Skip to content

build(deps): bump form-data and fsevents in /examples/perf/compiler #164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

build(deps): bump form-data and fsevents in /examples/perf/compiler #164

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jul 22, 2025

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump form-data and fsevents in /examples/perf/compiler
7ba4c27 
---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 
  dependency-type: indirect
- dependency-name: fsevents
  dependency-version: 1.2.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 22, 2025
@ibcheckmarx
Copy link

ibcheckmarx commented Jul 22, 2025

Logo
Checkmarx One – Scan Summary & Details6a418355-63ca-4da4-8dda-d3b76941a5f6

New Issues (532)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
CRITICAL CVE-2017-16042 Npm-growl-1.9.2
detailsRecommended version: 1.10.0
Description: Growl adds growl notification support to nodejs. Growl before 1.10.0 does not properly sanitize input before passing it to exec, allowing for arbit...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: gDYJVJaRhr0SefjNkNEUvR5ZOSBJCjPgIZAVMagUGAw%3D
Vulnerable Package
CRITICAL CVE-2018-11499 Npm-node-sass-4.5.3
detailsDescription: A Use-After-Free vulnerability exists in "handle_error()" in "sass_context.cpp" in LibSass 3.4.x and 3.5.x through 3.5.5 that could be leveraged to...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: xE91d%2B6PZC5Gf%2FS9%2Buy9Fpkhmpj0Hu6Jp1%2BXW5%2B6qv4%3D
Vulnerable Package
CRITICAL CVE-2018-16492 Npm-extend-3.0.0
detailsRecommended version: 3.0.2
Description: A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.p...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: I17XN0nudIX7NM8auWlTfyVlIJtzX%2FBCY%2FgcSJqUZOc%3D
Vulnerable Package
CRITICAL CVE-2018-16492 Npm-extend-3.0.1
detailsRecommended version: 3.0.2
Description: A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.p...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: qxYZ2I1PkK0v%2F6ZX7K%2FdgFhBuz8AZXW1rflkwCZnLUI%3D
Vulnerable Package
CRITICAL CVE-2018-3739 Npm-https-proxy-agent-1.0.0
detailsRecommended version: 2.2.0
Description: https-proxy-agent before 2.2.0 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory ...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: Bn4U555scjQK6UuNGfeYygtxRWdFhlZM%2BvJgAds0JZ4%3D
Vulnerable Package
CRITICAL CVE-2018-3739 Npm-https-proxy-agent-2.1.0
detailsRecommended version: 2.2.0
Description: https-proxy-agent before 2.2.0 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory ...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: O6aY3w56TrUF58%2BsbRtrxCC67KuZiBVBcWB52bKfaFs%3D
Vulnerable Package
CRITICAL CVE-2018-3750 Npm-deep-extend-0.4.1
detailsRecommended version: 0.5.1
Description: The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attac...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: 7E2H3Ej7Z5CrVy7ksg9LqIwL1MoGLWhIF3sh3UoGr%2B4%3D
Vulnerable Package
CRITICAL CVE-2018-3750 Npm-deep-extend-0.4.2
detailsRecommended version: 0.5.1
Description: The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attac...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: q%2FBa3rhYpl8iVvyEDk%2B9UzvfXPP9TVGzeaOhXodjB98%3D
Vulnerable Package
CRITICAL CVE-2019-10747 Npm-set-value-0.4.3
detailsRecommended version: 2.0.1
Description: set-value is vulnerable to Prototype Pollution before 2.0.1 and 3.x before 3.0.1. The function mixin-deep could be tricked into adding or modifying...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: %2FdrkXCEspSi8NWnA2sUhPuecQyEhzeOMvtFaP0BgrnQ%3D
Vulnerable Package
CRITICAL CVE-2019-10747 Npm-set-value-2.0.0
detailsRecommended version: 2.0.1
Description: set-value is vulnerable to Prototype Pollution before 2.0.1 and 3.x before 3.0.1. The function mixin-deep could be tricked into adding or modifying...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: eUqnrujC68gdaXLKLejIGY2q8NDsP5y83G9%2FJZUT0%2Fs%3D
Vulnerable Package
CRITICAL CVE-2019-19919 Npm-handlebars-4.0.10
detailsRecommended version: 4.7.7
Description: Versions of handlebars prior to 3.0.8 and 4.x prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may ...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: Ln7HbO31WrI5DcZ5W07G80emNtg42CdCjjM3fvDpi8o%3D
Vulnerable Package
CRITICAL CVE-2019-19919 Npm-handlebars-4.1.2
detailsRecommended version: 4.7.7
Description: Versions of handlebars prior to 3.0.8 and 4.x prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may ...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: zVyQapjrn3IsDukwFctIk9oNgIP%2F3YHeRcAHyptOX%2B0%3D
Vulnerable Package
CRITICAL CVE-2020-7788 Npm-ini-1.3.5
detailsRecommended version: 1.3.6
Description: This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will p...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: o4NUd8p99JWVJMO6wM6CB%2Fkz3YV9S1gznMR818%2BXBAk%3D
Vulnerable Package
CRITICAL CVE-2020-7788 Npm-ini-1.3.4
detailsRecommended version: 1.3.6
Description: This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will p...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: UsDzIngPSZJhmbKtPa%2FcB8nnl4bWpnbBiX%2FurwgkIAM%3D
Vulnerable Package
CRITICAL CVE-2021-21353 Npm-pug-code-gen-2.0.0
detailsRecommended version: 3.0.3
Description: In pug-code-gen before version 2.0.3 and 3.x before 3.0.2, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. i...
Attack Vector: NETWORK
Attack Complexity: HIGH

