Update dependency flow-typed to v2.6.0 #9

Security Report

You have successfully remediated 18 vulnerabilities, but introduced 17 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue	Reachability
CVE-2025-25290 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> flow-typed-2.6.2.tgz (Root Library) -> rest-16.43.2.tgz -> ❌ request-5.6.3.tgz (Vulnerable Library)	Medium	5.3	`Transitive` request-5.6.3.tgz	flow-typed-2.6.2.tgz	`Transitive` 8.4.1	None	Unreachable
CVE-2025-25289 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> flow-typed-2.6.2.tgz (Root Library) -> rest-16.43.2.tgz -> request-5.6.3.tgz -> ❌ request-error-2.1.0.tgz (Vulnerable Library)	Medium	5.3	`Transitive` request-error-2.1.0.tgz	flow-typed-2.6.2.tgz	`Transitive` 5.1.1	None	Unreachable
CVE-2025-25289 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> flow-typed-2.6.2.tgz (Root Library) -> rest-16.43.2.tgz -> ❌ request-error-1.2.1.tgz (Vulnerable Library)	Medium	5.3	`Transitive` request-error-1.2.1.tgz	flow-typed-2.6.2.tgz	`Transitive` 5.1.1	None	Unreachable
CVE-2025-25288 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> flow-typed-2.6.2.tgz (Root Library) -> rest-16.43.2.tgz -> ❌ plugin-paginate-rest-1.1.2.tgz (Vulnerable Library)	Medium	5.3	`Transitive` plugin-paginate-rest-1.1.2.tgz	flow-typed-2.6.2.tgz	`Transitive` 9.2.2	None	Unreachable
CVE-2025-25285 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> flow-typed-2.6.2.tgz (Root Library) -> rest-16.43.2.tgz -> request-5.6.3.tgz -> ❌ endpoint-6.0.12.tgz (Vulnerable Library)	Medium	5.3	`Transitive` endpoint-6.0.12.tgz	flow-typed-2.6.2.tgz	`Transitive` @octokit/endpoint - 9.0.6,@octokit/endpoint - 10.1.3	None	Unreachable
CVE-289561-266276 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> jest-21.2.1.tgz (Root Library) -> jest-cli-21.2.1.tgz -> glob-7.1.4.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library)	Critical	9.8	`Transitive` inherits-2.0.4.tgz	jest-21.2.1.tgz		None
CVE-289561-266276 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> flow-typed-2.6.2.tgz (Root Library) -> got-8.3.2.tgz -> into-stream-3.1.0.tgz -> from2-2.3.0.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library)	Critical	9.8	`Transitive` inherits-2.0.4.tgz	flow-typed-2.6.2.tgz		None
CVE-289561-266276 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> apollo-server-express-2.5.0-alpha.0.tgz (Root Library) -> apollo-server-core-2.5.0-alpha.0.tgz -> sha.js-2.4.11.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library)	Critical	9.8	`Transitive` inherits-2.0.4.tgz	apollo-server-express-2.5.0-alpha.0.tgz		None
CVE-289561-266276 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> sw-precache-webpack-plugin-0.11.5.tgz (Root Library) -> del-3.0.0.tgz -> globby-6.1.0.tgz -> glob-7.1.4.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library)	Critical	9.8	`Transitive` inherits-2.0.4.tgz	sw-precache-webpack-plugin-0.11.5.tgz		None
CVE-289561-266276 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> pre-commit-1.2.2.tgz (Root Library) -> spawn-sync-1.0.15.tgz -> concat-stream-1.6.2.tgz -> readable-stream-2.3.6.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library)	Critical	9.8	`Transitive` inherits-2.0.4.tgz	pre-commit-1.2.2.tgz		None
CVE-289561-266276 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.3.tgz (Root Library) -> webpack-4.32.2.tgz -> terser-webpack-plugin-1.3.0.tgz -> cacache-11.3.2.tgz -> move-concurrently-1.0.1.tgz -> fs-write-stream-atomic-1.0.10.tgz -> readable-stream-2.3.6.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library)	Critical	9.8	`Transitive` inherits-2.0.4.tgz	backpack-core-0.8.3.tgz		None
CVE-289561-266276 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> web-push-3.3.5.tgz (Root Library) -> asn1.js-5.0.1.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library)	Critical	9.8	`Transitive` inherits-2.0.4.tgz	web-push-3.3.5.tgz		None
CVE-2026-26996 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> jest-21.2.1.tgz (Root Library) -> jest-cli-21.2.1.tgz -> jest-runtime-21.2.1.tgz -> babel-core-6.26.3.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)	High	7.5	`Transitive` minimatch-3.1.5.tgz	jest-21.2.1.tgz	`Transitive` 10.2.1	None
CVE-2026-26996 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> flow-typed-2.6.2.tgz (Root Library) -> glob-7.2.3.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)	High	7.5	`Transitive` minimatch-3.1.5.tgz	flow-typed-2.6.2.tgz	`Transitive` 10.2.1	None
CVE-2026-26996 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> sw-precache-webpack-plugin-0.11.5.tgz (Root Library) -> del-3.0.0.tgz -> globby-6.1.0.tgz -> glob-7.1.4.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)	High	7.5	`Transitive` minimatch-3.1.5.tgz	sw-precache-webpack-plugin-0.11.5.tgz	`Transitive` 10.2.1	None
CVE-2026-26996 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.3.tgz (Root Library) -> nodemon-1.19.1.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)	High	7.5	`Transitive` minimatch-3.1.5.tgz	backpack-core-0.8.3.tgz	`Transitive` 10.2.1	None
CVE-2024-21538 Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> flow-typed-2.6.2.tgz (Root Library) -> yargs-12.0.5.tgz -> os-locale-3.1.0.tgz -> execa-1.0.0.tgz -> ❌ cross-spawn-6.0.6.tgz (Vulnerable Library)	High	7.5	`Transitive` cross-spawn-6.0.6.tgz	flow-typed-2.6.2.tgz	`Transitive` https://github.com/moxystudio/node-cross-spawn.git - v7.0.5,https://github.com/moxystudio/node-cross-spawn.git - v6.0.6,org.webjars.npm:cross-spawn:6.0.6	None

