Bump fsevents from 1.0.15 to 1.2.13 #4

dependabot · 2023-10-09T21:45:54Z

Bumps fsevents from 1.0.15 to 1.2.13.

Release notes

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

v1.2.3

Added node v10 for pre-built binaries

C++ tuning to fix potential SIGILL and cyclic dependency (#204)

v1.2.2

Fixed node-pre-gyp bundling issue

v1.2.1

[unpublished because of errors during publish process]

v1.2.0

BREAKING: End support for Node v0.12. If you are using Node v0.12 please pin your fsevents dependencies to v1.1.3. Not bumping semver major for this release was a compromise solution discussed in #199 and #201.

Node v0.10 should continue to work with local compilation for now, but hosted pre-built binaries will no longer be provided. If this is a constraint for you, please pin to an earlier version.

Fixed security vulnerability warnings by updating node-pre-gyp to ^0.9.0

Compatibility updates for nan v2.9.0

v1.1.3

Added node v9 for pre-built binaries

Fixed bug related to using --no-bin-links option on install

Updated node-pre-gyp to latest version (0.6.39)

v1.1.2

Added Node.js v8 to the prebuild binary assets.

Stopped prebuilding for io.js (can still be built locally)

Updated node-pre-gyp to latest version (0.6.36)

v1.1.1

... (truncated)

Commits

844a05d Version Bump
f393f2a Only build fsevents on macOS (#322)
6a281a7 [publish binary]
acc2bce [publish binary]
f532b6e [publish binary]
4c6a1c0 Add node 13 to travis matrix.
92e40aa Release 1.2.12.
909af26 Release v1.2.11
7074adb Release v1.2.10
0a052f6 Node.js v12 support for v1.x (#274)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

ghost · 2025-11-06T17:18:56Z

@dependabot recreate

Bumps [fsevents](https://github.com/fsevents/fsevents) from 1.0.15 to 1.2.13. - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.0.15...v1.2.13) --- updated-dependencies: - dependency-name: fsevents dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

ImagineBuildBot · 2025-11-06T17:26:22Z

Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 1 vulnerabilities
0 High
1 Medium
0 Low
0 Info

Violation Summary

1 MEDIUM

View more details on Checkmarx UI

Cx-SAST Details

Click to see details

Lines	Severity	Category	File	Link
51	MEDIUM	Missing_HSTS_Header	dev-playground/server.js	Checkmarx

