chore(deps-dev): bump mocha from 10.8.2 to 11.7.4 #9133

dependabot · 2025-10-02T03:05:38Z

Bumps mocha from 10.8.2 to 11.7.4.

Release notes

v11.7.4

11.7.4 (2025-10-01)

🩹 Fixes

watch mode using chokidar v4 (#5379) (c2667c3)

📚 Documentation

migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

remove trailing spaces (#5475) (7f68e5c)

v11.7.3

11.7.3 (2025-09-30)

🩹 Fixes

use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

add security escalation policy (#5466) (4122c7d)

fix duplicate global leak documentation (#5461) (1164b9d)

migrate third party UIs wiki page to docs (#5434) (6654704)

update maintainer release notes for release-please (#5453) (185ae1e)

🤖 Automation

deps: bump actions/setup-node in the github-actions group (#5459) (48c6f40)

v11.7.2

11.7.2 (2025-09-01)

🩹 Fixes

fail with an informative error message on a file with a broken default import (#5413) (b0e6135)

load mjs files correctly (#5429) (a947b9b)

📚 Documentation

... (truncated)

Changelog

Sourced from mocha's changelog.

11.7.4 (2025-10-01)

🩹 Fixes

watch mode using chokidar v4 (#5379) (c2667c3)

📚 Documentation

migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

remove trailing spaces (#5475) (7f68e5c)

11.7.3 (2025-09-30)

🩹 Fixes

use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

add security escalation policy (#5466) (4122c7d)

fix duplicate global leak documentation (#5461) (1164b9d)

migrate third party UIs wiki page to docs (#5434) (6654704)

update maintainer release notes for release-please (#5453) (185ae1e)

🤖 Automation

deps: bump actions/setup-node in the github-actions group (#5459) (48c6f40)

11.7.2 (2025-09-01)

🩹 Fixes

fail with an informative error message on a file with a broken default import (#5413) (b0e6135)

load mjs files correctly (#5429) (a947b9b)

📚 Documentation

add banner from old site to new site, link from new to old (#5414) (dedef11)

add info on spies to legacy docs (#5421) (21f5544)

... (truncated)

Commits

8649f39 chore(main): release 11.7.4 (#5473)
c2667c3 fix: watch mode using chokidar v4 (#5379)
7f68e5c chore: remove trailing spaces (#5475)
bff9166 Docs: migrate remaining legacy wiki pages to main documentation (#5465)
c805327 chore(main): release 11.7.3 (#5455)
ebdbc48 fix: use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION ...
4122c7d docs: add security escalation policy (#5466)
1164b9d docs: fix duplicate global leak documentation (#5461)
48c6f40 build(deps): bump actions/setup-node in the github-actions group (#5459)
6654704 docs: migrate third party UIs wiki page to docs (#5434)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

github-actions · 2025-10-16T13:23:23Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

npm/mocha

^11.7.4

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 8	Found 23/26 approved changesets -- score normalized to 8
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
SAST	🟢 5	SAST tool is not run on all commits -- score normalized to 5
Vulnerabilities	⚠️ 0	66 existing vulnerabilities detected

npm/chokidar

4.0.3

🟢 4.9

Details

Check	Score	Reason
Code-Review	🟢 4	Found 10/24 approved changesets -- score normalized to 4
Maintained	⚠️ 2	0 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/diff

7.0.0

🟢 3.8

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 4/28 approved changesets -- score normalized to 1
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 8	6 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 8
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 7	3 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/mocha

11.7.4

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 8	Found 23/26 approved changesets -- score normalized to 8
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
SAST	🟢 5	SAST tool is not run on all commits -- score normalized to 5
Vulnerabilities	⚠️ 0	66 existing vulnerabilities detected

npm/readdirp

4.1.2

🟢 4.2

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	⚠️ 1	Found 3/28 approved changesets -- score normalized to 1
Pinned-Dependencies	🟢 10	all dependencies are pinned
Maintained	⚠️ 1	2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 9	1 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/workerpool

9.3.4

🟢 4.9

Details

Check	Score	Reason
Maintained	🟢 10	11 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/23 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

Scanned Files

package.json
yarn.lock

github-actions · 2025-10-16T13:23:45Z

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity	Count
🔴 Critical	0
🟠 High	3
🟡 Moderate	5
🟢 Low	4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report