ID: jimBhvadzGa10qL0jL5n%2Br6XhvdAhuCONdT0wcuR3IE%3D
Vulnerable Package
CRITICAL CVE-2021-23406 Npm-pac-resolver-2.0.0
detailsRecommended version: 5.0.0
Description: This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The f...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: 3r1fdHXJnB6Hc5oBW%2BQFz7hYHKjGupr2mso7mWLN16Q%3D
Vulnerable Package
CRITICAL CVE-2021-23406 Npm-degenerator-1.0.4
detailsRecommended version: 3.0.1
Description: This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The f...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: jLONZiAIYZ6vjX4WkjRAKlW%2FZmmWwJdT9KNGjdbf8JM%3D
Vulnerable Package
CRITICAL CVE-2021-23440 Npm-set-value-2.0.0
detailsRecommended version: 2.0.1
Description: This affects the package "set-value" prior to 2.0.1, prior to 3.0.3, and prior to 4.0.1. A Type Confusion vulnerability can lead to a bypass of CVE...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: FMlb%2BTEssYDV5KzQYzq7lg0QaqLfM7mn%2B%2F6eDFQQ85Q%3D
Vulnerable Package
CRITICAL CVE-2021-23440 Npm-set-value-0.4.3
detailsRecommended version: 2.0.1
Description: This affects the package "set-value" prior to 2.0.1, prior to 3.0.3, and prior to 4.0.1. A Type Confusion vulnerability can lead to a bypass of CVE...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: p4DKi5bJGUFlPw5govfTkkySOSYb38oQtrQjl6%2Bie5Y%3D
Vulnerable Package
CRITICAL CVE-2021-23555 Npm-vm2-3.5.0
detailsRecommended version: 3.9.6
Description: The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: 1rqMvIW6eYqMGPI2DT2Sg5LHXp8foaRRxc2HjE%2Bk7Gs%3D
Vulnerable Package
CRITICAL CVE-2021-23555 Npm-vm2-3.6.0
detailsRecommended version: 3.9.6
Description: The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: JeoZlLopEOkd7Sk8OUJ56mwim%2FwDDYG9h8RJq4HsAeg%3D
Vulnerable Package
CRITICAL CVE-2021-23807 Npm-jsonpointer-4.0.1
detailsRecommended version: 5.0.0
Description: A type confusion vulnerability in jsonpointer can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays. Th...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: %2FNzAr26LtyKYj4ohUplf9XrxO3xXlC2pDrIq8BgatqA%3D
Vulnerable Package
CRITICAL CVE-2021-28918 Npm-netmask-1.0.6
detailsRecommended version: 2.0.1
Description: Improper input validation of octal strings in netmask npm package up to 1.1.0 allows unauthenticated remote attackers to perform indeterminate SSRF...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: FX44wd2FAAvPw%2B4tCZ%2BF%2Bn2hy6JGGELmmNQd3%2BD4dy0%3D
Vulnerable Package
CRITICAL CVE-2021-31597 Npm-xmlhttprequest-ssl-1.5.5
detailsRecommended version: 1.6.2
Description: The xmlhttprequest-ssl package versions prior to 1.6.1 for Node.js disable SSL certificate validation by default. This occurs because the "rejectUn...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: OCNeUPTgm5CiR60rBhWOAPYyZjJhmHDdikr15yLb4QQ%3D
Vulnerable Package
CRITICAL CVE-2021-3918 Npm-json-schema-0.2.3
detailsRecommended version: 0.4.0
Description: json-schema before 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Attack Vector: NETWORK
Attack Complexity: LOW