thomas-hayden · 2025-11-06T17:48:17Z

Checkmarx One – Scan Summary & Details – 5519fe0c-17e4-4f6f-9ce3-6c632e9bbc1c

New Issues (121)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2017-16042	Npm-growl-1.9.2	details Recommended version: 1.10.0 Description: Growl adds growl notification support to nodejs. Growl versions prior to 1.10.0 does not properly sanitize input before passing it to exec, allowin... Attack Vector: NETWORK Attack Complexity: LOW `ID: xHxAGqn%2BWL3oSPqJUrjbOije4RV5tw2mvm9sU3k49NA%3D` Vulnerable Package
CVE-2017-16226	Npm-static-eval-0.2.4	details Recommended version: 2.0.0 Description: The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions prior to 2.0.0, untrusted user input is able... Attack Vector: NETWORK Attack Complexity: LOW `ID: Siy7k4FSm%2FSVaCw1TOtOk1jlwoq2A6XcKWJ5EDaip2o%3D` Vulnerable Package
CVE-2018-16492	Npm-extend-3.0.0	details Recommended version: 3.0.2 Description: A Prototype Pollution vulnerability was found in module extend that allows an attacker to inject arbitrary properties onto "Object.Prototype". This... Attack Vector: NETWORK Attack Complexity: LOW `ID: R8C0uXbaRRdVwjJUxa2yZ1Uxq2PgDAfTRSFx%2F%2BYezLM%3D` Vulnerable Package
CVE-2018-3745	Npm-atob-1.1.3	details Recommended version: 2.1.0 Description: The package atob through 2.0.3 allocates uninitialized buffers when a number is passed in input on Node.js 4.x and below. Attack Vector: NETWORK Attack Complexity: LOW `ID: 8x0qBwdezrXzlBW7gDpsUtJDH5Rzv%2BD4uhd8QfUmys8%3D` Vulnerable Package
CVE-2019-10744	Npm-lodash-4.17.2	details Recommended version: 4.17.21 Description: A Prototype Pollution vulnerability was discovered in lodash prior to 4.17.12, in lodash.defaultsdeep prior to 4.6.1, and in @sailshq/lodash prior ... Attack Vector: NETWORK Attack Complexity: LOW `ID: 9QDItEArXNQJ74mpXroH97Wzjyci%2Fvx9W3BURi588Qk%3D` Vulnerable Package
CVE-2019-10744	Npm-lodash-3.7.0	details Recommended version: 4.17.21 Description: A Prototype Pollution vulnerability was discovered in lodash prior to 4.17.12, in lodash.defaultsdeep prior to 4.6.1, and in @sailshq/lodash prior ... Attack Vector: NETWORK Attack Complexity: LOW `ID: B3Fz87bwP5N9g4bJ4GvDFXgx76M9PNsXbYBvfHNKgpA%3D` Vulnerable Package
CVE-2019-10744	Npm-lodash-4.17.4	details Recommended version: 4.17.21 Description: A Prototype Pollution vulnerability was discovered in lodash prior to 4.17.12, in lodash.defaultsdeep prior to 4.6.1, and in @sailshq/lodash prior ... Attack Vector: NETWORK Attack Complexity: LOW `ID: c6sGo%2BkIHFW%2FgUn%2FsyIjgxML7GcErvS1QKWM%2B6EpBCs%3D` Vulnerable Package
CVE-2019-10744	Npm-lodash-1.0.2	details Recommended version: 4.17.21 Description: A Prototype Pollution vulnerability was discovered in lodash prior to 4.17.12, in lodash.defaultsdeep prior to 4.6.1, and in @sailshq/lodash prior ... Attack Vector: NETWORK Attack Complexity: LOW `ID: LaNKYLID4%2B3Tx063nDzmO5pxw5iFhhebeJff7EGxuf8%3D` Vulnerable Package
CVE-2020-7774	Npm-y18n-3.2.1	details Recommended version: 3.2.2 Description: This affects the package y18n versions prior to 3.2.2, 4.x prior to 4.0.1, 5.0.x prior to 5.0.5 and 6.0.0-alpha.0, are vulnerable to Prototype Poll... Attack Vector: NETWORK Attack Complexity: LOW `ID: OLPBuzLrffFh6EEkqtRf9QfdoNOQ5wzIr7BNElMJAAY%3D` Vulnerable Package
CVE-2020-7788	Npm-ini-1.3.4	details Recommended version: 1.3.6 Description: The package ini versions prior to 1.3.6 have a Prototype Pollution vulnerability. If an attacker submits a malicious INI file to an application tha... Attack Vector: NETWORK Attack Complexity: LOW `ID: xTdjZKwKXn7UwGpkEg1typCyO56mc9yYIQFt8ZnMaTI%3D` Vulnerable Package
CVE-2021-44906	Npm-minimist-0.0.8	details Recommended version: 0.2.4 Description: Minimist is vulnerable to Prototype Pollution via file "index.js", function "setKey()" (lines 69-95). This issue affects minimist versions prior t... Attack Vector: NETWORK Attack Complexity: LOW `ID: aHO8t80hp0KnVVZifMn%2F7%2BiM1qJezAvNYimq3cUHi84%3D` Vulnerable Package
CVE-2021-44906	Npm-minimist-1.2.0	details Recommended version: 1.2.6 Description: Minimist is vulnerable to Prototype Pollution via file "index.js", function "setKey()" (lines 69-95). This issue affects minimist versions prior t... Attack Vector: NETWORK Attack Complexity: LOW `ID: ZncsQMN8rxJWLCflbua8BOlstTlum3%2FospQ2h%2BxKH44%3D` Vulnerable Package