├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
├─ tmp: �[38;5;37m0.1.0�[39m
│  ├─ ID: �[38;5;220m1106849�[39m
│  ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
│  ├─ Severity: low
│  ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
│  ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
│  ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
│  └─ Recommendation: Upgrade to version 0.2.4 or later
│
└─ validator: �[38;5;37m13.15.15�[39m
   ├─ ID: �[38;5;220m1108959�[39m
   ├─ Issue: validator.js has a URL validation bypass vulnerability in its isURL function
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-9965-vmph-33xx�[39m
   ├─ Severity: moderate
   ├─ Vulnerable Versions: �[38;5;37m<=13.15.15�[39m
   ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
   ├─ Via: validator
   └─ Recommendation: None

github-actions · 2025-10-23T03:09:16Z

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity	Count
🔴 Critical	0
🟠 High	3
🟡 Moderate	5
🟢 Low	4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report

├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
├─ tmp: �[38;5;37m0.1.0�[39m
│  ├─ ID: �[38;5;220m1106849�[39m
│  ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
│  ├─ Severity: low
│  ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
│  ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
│  ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
│  └─ Recommendation: Upgrade to version 0.2.4 or later
│
└─ validator: �[38;5;37m13.15.15�[39m
   ├─ ID: �[38;5;220m1108959�[39m
   ├─ Issue: validator.js has a URL validation bypass vulnerability in its isURL function
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-9965-vmph-33xx�[39m
   ├─ Severity: moderate
   ├─ Vulnerable Versions: �[38;5;37m<=13.15.15�[39m
   ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
   ├─ Via: validator
   └─ Recommendation: None

github-actions · 2025-10-24T03:17:32Z

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity	Count
🔴 Critical	0
🟠 High	3
🟡 Moderate	5
🟢 Low	4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report

├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
├─ tmp: �[38;5;37m0.1.0�[39m
│  ├─ ID: �[38;5;220m1106849�[39m
│  ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
│  ├─ Severity: low
│  ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
│  ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
│  ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
│  └─ Recommendation: Upgrade to version 0.2.4 or later
│
└─ validator: �[38;5;37m13.15.15�[39m
   ├─ ID: �[38;5;220m1108959�[39m
   ├─ Issue: validator.js has a URL validation bypass vulnerability in its isURL function
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-9965-vmph-33xx�[39m
   ├─ Severity: moderate
   ├─ Vulnerable Versions: �[38;5;37m<=13.15.15�[39m
   ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
   ├─ Via: validator
   └─ Recommendation: None

github-actions · 2025-10-24T03:22:40Z

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity	Count
🔴 Critical	0
🟠 High	3
🟡 Moderate	5
🟢 Low	4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report

├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
├─ tmp: �[38;5;37m0.1.0�[39m
│  ├─ ID: �[38;5;220m1106849�[39m
│  ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
│  ├─ Severity: low
│  ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
│  ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
│  ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
│  └─ Recommendation: Upgrade to version 0.2.4 or later
│
└─ validator: �[38;5;37m13.15.15�[39m
   ├─ ID: �[38;5;220m1108959�[39m
   ├─ Issue: validator.js has a URL validation bypass vulnerability in its isURL function
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-9965-vmph-33xx�[39m
   ├─ Severity: moderate
   ├─ Vulnerable Versions: �[38;5;37m<=13.15.15�[39m
   ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
   ├─ Via: validator
   └─ Recommendation: None

github-actions · 2025-10-27T04:19:43Z

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity	Count
🔴 Critical	0
🟠 High	3
🟡 Moderate	4
🟢 Low	4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report

├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
└─ tmp: �[38;5;37m0.1.0�[39m
   ├─ ID: �[38;5;220m1106849�[39m
   ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
   ├─ Severity: low
   ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
   ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
   ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
   └─ Recommendation: Upgrade to version 0.2.4 or later

github-actions · 2025-10-27T04:30:45Z

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity	Count
🔴 Critical	0
🟠 High	3
🟡 Moderate	4
🟢 Low	4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report

├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
└─ tmp: �[38;5;37m0.1.0�[39m
   ├─ ID: �[38;5;220m1106849�[39m
   ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
   ├─ Severity: low
   ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
   ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
   ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
   └─ Recommendation: Upgrade to version 0.2.4 or later

github-actions · 2025-10-28T04:08:35Z

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity	Count
🔴 Critical	0
🟠 High	3
🟡 Moderate	4
🟢 Low	4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report

├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
└─ tmp: �[38;5;37m0.1.0�[39m
   ├─ ID: �[38;5;220m1106849�[39m
   ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
   ├─ Severity: low
   ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
   ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
   ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
   └─ Recommendation: Upgrade to version 0.2.4 or later

github-actions · 2025-10-28T04:13:18Z

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity	Count
🔴 Critical	0
🟠 High	3
🟡 Moderate	4
🟢 Low	4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report