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
GHSA-6chw-6frg-f759	acorn-6.1.1.tgz
GHSA-v2p6-4mp7-3r9v	underscore.string-2.4.0.tgz
GHSA-c3m8-x3cg-qm2c	helmet-csp-2.7.1.tgz
GHSA-7fhm-mqm4-2wp7	acorn-6.1.1.tgz
GHSA-pc5p-h8pf-mvwp	https-proxy-agent-2.2.1.tgz
GHSA-64g7-mvw6-v9qj	shelljs-0.8.3.tgz
CVE-2025-404142	buffers-0.1.1.tgz
GHSA-7fhm-mqm4-2wp7	minimist-0.0.8.tgz
GHSA-7wwv-vh3v-89cq	highlight.js-9.15.8.tgz
GHSA-7fhm-mqm4-2wp7	acorn-4.0.13.tgz
GHSA-w42g-7vfc-xf37	apollo-server-express-2.9.12.tgz
GHSA-8x6c-cv3v-vp6g	cacheable-request-2.1.4.tgz
GHSA-7fhm-mqm4-2wp7	minimist-1.2.0.tgz
GHSA-g95f-p29q-9xw4	braces-1.8.5.tgz
GHSA-7fhm-mqm4-2wp7	minimist-0.0.10.tgz
CVE-2022-25881	http-cache-semantics-3.8.1.tgz
GHSA-w42g-7vfc-xf37	apollo-server-express-2.5.0-alpha.0.tgz
GHSA-4xcv-9jjx-gfj3	mem-1.1.0.tgz

Base branch total remaining vulnerabilities: 278
Base branch commit: d8a4d1743dfb4e8c2596563c8b569bb9ec3f1892

Total libraries scanned: 1873

Scan token: f214390502b44c42a57dc936aa66f965

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency flow-typed to v2.6.0 #9

Uh oh!

Update dependency flow-typed to v2.6.0 #9

Uh oh!

Security Report

Re-running checks...

Update dependency flow-typed to v2.6.0 #9

Are you sure you want to change the base?

Update dependency flow-typed to v2.6.0

Uh oh!

Update dependency flow-typed to v2.6.0 #9

Uh oh!

Security Report

Re-running checks...