CVE-2022-37601	Npm-loader-utils-0.2.16	details Recommended version: 1.4.2 Description: Prototype Pollution Vulnerability present in the loader-utils package in the function 'parseQuery()' of 'parseQuery.js' file via the 'name' variabl... Attack Vector: NETWORK Attack Complexity: LOW `ID: 2i86cRtQYGDw8t2iteQCAXB1goiRLyf8oZMnV%2FR%2FxDY%3D` Vulnerable Package
CVE-2022-37601	Npm-loader-utils-1.0.2	details Recommended version: 1.4.2 Description: Prototype Pollution Vulnerability present in the loader-utils package in the function 'parseQuery()' of 'parseQuery.js' file via the 'name' variabl... Attack Vector: NETWORK Attack Complexity: LOW `ID: B3lhlXg2ymMeBjCiP%2BkBLwG3mzCZ8b2yZpotbGZwR0c%3D` Vulnerable Package
CVE-2024-40643	Npm-htmlparser2-3.8.3	details Recommended version: 5.0.0 Description: Joplin is a free, open-source note-taking and to-do application. Joplin fails to consider that "<" followed by a non-letter character will not be c... Attack Vector: NETWORK Attack Complexity: LOW `ID: iaAAcPyoSpkA3%2Fv%2Fu3FgcksmutgvMAkXCe%2BEF36IYNo%3D` Vulnerable Package
CVE-2024-42461	Npm-elliptic-6.4.0	details Recommended version: 6.6.1 Description: In the elliptic package, "ECDSA" signature malleability occurs because "BER-encoded" signatures are allowed which leads to Improper Verification of... Attack Vector: NETWORK Attack Complexity: LOW `ID: bI82JKLWTSxJuppQ5BXO7g5n7jq5%2FD2juzfkQMfyVjQ%3D` Vulnerable Package
CVE-2024-48949	Npm-elliptic-6.4.0	details Recommended version: 6.6.1 Description: The verify function in "lib/elliptic/eddsa/index.js" in the Elliptic versions 4.0.0 through 6.5.5 for Node.js omits "sig.S().gte(sig.eddsa.curve.n)... Attack Vector: NETWORK Attack Complexity: LOW `ID: DH%2F%2FM1ltSPnbQ%2BXf6vMJnMnj%2BKCbEAe9FqJyC504oTw%3D` Vulnerable Package
CVE-2025-6547	Npm-pbkdf2-3.0.9	details Recommended version: 3.1.3 Description: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This issue affects versions through 3.1.2. Attack Vector: NETWORK Attack Complexity: HIGH `ID: fhkAre2BRuDl7oNN8iv2uHrnzyX%2B80KpAXflfQZZjYI%3D` Vulnerable Package
CVE-2025-9287	Npm-cipher-base-1.0.3	details Recommended version: 1.0.5 Description: Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation. This issue affects versions through 1.0.4. Attack Vector: NETWORK Attack Complexity: HIGH `ID: 4Nki1NAqPiNu8H%2FrDO6WCs8V0k3ct3J22jzgEEl%2FzCE%3D` Vulnerable Package
CVE-2025-9288	Npm-sha.js-2.4.8	details Recommended version: 2.4.12 Description: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js through 2.4.11. Attack Vector: NETWORK Attack Complexity: HIGH `ID: DWi0uPRV8jFWNrHr8bvv4lvHEYljE6S36%2FKL3MizNa4%3D` Vulnerable Package
CVE-2025-9288	Npm-sha.js-2.2.6	details Recommended version: 2.4.12 Description: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js through 2.4.11. Attack Vector: NETWORK Attack Complexity: HIGH `ID: xmTq9ZMo3OhbxCm%2FbmcMsr47A%2BrsbasvbEOKSoXmvXk%3D` Vulnerable Package
Cx88b46a98-47a5	Npm-elliptic-6.4.0	details Recommended version: 6.6.1 Description: The elliptic package is a plain JavaScript implementation of elliptic-curve cryptography. Versions of elliptic package prior to 6.6.1 are vulnerabl... Attack Vector: NETWORK Attack Complexity: LOW `ID: hxJu64E6PllN4b7%2B9bGH0LkD9i8upu0H1GvPPPaeavY%3D` Vulnerable Package
Cxbf5cb5f8-f150	Npm-lodash.merge-4.6.0	details Recommended version: 4.6.2 Description: The package `lodash.merge` versions prior to 4.6.2 are vulnerable to Prototype Pollution. The function `merge` may allow a malicious user to modify... Attack Vector: NETWORK Attack Complexity: LOW `ID: ZtWczYCi3CwOCBvrx13LS0UpABuDyJoXCpuT42Q%2Fka8%3D` Vulnerable Package
CVE-2016-10540	Npm-minimatch-0.2.14	details Recommended version: 3.0.5 Description: Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatc... Attack Vector: NETWORK Attack Complexity: LOW `ID: BUbH3HJFPCYHm0K4C%2BW%2FuXEOoeQg0dGvkJVD%2FjS%2FrEY%3D` Vulnerable Package
CVE-2016-10540	Npm-minimatch-2.0.10	details Recommended version: 3.0.5 Description: Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatc... Attack Vector: NETWORK Attack Complexity: LOW `ID: C8Tq9GFyVMEmcAYb1BGDd%2FFZM%2F8qFXNdv7ndlRo6VOI%3D` Vulnerable Package
CVE-2017-1000048	Npm-qs-6.2.0	details Recommended version: 6.2.4 Description: the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil r... Attack Vector: NETWORK Attack Complexity: LOW `ID: S38JWhKqZjlvthcnCX1GxSgInVcyLmaO7NVmo%2BmqKiA%3D` Vulnerable Package
