Skip to content

chore(deps): update dependency glob to v7.0.4 #169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: electron-upgrade
Choose a base branch
from

chore(deps): update dependency glob to v7.0.4

c8648eb
Select commit
Loading
Failed to load commit list.
Open

chore(deps): update dependency glob to v7.0.4 #169

chore(deps): update dependency glob to v7.0.4
c8648eb
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Oct 27, 2025 in 6m 20s

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: npm. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

npm

/tmp/ws-scm/atom/spec/fixtures/packages/package-with-broken-package-json/package.json
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed Fail to run npm install:
npm error code EJSONPARSE
npm error JSON.parse Invalid package.json: JSONParseError: Unexpected token "I" (0x49), "INVALID
npm error JSON.parse " is not valid JSON while parsing 'INVALID
npm error JSON.parse '
npm error JSON.parse Failed to parse JSON data.
npm error JSON.parse Note: package.json must be actual JSON, not just JavaScript.
npm error
Resolving the project ❌Error Failure to perform the resolution operation due to an issue parsing a file Invalid package.json file: /tmp/ws-scm/atom/spec/fixtures/packages/package-with-broken-package-json/package.json

You have successfully remediated 21 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:
Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-893166-217151

Path to dependency file: /apm/package.json

Path to vulnerable library: /apm/package.json,/script/package.json,/package.json

Dependency Hierarchy:

-> settings-view-https://www.atom.io/api/packages/settings-view/versions/0.261.3/tarball.tgz (Root Library)

   -> request-2.88.0.tgz

     -> ❌ form-data-2.3.3.tgz (Vulnerable Library)

Critical 9.8 Transitive form-data-2.3.3.tgz settings-view-https://www.atom.io/api/packages/settings-view/versions/0.261.3/tarball.tgz #34
CVE-893166-217151

Path to dependency file: /apm/package.json

Path to vulnerable library: /apm/package.json,/script/package.json,/package.json

Dependency Hierarchy:

-> webdriverio-5.9.2.tgz (Root Library)

   -> webdriver-5.9.1.tgz

     -> request-2.87.0.tgz

       -> ❌ form-data-2.3.3.tgz (Vulnerable Library)

Critical 9.8 Transitive form-data-2.3.3.tgz webdriverio-5.9.2.tgz #47
CVE-893166-217151

Path to dependency file: /apm/package.json

Path to vulnerable library: /apm/package.json,/script/package.json,/package.json

Dependency Hierarchy:

-> atom-package-manager-2.6.5.tgz (Root Library)

   -> request-2.88.2.tgz

     -> ❌ form-data-2.3.3.tgz (Vulnerable Library)

Critical 9.8 Transitive form-data-2.3.3.tgz atom-package-manager-2.6.5.tgz #3
CVE-796484-931798

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> markdown-preview-https://www.atom.io/api/packages/markdown-preview/versions/0.160.2/tarball.tgz (Root Library)

   -> cheerio-1.0.0-rc.3.tgz

     -> ❌ lodash-4.17.15.tgz (Vulnerable Library)

Critical 9.8 Transitive lodash-4.17.15.tgz markdown-preview-https://www.atom.io/api/packages/markdown-preview/versions/0.160.2/tarball.tgz #13
CVE-796484-931798

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> github-https://www.atom.io/api/packages/github/versions/0.34.2/tarball.tgz (Root Library)

   -> babel7-transpiler-1.0.0-1.tgz

     -> core-7.8.7.tgz

       -> ❌ lodash-4.17.15.tgz (Vulnerable Library)

Critical 9.8 Transitive lodash-4.17.15.tgz github-https://www.atom.io/api/packages/github/versions/0.34.2/tarball.tgz #20
CVE-796484-931798

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> mocha-multi-reporters-1.1.7.tgz (Root Library)

   -> ❌ lodash-4.17.15.tgz (Vulnerable Library)

Critical 9.8 Transitive lodash-4.17.15.tgz mocha-multi-reporters-1.1.7.tgz #21

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
GHSA-xf5p-87ch-gxw2 marked-0.5.2.tgz
GHSA-8x6c-cv3v-vp6g cacheable-request-6.1.0.tgz
GHSA-2pr6-76vf-7546 js-yaml-3.6.1.tgz
GHSA-6chw-6frg-f759 acorn-5.7.3.tgz
GHSA-7fhm-mqm4-2wp7 minimist-1.1.3.tgz
GHSA-7fhm-mqm4-2wp7 minimist-0.0.8.tgz
GHSA-f7xj-rg7h-mc87 stylelint-9.3.0.tgz
GHSA-35jh-r3h4-6jhm lodash-4.17.11.tgz
GHSA-8x6c-cv3v-vp6g cacheable-request-2.1.4.tgz
GHSA-ch52-vgq2-943f marked-0.5.2.tgz
GHSA-7m7q-q53v-j47v marked-0.5.2.tgz
GHSA-8x6c-cv3v-vp6g cacheable-request-7.0.2.tgz
GHSA-8j8c-7jfh-h6hx js-yaml-3.6.1.tgz
GHSA-mjjq-c88q-qhr6 dompurify-1.0.11.tgz
GHSA-7fhm-mqm4-2wp7 acorn-5.7.3.tgz
GHSA-7fhm-mqm4-2wp7 minimist-1.2.0.tgz
GHSA-g95f-p29q-9xw4 braces-1.8.5.tgz
GHSA-7fhm-mqm4-2wp7 minimist-0.0.10.tgz
GHSA-7wwv-vh3v-89cq highlight.js-9.16.2.tgz
GHSA-xf5p-87ch-gxw2 marked-0.3.19.tgz
GHSA-ch52-vgq2-943f marked-0.6.3.tgz

Base branch total remaining vulnerabilities: 199
Base branch commit: 516d2ba6154c1452a1ee42314809c66edc833096


Total libraries scanned: 2251

Scan token: fa6967418adc4e9893cc33248581370d

View more details on Dev - Mend for GitHub.com