /src/Storefront/Resources/app/storefront/package.json

Dependency Hierarchy:

-> webpack-5.75.0.tgz (Root Library)

   -> schema-utils-3.1.1.tgz

     -> ❌ ajv-6.12.6.tgz (Vulnerable Library)

Critical 9.8 Transitive ajv-6.12.6.tgz webpack-5.75.0.tgz #8
CVE-607537-903744

Path to dependency file: /src/Storefront/Resources/app/storefront/package.json

Path to vulnerable library: /src/Storefront/Resources/app/storefront/package.json

Dependency Hierarchy:

-> webpack-plugin-injector-1.0.7.tgz (Root Library)

   -> copy-webpack-plugin-5.1.2.tgz

     -> schema-utils-1.0.0.tgz

       -> ❌ ajv-6.12.6.tgz (Vulnerable Library)

Critical 9.8 Transitive ajv-6.12.6.tgz webpack-plugin-injector-1.0.7.tgz #4
CVE-402712-500231

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> http-signature-1.3.6.tgz

         -> sshpk-1.17.0.tgz

           -> ❌ dashdash-1.14.1.tgz (Vulnerable Library)

Critical 9.8 Transitive dashdash-1.14.1.tgz cypress-3.1.2.tgz None
CVE-295712-399081

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> http-signature-1.3.6.tgz

         -> sshpk-1.17.0.tgz

           -> ❌ asn1-0.2.6.tgz (Vulnerable Library)

Critical 9.8 Transitive asn1-0.2.6.tgz cypress-3.1.2.tgz None
CVE-2026-26996

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> test-utils-2.4.0.tgz (Root Library)

   -> js-beautify-1.14.6.tgz

     -> glob-8.1.0.tgz

       -> ❌ minimatch-5.1.9.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-5.1.9.tgz test-utils-2.4.0.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> test-utils-2.4.6.tgz (Root Library)

   -> js-beautify-1.15.4.tgz

     -> glob-10.5.0.tgz

       -> ❌ minimatch-9.0.9.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-9.0.9.tgz test-utils-2.4.6.tgz Transitive 10.2.1 None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2026-26996 minimatch-5.1.6.tgz
GHSA-8x6c-cv3v-vp6g cacheable-request-6.1.0.tgz
CVE-2022-25881 http-cache-semantics-4.1.0.tgz
CVE-2025-5889 brace-expansion-2.0.1.tgz
CVE-2025-26862 urllib3-2.2.3-py3-none-any.whl
GHSA-7fhm-mqm4-2wp7 minimist-0.0.8.tgz
CVE-2026-21441 urllib3-2.2.3-py3-none-any.whl
CVE-2021-41248 simplepeer-5.11.6.min.js
GHSA-6chw-6frg-f759 acorn-6.3.0.tgz
GHSA-7fhm-mqm4-2wp7 acorn-6.3.0.tgz
CVE-2025-50182 urllib3-2.2.3-py3-none-any.whl
GHSA-7fhm-mqm4-2wp7 minimist-1.2.0.tgz
CVE-2024-47081 requests-2.32.3-py3-none-any.whl
CVE-2025-66471 urllib3-2.2.3-py3-none-any.whl
CVE-2025-50181 urllib3-2.2.3-py3-none-any.whl

Base branch total remaining vulnerabilities: 235
Base branch commit: 1b8f1edc25bd7944b5e311b8c721e862ea8ac1c8


Total libraries scanned: 2413

Scan token: ccf7159d9fc943c49710975de19cccc2

View more details on Dev - Mend for GitHub.com