CVE-2017-16032	Npm-brace-expansion-1.1.6	details Recommended version: 1.1.12 Description: Brace-expansion is vulnerable to a Regular Expression Denial of Service (ReDoS) condition in versions prior to 1.1.7. Attack Vector: NETWORK Attack Complexity: LOW `ID: WqNPrWoA%2F4xvgBMRJD02lphAQf5qymNFHAbBS9Cv1TU%3D` Vulnerable Package
CVE-2017-16118	Npm-forwarded-0.1.0	details Recommended version: 0.1.2 Description: The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of s... Attack Vector: NETWORK Attack Complexity: LOW `ID: xezBRa3lnch2JNcovzIkOCE56shwfp%2FAcSn8GMEw%2Fis%3D` Vulnerable Package
CVE-2017-16119	Npm-fresh-0.3.0	details Recommended version: 0.5.2 Description: Fresh is a module used by the Express.js framework for HTTP response freshness testing. Prior to v0.5.2 it is vulnerable to a regular expression de... Attack Vector: NETWORK Attack Complexity: LOW `ID: SS%2BOgNO5MUFE2LZs6nrnIMLtjA8Jrz8Un84IM215V7w%3D` Vulnerable Package
CVE-2017-16138	Npm-mime-1.3.4	details Recommended version: 1.4.1 Description: The mime module < 1.4.1 and 2.0.0 through 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted ... Attack Vector: NETWORK Attack Complexity: LOW `ID: nOQ6G8A%2B3SAu%2F1SmY0a%2FbWt6ni72DUbSiuq3QRs56eA%3D` Vulnerable Package
CVE-2017-18077	Npm-brace-expansion-1.1.6	details Recommended version: 1.1.12 Description: index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argume... Attack Vector: NETWORK Attack Complexity: LOW `ID: LA8Xt%2BWTKhAiXrFN89s%2BxUG9pJKpIlSo%2FXSUMcBg5Lk%3D` Vulnerable Package
CVE-2020-13822	Npm-elliptic-6.4.0	details Recommended version: 6.6.1 Description: The Elliptic package up to 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflo... Attack Vector: NETWORK Attack Complexity: HIGH `ID: YEXEk5VrREHDMhZW5B8pvVwqF9AxR0ptIUchfF0Vb%2BA%3D` Vulnerable Package
CVE-2020-28469	Npm-glob-parent-2.0.0	details Recommended version: 5.1.2 Description: In glob-parent prior to 5.1.2 the way that the `enclosure` regex in `index.js` is defined could allow an attacker to exploit it, and cause a Denial... Attack Vector: NETWORK Attack Complexity: LOW `ID: wW%2FS0cD05Wec6cvGa1hH7vaal3jbsPe%2BKHaVPq70J28%3D` Vulnerable Package
CVE-2020-8203	Npm-lodash-1.0.2	details Recommended version: 4.17.21 Description: Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Attack Vector: NETWORK Attack Complexity: HIGH `ID: 1HEmsxR8WPtOO0bGEjT3MEEANWxsCQE%2FBY%2BBel1K5QI%3D` Vulnerable Package
CVE-2020-8203	Npm-lodash-3.7.0	details Recommended version: 4.17.21 Description: Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Attack Vector: NETWORK Attack Complexity: HIGH `ID: GhH2QBTroQM7pDV9wAfzqILfL63UK7EjILI%2Bw4Ek1ig%3D` Vulnerable Package
CVE-2020-8203	Npm-lodash-4.17.2	details Recommended version: 4.17.21 Description: Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Attack Vector: NETWORK Attack Complexity: HIGH `ID: vt9FZc0seHxI3fpPR%2Fi9MyDjmA7dVljxjxUydsMr8zo%3D` Vulnerable Package
CVE-2020-8203	Npm-lodash-4.17.4	details Recommended version: 4.17.21 Description: Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Attack Vector: NETWORK Attack Complexity: HIGH `ID: wUUhVGydW4jT3ZHGzldgOE7uosdFIpV%2FPH4S5hlGdt8%3D` Vulnerable Package
CVE-2021-23337	Npm-lodash-1.0.2	details Recommended version: 4.17.21 Description: lodash and lodash-es prior to 4.17.21, are vulnerable to Command Injection via the "template" function. lodash.template versions are vulnerable, too. Attack Vector: NETWORK Attack Complexity: LOW `ID: 2OWGM4cXh%2FjjBtwdLb0Sv3LBBcrpmufLlGPb%2FzdqHX4%3D` Vulnerable Package
CVE-2021-23337	Npm-lodash.template-3.6.2	details Description: lodash and lodash-es prior to 4.17.21, are vulnerable to Command Injection via the "template" function. lodash.template versions are vulnerable, too. Attack Vector: NETWORK Attack Complexity: LOW `ID: eSmi4f1432BV8R4IdICI5eRHo1d%2FD2KUgLDbmcZ%2BCR0%3D` Vulnerable Package
CVE-2021-23337	Npm-lodash-4.17.4	details Recommended version: 4.17.21 Description: lodash and lodash-es prior to 4.17.21, are vulnerable to Command Injection via the "template" function. lodash.template versions are vulnerable, too. Attack Vector: NETWORK Attack Complexity: LOW `ID: EU7F%2B5QmKl4EuiADL%2BwUVt4bP%2FOrYffjZVRJOkEGxDg%3D` Vulnerable Package
CVE-2021-23337	Npm-lodash-4.17.2	details Recommended version: 4.17.21 Description: lodash and lodash-es prior to 4.17.21, are vulnerable to Command Injection via the "template" function. lodash.template versions are vulnerable, too. Attack Vector: NETWORK Attack Complexity: LOW `ID: jXckavSg1WUHL6nvn60Nk2MfcHA5YYfyyzrRVSx94E0%3D` Vulnerable Package