ID: Yb0J%2FWkPc8bDebcoxSCW%2FxzSS50SWJLrP3ZsfzwBEzg%3D
Vulnerable Package
CRITICAL CVE-2021-42740 Npm-shell-quote-1.6.1
detailsRecommended version: 1.7.3
Description: The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex de...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: 2dYXMTgM%2FuodaBiTBQQRbZW8g52cKgRYUT2bYQ%2F0VSw%3D
Vulnerable Package
CRITICAL CVE-2022-0686 Npm-url-parse-1.1.9
detailsRecommended version: 1.5.9
Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: E%2F9Vzrukdh8wd7vYV2mWa6mTmCCZXXsARojHBAKW1sg%3D
Vulnerable Package
CRITICAL CVE-2022-0686 Npm-url-parse-1.4.4
detailsRecommended version: 1.5.9
Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: i1DwTITtOL6tc1caIPKvUo6Ktwlwa0w5%2BgK%2FIYLLZpE%3D
Vulnerable Package
CRITICAL CVE-2022-0686 Npm-url-parse-1.1.8
detailsRecommended version: 1.5.9
Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: iyJ2jlARholCh8jgjclCkQKmAXD5L8grhp1Dj0q71hA%3D
Vulnerable Package
CRITICAL CVE-2022-0686 Npm-url-parse-1.0.5
detailsRecommended version: 1.5.9
Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: N4mXHbsk%2Facruv9Y6%2FGq%2BXqgEZCkgcdPwNB8SnGfQpw%3D
Vulnerable Package
CRITICAL CVE-2022-0686 Npm-url-parse-1.4.7
detailsRecommended version: 1.5.9
Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: XARg0%2FIZziCe%2BKodXz3OUKhv72GqnInlMGH4KCcX8hQ%3D
Vulnerable Package
CRITICAL CVE-2022-0691 Npm-url-parse-1.4.7
detailsRecommended version: 1.5.9
Description: Authorization Bypass through User-Controlled Key in NPM url-parse versions 1.4.5 through 1.5.8. Bypasses "https://hackerone\.com/reports/496293" via...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: t6k2xSTfZy6SPqBzJrn0mtnrnXHosB%2FF%2Bbl9hcRQst0%3D
Vulnerable Package
CRITICAL CVE-2022-25893 Npm-vm2-3.6.0
detailsRecommended version: 3.9.10
Description: The package vm2 prior to 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the ''WeakMap.prototype.set'' me...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: JJdS8%2FGx71kaU5v1seg0HDoq3nsFEU7Bm0pfo7rf4U8%3D
Vulnerable Package
CRITICAL CVE-2022-25893 Npm-vm2-3.5.0
detailsRecommended version: 3.9.10
Description: The package vm2 prior to 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the ''WeakMap.prototype.set'' me...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: t5SsqqQrRDExuur57Hh5ewtZ%2FQ6dZIRmsP0kVIn5Hi4%3D
Vulnerable Package

More results are available on the CxOne platform

Fixed Issues (1)
Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
CRITICAL Cx29ea9bf3-a8eb Npm-macaddress-0.2.8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ibcheckmarx