├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
└─ tmp: �[38;5;37m0.1.0�[39m
   ├─ ID: �[38;5;220m1106849�[39m
   ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
   ├─ Severity: low
   ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
   ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
   ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
   └─ Recommendation: Upgrade to version 0.2.4 or later

github-actions · 2025-10-29T04:09:56Z

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity	Count
🔴 Critical	0
🟠 High	3
🟡 Moderate	4
🟢 Low	4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report

├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
└─ tmp: �[38;5;37m0.1.0�[39m
   ├─ ID: �[38;5;220m1106849�[39m
   ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
   ├─ Severity: low
   ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
   ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
   ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
   └─ Recommendation: Upgrade to version 0.2.4 or later

github-actions · 2025-10-30T04:09:07Z

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity	Count
🔴 Critical	0
🟠 High	3
🟡 Moderate	4
🟢 Low	4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report

├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
└─ tmp: �[38;5;37m0.1.0�[39m
   ├─ ID: �[38;5;220m1106849�[39m
   ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
   ├─ Severity: low
   ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
   ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
   ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
   └─ Recommendation: Upgrade to version 0.2.4 or later

Bumps [mocha](https://github.com/mochajs/mocha) from 10.8.2 to 11.7.4. - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md) - [Commits](mochajs/mocha@v10.8.2...v11.7.4) --- updated-dependencies: - dependency-name: mocha dependency-version: 11.7.4 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2025-10-31T04:08:15Z

🟠 Dependency Security Audit

🟠 3 high severity vulnerabilities found

Severity	Count
🔴 Critical	0
🟠 High	3
🟡 Moderate	4
🟢 Low	4

⚠️ Recommended: High severity vulnerabilities should be addressed.

View full audit report

├─ lodash.pick: �[38;5;37m4.4.0�[39m
│  ├─ ID: �[38;5;220m1106907�[39m
│  ├─ Issue: Prototype Pollution in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p6mc-m468-83gw�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m>=4.0.0 <=4.4.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ lodash.template: �[38;5;37m4.5.0�[39m
│  ├─ ID: �[38;5;220m1106902�[39m
│  ├─ Issue: Command Injection in lodash
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-35jh-r3h4-6jhm�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<=4.5.0�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: electron-winstaller
│  └─ Recommendation: None
│
├─ nth-check: �[38;5;37m1.0.2�[39m
│  ├─ ID: �[38;5;220m1095141�[39m
│  ├─ Issue: Inefficient Regular Expression Complexity in nth-check
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-rp65-9cf3-cjxr�[39m
│  ├─ Severity: high
│  ├─ Vulnerable Versions: �[38;5;37m<2.0.1�[39m
│  ├─ Patched Versions: �[38;5;37m>=2.0.1�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: Upgrade to version 2.0.1 or later
│
├─ request: �[38;5;37m2.88.2�[39m
│  ├─ ID: �[38;5;220m1096727�[39m
│  ├─ Issue: Server-Side Request Forgery in Request
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-p8p7-x288-28g6�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m<=2.88.2�[39m
│  ├─ Patched Versions: �[38;5;37m<0.0.0�[39m
│  ├─ Via: open-graph
│  └─ Recommendation: None
│
├─ serialize-javascript: �[38;5;37m6.0.0�[39m
│  ├─ ID: �[38;5;220m1105261�[39m
│  ├─ Issue: Cross-site Scripting (XSS) in serialize-javascript
│  ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-76p7-773f-r4q5�[39m
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: �[38;5;37m>=6.0.0 <6.0.2�[39m
│  ├─ Patched Versions: �[38;5;37m>=6.0.2�[39m
│  ├─ Via: mocha, webpack, babel-loader
│  └─ Recommendation: Upgrade to version 6.0.2 or later
│
└─ tmp: �[38;5;37m0.1.0�[39m
   ├─ ID: �[38;5;220m1106849�[39m
   ├─ Issue: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
   ├─ URL: �[38;5;170mhttps://github.com/advisories/GHSA-52f5-9888-hmc6�[39m
   ├─ Severity: low
   ├─ Vulnerable Versions: �[38;5;37m<=0.2.3�[39m
   ├─ Patched Versions: �[38;5;37m>=0.2.4�[39m
   ├─ Via: @wireapp/protocol-messaging, electron-winstaller, electron-builder
   └─ Recommendation: Upgrade to version 0.2.4 or later

sonarqubecloud · 2025-10-31T04:08:18Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot · 2025-11-05T04:03:16Z

Superseded by #9213.