CVE-2021-23337	Npm-lodash-3.7.0	details Recommended version: 4.17.21 Description: lodash and lodash-es prior to 4.17.21, are vulnerable to Command Injection via the "template" function. lodash.template versions are vulnerable, too. Attack Vector: NETWORK Attack Complexity: LOW `ID: o9yh5GXZvpntG%2B5hNQXbE4F%2BbNRumVrFatp%2FfvA4Hxk%3D` Vulnerable Package
CVE-2021-3807	Npm-ansi-regex-2.0.0	details Recommended version: 3.0.1 Description: The package ansi-regex versions 3.x prior to 3.0.1, 4.x prior to 4.1.1, 5.x prior to 5.0.1 and 6.0.x prior to 6.0.1 is vulnerable to Inefficient Re... Attack Vector: NETWORK Attack Complexity: LOW `ID: 4sZS6AZGmQgak9l1%2Bs%2BdkqH7GvSsEHvOgnhv8UxfI8Q%3D` Vulnerable Package
CVE-2021-43138	Npm-async-2.1.5	details Recommended version: 2.6.4 Description: In Async versions 2.0.0-rc.6 prior to 2.6.4, and 3.x prior to 3.2.2, a malicious user can obtain privileges via the "mapValues()" method, aka "lib/... Attack Vector: LOCAL Attack Complexity: LOW `ID: q1txjv%2FWBoNapoixM44lpYsQ28Z5Y2HsGsy0gpFU4As%3D` Vulnerable Package
CVE-2022-0144	Npm-shelljs-0.3.0	details Recommended version: 0.8.5 Description: shelljs prior to 0.8.5 is vulnerable to Improper Privilege Management. Attack Vector: LOCAL Attack Complexity: LOW `ID: s88uFzbQW5io24lk%2BHH6M88PKgMwFwAEhVdE2MsCavs%3D` Vulnerable Package
CVE-2022-21803	Npm-nconf-0.6.9	details Recommended version: 0.11.4 Description: This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configurati... Attack Vector: NETWORK Attack Complexity: LOW `ID: jb9SAg4ylKn%2F0swPI%2BJjweR2Xw8a88ENhDs84gKoWFA%3D` Vulnerable Package
CVE-2022-24999	Npm-qs-6.2.0	details Recommended version: 6.2.4 Description: The qs package as used in Express through 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application becau... Attack Vector: NETWORK Attack Complexity: LOW `ID: zH5myMr6vRm4U3%2FnP0Ksg02swN2opVnh7HA7V8XY1Ok%3D` Vulnerable Package
CVE-2022-25883	Npm-semver-5.3.0	details Recommended version: 5.7.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW `ID: OKw3sVwUTD1hePYrJaDLeLjlQ0QTv5rD7CaoHg%2Flr%2BA%3D` Vulnerable Package
CVE-2022-25883	Npm-semver-4.3.6	details Recommended version: 5.7.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW `ID: OvWgsEvx8CcL3jjnoHOdP4sQBGrLm21vGj5jRff3rcA%3D` Vulnerable Package
CVE-2022-3517	Npm-minimatch-2.0.10	details Recommended version: 3.0.5 Description: A vulnerability was found in the minimatch package versions prior to 3.0.5. This flaw allows a Regular Expression Denial of Service (ReDoS) when ca... Attack Vector: NETWORK Attack Complexity: LOW `ID: AVBXA4WPgn6y3%2F9a45RYlZuc3%2BDf7mlO%2BWLJEkEYRY8%3D` Vulnerable Package
CVE-2022-3517	Npm-minimatch-3.0.3	details Recommended version: 3.0.5 Description: A vulnerability was found in the minimatch package versions prior to 3.0.5. This flaw allows a Regular Expression Denial of Service (ReDoS) when ca... Attack Vector: NETWORK Attack Complexity: LOW `ID: eSdj31qvvrIwXPIv3NVffk731Et5OR1ZMoajrD0tsxc%3D` Vulnerable Package
CVE-2022-3517	Npm-minimatch-0.2.14	details Recommended version: 3.0.5 Description: A vulnerability was found in the minimatch package versions prior to 3.0.5. This flaw allows a Regular Expression Denial of Service (ReDoS) when ca... Attack Vector: NETWORK Attack Complexity: LOW `ID: N2YhmDqGcCOSX3Gh6R0WJE6FuM9tYYfAxupIylkSBrc%3D` Vulnerable Package
CVE-2022-37599	Npm-loader-utils-1.0.2	details Recommended version: 1.4.2 Description: A Regular expression Denial of Service (ReDoS) flaw was found in loader-utils versions 1.0.0 through 1.4.1, 2.0.0 through 2.0.3, and 3.0.0 through ... Attack Vector: NETWORK Attack Complexity: LOW `ID: YREb5XcabPNnZZKdOBoEsvmV81VyUTEEnxbO1ma7y%2BM%3D` Vulnerable Package
CVE-2022-37603	Npm-loader-utils-1.0.2	details Recommended version: 1.4.2 Description: A Regular expression Denial of Service (ReDoS) flaw was found in loader-utils versions 1.0.0 through 1.4.1, 2.0.0 through 2.0.3, and 3.0.0 through ... Attack Vector: NETWORK Attack Complexity: LOW `ID: poq%2B0WgmFfOxiJTvB9fywMwj0DaCGk8kaIFnP98F3gw%3D` Vulnerable Package
CVE-2022-46175	Npm-json5-0.5.1	details Recommended version: 1.0.2 Description: JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` met... Attack Vector: NETWORK Attack Complexity: LOW `ID: Q0n3XkicZw3HCyNr2Q9gcDO2FaBsR6TYo2gjDUKt%2FDw%3D` Vulnerable Package
CVE-2023-46234	Npm-browserify-sign-4.0.0	details Recommended version: 4.2.2 Description: The browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's wor... Attack Vector: NETWORK Attack Complexity: LOW `ID: r9y8m19qkdXyZaiKQReBV9yJkJD1nxyStno6zRmaTYU%3D` Vulnerable Package
CVE-2024-4068	Npm-braces-1.8.5	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW `ID: fXOEQuZ9JbEbZZjW5AM9V07Bbzf5zo%2BJ6KV1yn6I688%3D` Vulnerable Package
CVE-2024-45296	Npm-path-to-regexp-0.1.7	details Recommended version: 0.1.12 Description: The path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be explo... Attack Vector: NETWORK Attack Complexity: LOW `ID: 2eDjfp1z03p2b%2B4oAMNuo%2Fcbj69gjUuRXuk%2BZVnC1oc%3D` Vulnerable Package
CVE-2024-45296	Npm-path-to-regexp-1.7.0	details Recommended version: 1.9.0 Description: The path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be explo... Attack Vector: NETWORK Attack Complexity: LOW `ID: CrNUIBWEihgj7w6pWR06EnJIoQ0h73HU6HLQiDv6qOI%3D` Vulnerable Package
CVE-2024-45590	Npm-body-parser-1.15.2	details Recommended version: 1.20.3 Description: The body-parser is Node.js body parsing middleware. The body-parser package versions prior to 1.20.3 and 2.0.x prior to 2.0.0 are vulnerable to Den... Attack Vector: NETWORK Attack Complexity: LOW `ID: eMsDmsKpM8SNhjbqCHCPxaWX4WTKKd3zxfnWHmMUBtA%3D` Vulnerable Package
CVE-2024-52798	Npm-path-to-regexp-0.1.7	details Recommended version: 0.1.12 Description: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploit... Attack Vector: NETWORK Attack Complexity: LOW `ID: 39J6CQZ2PNyzjqg%2FO3pxQwXr5V6GVQGHcAhzJW6xi08%3D` Vulnerable Package
Cx0b414307-5d4b	Npm-lodash-3.7.0	details Recommended version: 4.17.21 Description: Prototype Pollution vulnerability in lodash before 4.17.19. Attack Vector: NETWORK Attack Complexity: LOW `ID: 6nchyEpmy97huhEiCJYF1TpSTVDRKgKAKV%2FlYQA4WZc%3D` Vulnerable Package
Cx0b414307-5d4b	Npm-lodash-4.17.2	details Recommended version: 4.17.21 Description: Prototype Pollution vulnerability in lodash before 4.17.19. Attack Vector: NETWORK Attack Complexity: LOW `ID: bEOiCaYEpXaPsZkAdemerq312kxLwKgsFs5HLn76jiE%3D` Vulnerable Package
Cx0b414307-5d4b	Npm-lodash-4.17.4	details Recommended version: 4.17.21 Description: Prototype Pollution vulnerability in lodash before 4.17.19. Attack Vector: NETWORK Attack Complexity: LOW `ID: o7oZvdxrauq%2F83V2EpJv0B2xnxefJaHDmxYeUgEMWNY%3D` Vulnerable Package
Cx0b414307-5d4b	Npm-lodash-1.0.2	details Recommended version: 4.17.21 Description: Prototype Pollution vulnerability in lodash before 4.17.19. Attack Vector: NETWORK Attack Complexity: LOW `ID: %2BtiKRzCGjnNq8pQQg%2FFri6oPV5WSn26u1p1rizgBtGs%3D` Vulnerable Package
Cx17c4a5a4-deb7	Npm-diff-3.2.0	details Recommended version: 3.5.0 Description: A vulnerability was found in diff versions 2.1.0 through 3.4.0. The affected versions of this package are vulnerable to Regular Expression Denial o... Attack Vector: NETWORK Attack Complexity: HIGH `ID: UTfSW9Az9G5l5RZqmv%2FPENfkFxHX%2Bw73UB00LYwmi6k%3D` Vulnerable Package
Cx2d55b83a-7aa0	Npm-braces-1.8.5	details Recommended version: 3.0.3 Description: Braces is vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular ex... Attack Vector: NETWORK Attack Complexity: LOW `ID: Fs7mu3bLYWXdUl3cV7qS2t1CC%2BCARRbun%2F2JNFCXQ2w%3D` Vulnerable Package
Cx34b3ce3e-de98	Npm-concat-with-sourcemaps-1.0.4	details Recommended version: 1.0.6 Description: `concat-with-sourcemaps` before 1.0.6 allocates uninitialized Buffers when number is passed as a separator. Attack Vector: NETWORK Attack Complexity: HIGH `ID: SlJxyhEoy4%2FMAZV6AmlnxTj5RRrOSkG4cfD24rbTm%2F0%3D` Vulnerable Package
Cx3f1b0502-ac0d	Npm-console-browserify-1.1.0	details Recommended version: 1.2.0 Description: The package console-browserify before 1.2.0 is vulnerable to memory leak. The timeEnd() function doesn't delete the `label` property of `times` obj... Attack Vector: NETWORK Attack Complexity: LOW `ID: cxOcUj7bwYZWAXOXiZSAdHOMhdNTCBN7xEBYxldQAuw%3D` Vulnerable Package
Cx7728c610-7702	Npm-acorn-4.0.3	details Recommended version: 5.7.4 Description: acorn before 5.7.4, 6.x before 6.4.1 and 7.x before 7.1.1 is vulnerable to Regular Expression Denial of Service. A regex in the form of /[x-\ud800]... Attack Vector: NETWORK Attack Complexity: LOW `ID: hX3Km0JyDDyS37ZfBbBIsa2xsrOi%2BFmWll4Klhss0Fc%3D` Vulnerable Package