dependabot bot added dependencies javascript Pull requests that update Javascript code labels Oct 2, 2025

dependabot bot mentioned this pull request Oct 2, 2025

chore(deps-dev): bump mocha from 10.8.2 to 11.7.3 #9125

Closed

otto-the-bot approved these changes Oct 2, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from 3b9bce3 to 768fd66 Compare October 2, 2025 10:40

otto-the-bot approved these changes Oct 2, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from 768fd66 to ce8c34b Compare October 6, 2025 03:08

otto-the-bot approved these changes Oct 6, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from ce8c34b to e9b1b34 Compare October 8, 2025 03:09

otto-the-bot approved these changes Oct 8, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from e9b1b34 to 1d5bc78 Compare October 8, 2025 03:13

otto-the-bot approved these changes Oct 8, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from 1d5bc78 to a0ed632 Compare October 10, 2025 03:08

otto-the-bot approved these changes Oct 10, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from a0ed632 to bb25baa Compare October 10, 2025 03:12

otto-the-bot approved these changes Oct 10, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from bb25baa to 6671c5d Compare October 14, 2025 03:09

otto-the-bot approved these changes Oct 14, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from 6671c5d to 936c1b2 Compare October 16, 2025 03:08

otto-the-bot approved these changes Oct 16, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from 936c1b2 to fb5bd29 Compare October 16, 2025 13:23

otto-the-bot approved these changes Oct 16, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from fb5bd29 to 4e98c06 Compare October 23, 2025 03:08

otto-the-bot approved these changes Oct 23, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from 4e98c06 to 14fac42 Compare October 24, 2025 03:07

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from 9d4beda to 6ba57e0 Compare October 24, 2025 03:21

otto-the-bot approved these changes Oct 24, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from 6ba57e0 to c02cd92 Compare October 27, 2025 04:19

otto-the-bot approved these changes Oct 27, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from c02cd92 to c447f36 Compare October 27, 2025 04:30

otto-the-bot approved these changes Oct 27, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from c447f36 to 4e8a8b6 Compare October 28, 2025 04:07

otto-the-bot approved these changes Oct 28, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from 4e8a8b6 to 791fa8a Compare October 28, 2025 04:12

otto-the-bot approved these changes Oct 28, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from 791fa8a to 1b62ada Compare October 29, 2025 04:09

otto-the-bot approved these changes Oct 29, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from 1b62ada to f60e572 Compare October 30, 2025 04:08

otto-the-bot approved these changes Oct 30, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/mocha-11.7.4 branch from f60e572 to 9f7dfeb Compare October 31, 2025 04:07

otto-the-bot approved these changes Oct 31, 2025

View reviewed changes

dependabot bot closed this Nov 5, 2025

dependabot bot deleted the dependabot/npm_and_yarn/mocha-11.7.4 branch November 5, 2025 04:03

chore(deps-dev): bump mocha from 10.8.2 to 11.7.4 #9133

chore(deps-dev): bump mocha from 10.8.2 to 11.7.4 #9133

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v11.7.4

11.7.4 (2025-10-01)

🩹 Fixes

📚 Documentation

🧹 Chores

v11.7.3

11.7.3 (2025-09-30)

🩹 Fixes

📚 Documentation

🤖 Automation

v11.7.2

11.7.2 (2025-09-01)

🩹 Fixes

📚 Documentation

11.7.4 (2025-10-01)

🩹 Fixes

📚 Documentation

🧹 Chores

11.7.3 (2025-09-30)

🩹 Fixes

📚 Documentation

🤖 Automation

11.7.2 (2025-09-01)

🩹 Fixes

📚 Documentation

Uh oh!

github-actions bot commented Oct 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

github-actions bot commented Oct 16, 2025

🟠 Dependency Security Audit

Uh oh!

github-actions bot commented Oct 23, 2025

🟠 Dependency Security Audit

Uh oh!

github-actions bot commented Oct 24, 2025

🟠 Dependency Security Audit

Uh oh!

github-actions bot commented Oct 24, 2025

🟠 Dependency Security Audit

Uh oh!

github-actions bot commented Oct 27, 2025

🟠 Dependency Security Audit

Uh oh!

github-actions bot commented Oct 27, 2025

🟠 Dependency Security Audit

Uh oh!

github-actions bot commented Oct 28, 2025

🟠 Dependency Security Audit

Uh oh!

github-actions bot commented Oct 28, 2025

🟠 Dependency Security Audit

Uh oh!

github-actions bot commented Oct 29, 2025

🟠 Dependency Security Audit

Uh oh!

github-actions bot commented Oct 30, 2025

🟠 Dependency Security Audit

Uh oh!

github-actions bot commented Oct 31, 2025

🟠 Dependency Security Audit

Uh oh!

sonarqubecloud bot commented Oct 31, 2025

Quality Gate passed

Uh oh!

dependabot bot commented on behalf of github Nov 5, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

dependabot bot commented on behalf of github Oct 2, 2025 •

edited

Loading

github-actions bot commented Oct 16, 2025 •

edited

Loading