Cx7728c610-7702	Npm-acorn-1.2.2	details Recommended version: 5.7.4 Description: acorn before 5.7.4, 6.x before 6.4.1 and 7.x before 7.1.1 is vulnerable to Regular Expression Denial of Service. A regex in the form of /[x-\ud800]... Attack Vector: NETWORK Attack Complexity: LOW `ID: SK9e2THI7PLwUi2IdNHWVoz6%2F4P5ClpWxh0DqV9Ge9M%3D` Vulnerable Package
Cx7728c610-7702	Npm-acorn-5.0.3	details Recommended version: 5.7.4 Description: acorn before 5.7.4, 6.x before 6.4.1 and 7.x before 7.1.1 is vulnerable to Regular Expression Denial of Service. A regex in the form of /[x-\ud800]... Attack Vector: NETWORK Attack Complexity: LOW `ID: UwIIBODtJbguNNY0BVPhU8lD858ysqPemH7mfq4BCOU%3D` Vulnerable Package
Cx7728c610-7702	Npm-acorn-3.3.0	details Recommended version: 5.7.4 Description: acorn before 5.7.4, 6.x before 6.4.1 and 7.x before 7.1.1 is vulnerable to Regular Expression Denial of Service. A regex in the form of /[x-\ud800]... Attack Vector: NETWORK Attack Complexity: LOW `ID: zTd2dv6pswzeLqMhMEzFq0JrdIcG4zpXurN2tE4MohE%3D` Vulnerable Package
Cxb3ca64d2-9cd1	Npm-mocha-3.3.0	details Recommended version: 10.1.0 Description: The package `mocha`is vulnerable to Regular Expression Denial of Service (ReDoS). The function `clean` in `utils.js` can make the server unavailabl... Attack Vector: NETWORK Attack Complexity: LOW `ID: Nift13WIWP4EuRgKXuAJwo%2Fp8O8nvHj1IzHbrfmE1WQ%3D` Vulnerable Package
Cxdca8e59f-8bfe	Npm-inflight-1.0.6	details Description: In NPM `inflight` there is a Memory Leak because some resources are not freed correctly after being used. It appears to affect all versions, as the... Attack Vector: NETWORK Attack Complexity: LOW `ID: Lt8pHW5GBAVNKPDmPeguBwhYg4Q9zxskyTnoiWOV%2F5o%3D` Vulnerable Package
Cxe299c2b0-ccc8	Npm-domutils-1.5.1	details Recommended version: 1.6.0 Description: Domutils before version 1.6.0 is vulnerable to stack overflow. The function findAll in the file querying.js uses a recursive method to find element... Attack Vector: NETWORK Attack Complexity: LOW `ID: ML3bSznPJSFLd4mlSG9gyFR%2FKErT5sKa01ndlel3KGE%3D` Vulnerable Package
CVE-2017-16028	Npm-randomatic-1.1.5	details Recommended version: 3.0.0 Description: react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. In versions before 3.0.0 the oauth Random Token is gene... Attack Vector: NETWORK Attack Complexity: LOW `ID: TpQHHEoSDMgZbP8xtvQF04DAHMmVjTx5DoITN1tf20Y%3D` Vulnerable Package
CVE-2017-16137	Npm-debug-2.2.0	details Recommended version: 4.4.0 Description: The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50... Attack Vector: NETWORK Attack Complexity: LOW `ID: 4MYHl3xnL3w0wlEt9sjKJQikN7yDSgFYEhIkpR3xcLo%3D` Vulnerable Package
CVE-2017-16137	Npm-debug-2.6.0	details Recommended version: 4.4.0 Description: The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50... Attack Vector: NETWORK Attack Complexity: LOW `ID: mSuR6nQLwrwKE1KfH0hp25lQI67RVqESB0nuoaEO1%2BA%3D` Vulnerable Package
CVE-2017-20162	Npm-ms-0.7.2	details Recommended version: 2.0.0 Description: A vulnerability was found in vercel ms prior to 2.0.0, which was classified as problematic. This issue affects the function "parse" of the file "in... Attack Vector: NETWORK Attack Complexity: LOW `ID: oBVhQQj3sAQH15aHXArIMon8Q6BWQQ3XxCTbUVt9OKI%3D` Vulnerable Package
CVE-2017-20162	Npm-ms-0.7.1	details Recommended version: 2.0.0 Description: A vulnerability was found in vercel ms prior to 2.0.0, which was classified as problematic. This issue affects the function "parse" of the file "in... Attack Vector: NETWORK Attack Complexity: LOW `ID: yhqkSy7d6sApmUPMN5p0c9NIjZpPih5JUquWAcwbUB8%3D` Vulnerable Package
CVE-2018-1109	Npm-braces-1.8.5	details Recommended version: 3.0.3 Description: A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Servi... Attack Vector: NETWORK Attack Complexity: LOW `ID: AyeMQM%2BQ8jzAXru00QmuVmixAd64GDOBia4fqodYrh4%3D` Vulnerable Package
CVE-2018-16487	Npm-lodash-1.0.2	details Recommended version: 4.17.21 Description: A prototype pollution vulnerability was found in lodash where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modify... Attack Vector: NETWORK Attack Complexity: HIGH `ID: %2Fbi9fDcyDSNNqiS09Dx%2F27bP%2F3F%2FNGlIbstC9XDOHgQ%3D` Vulnerable Package
CVE-2018-16487	Npm-lodash-3.7.0	details Recommended version: 4.17.21 Description: A prototype pollution vulnerability was found in lodash where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modify... Attack Vector: NETWORK Attack Complexity: HIGH `ID: KII6AUyKvFFWg99tOIrx2%2FyoUKJUEbqA1cddkSvFVdw%3D` Vulnerable Package

More results are available on the CxOne platform

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

dependabot bot added the dependencies This pull request has dependencies. label Oct 9, 2023

dependabot bot force-pushed the dependabot/npm_and_yarn/fsevents-1.2.13 branch from fb0faed to c4264ed Compare November 6, 2025 17:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump fsevents from 1.0.15 to 1.2.13 #4

Bump fsevents from 1.0.15 to 1.2.13 #4

Uh oh!

dependabot bot commented on behalf of github Oct 9, 2023 •

edited

Loading

Uh oh!

ghost commented Nov 6, 2025

Uh oh!

ImagineBuildBot commented Nov 6, 2025

Uh oh!

thomas-hayden commented Nov 6, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Bump fsevents from 1.0.15 to 1.2.13 #4

Are you sure you want to change the base?

Bump fsevents from 1.0.15 to 1.2.13 #4

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 9, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release v1.2.13

Release v1.2.11

Intermediate Release

Release v1.2.9 - Node v12 compatibility

Release Pre-NAPI v1.2.8

Version Bump (bundle node-pre-gyp)

Prebuilt v11.x

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

Uh oh!

ghost commented Nov 6, 2025

Uh oh!

ImagineBuildBot commented Nov 6, 2025

Cx-SAST Summary

Violation Summary

Cx-SAST Details

Uh oh!

thomas-hayden commented Nov 6, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

dependabot bot commented on behalf of github Oct 9, 2023 •

edited

Loading