chore: Vulnerability Patches - Low or greater by orm-vulnerabilityscanner · Pull Request #2 · oreillymedia/onyx

orm-vulnerabilityscanner · 2025-07-27T13:42:56Z

This Pull Request was created to address Low or greater security vulnerabilities as idenitified by Dependabot.

Updates to `examples/widget/package-lock.json`

This pull request contains updates to examples/widget/package-lock.json. If you do not wish to accept one or more of these changes, please close the Dependabot issue. The vulnerabillity patcher will then update this pull request the next time it runs against this repository.

👍 This pull request only regenerated the file referenced above. No other updates were applied.

Package	Vulnerable Versions	Message	Issue	Severity	Scope	Status
nanoid	< 3.3.8 >= 4.0.0 < 5.0.9	Addressed by lock regeneration	Issue 24	Moderate	Runtime	✅
next	>= 13.0 < 14.2.30 >= 15.0.0 < 15.2.2	Addressed by lock regeneration	Issue 27	Low	Runtime	✅
next	>= 0.9.9 < 14.2.31 >= 15.0.0 <= 15.4.4	Addressed by lock regeneration	Issue 39	Moderate	Runtime	✅
next	>= 0.9.9 < 14.2.31 >= 15.0.0 <= 15.4.4	Addressed by lock regeneration	Issue 41	Moderate	Runtime	✅
next	>= 0.9.9 < 14.2.32 >= 15.0.0-canary.0 < 15.4.7	Addressed by lock regeneration	Issue 42	Moderate	Runtime	✅
js-yaml	< 3.14.2 >= 4.0.0 < 4.1.1	Addressed by lock regeneration	Issue 62	Moderate	Development	✅
next	>= 13.3.0 < 14.2.34 >= 15.0.0-canary.0 < 15.0.6 >= 15.1.1-canary.0 < 15.1.10 >= 15.2.0-canary.0 < 15.2.7 >= 15.3.0-canary.0 < 15.3.7 >= 15.4.0-canary.0 < 15.4.9 >= 15.5.1-canary.0 < 15.5.8 >= 15.6.0-canary.0 < 15.6.0-canary.59 >= 16.0.0-beta.0 < 16.0.9 >= 16.1.0-canary.0 < 16.1.0-canary.17	Addressed by lock regeneration	Issue 76	High	Runtime	✅
next	>= 13.3.1-canary.0 < 14.2.35 >= 15.0.6 < 15.0.7 >= 15.1.10 < 15.1.11 >= 15.2.7 < 15.2.8 >= 15.3.7 < 15.3.8 >= 15.4.9 < 15.4.10 >= 15.5.8 < 15.5.9 >= 15.6.0-canary.59 < 15.6.0-canary.60 >= 16.0.9 < 16.0.10 >= 16.1.0-canary.17 < 16.1.0-canary.19	Addressed by lock regeneration	Issue 77	High	Runtime	✅
diff	< 3.5.1 >= 4.0.0 < 4.0.4 >= 5.0.0 < 5.2.2 >= 6.0.0 < 8.0.3	Addressed by lock regeneration	Issue 99	Low	Runtime	✅
flatted	<= 3.4.1	Addressed by lock regeneration	Issue 181	High	Development	✅
picomatch	< 2.3.2 >= 3.0.0 < 3.0.2 >= 4.0.0 < 4.0.4	Addressed by lock regeneration	Issue 219	Moderate	Development	✅

⚠️ NOTE: This pull request failed to address the following vulnerabilities. You can still merge this pull request, but will need to take other steps to resolve these vulnerabilities.

Package	Vulnerable Versions	Message	Issue	Severity	Scope	Status
glob	>= 10.2.0 < 10.5.0 >= 11.0.0 < 11.1.0	Not adding override for "@next/eslint-plugin-next@14.2.5"	Issue 66	High	Development	❌
next	>= 10.0.0 < 15.5.10 >= 15.6.0-canary.0 < 16.1.5	Not adding override for "widget@0.1.0"	Issue 112	Moderate	Runtime	❌
next	>= 13.0.0 < 15.0.8 >= 15.1.1-canary.0 < 15.1.12 >= 15.2.0-canary.0 < 15.2.9 >= 15.3.0-canary.0 < 15.3.9 >= 15.4.0-canary.0 < 15.4.11 >= 15.5.1-canary.0 < 15.5.10 >= 15.6.0-canary.0 < 15.6.0-canary.61 >= 16.0.0-beta.0 < 16.0.11 >= 16.1.0-canary.0 < 16.1.5	Not adding override for "widget@0.1.0"	Issue 116	High	Runtime	❌
minimatch	< 3.1.3 >= 4.0.0 < 4.2.5 >= 5.0.0 < 5.1.8 >= 6.0.0 < 6.2.2 >= 7.0.0 < 7.4.8 >= 8.0.0 < 8.0.6 >= 9.0.0 < 9.0.7 >= 10.0.0 < 10.2.3	Not adding override for "@typescript-eslint/typescript-estree@7.2.0"	Issue 152	High	Development	❌
minimatch	< 3.1.3 >= 4.0.0 < 4.2.5 >= 5.0.0 < 5.1.8 >= 6.0.0 < 6.2.2 >= 7.0.0 < 7.4.8 >= 8.0.0 < 8.0.6 >= 9.0.0 < 9.0.7 >= 10.0.0 < 10.2.3	Not adding override for "@typescript-eslint/typescript-estree@7.2.0"	Issue 161	High	Development	❌
next	>= 9.5.0 < 15.5.13 >= 16.0.0-beta.0 < 16.1.7	Not adding override for "widget@0.1.0"	Issue 183	Moderate	Runtime	❌
next	>= 10.0.0 < 15.5.14 >= 16.0.0-beta.0 < 16.1.7	Not adding override for "widget@0.1.0"	Issue 187	Moderate	Runtime	❌
next	>= 13.0.0 < 15.5.15 >= 16.0.0-beta.0 < 16.2.3	Not adding override for "widget@0.1.0"	Issue 230	High	Runtime	❌
next	>= 14.2.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not adding override for "widget@0.1.0"	Issue 263	Moderate	Runtime	❌
next	>= 13.4.13 < 15.5.16 >= 16.0.0 < 16.2.5	Not adding override for "widget@0.1.0"	Issue 266	High	Runtime	❌
next	>= 13.4.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not adding override for "widget@0.1.0"	Issue 269	Moderate	Runtime	❌
next	>= 13.0.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not adding override for "widget@0.1.0"	Issue 272	High	Runtime	❌
next	>= 13.0.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not adding override for "widget@0.1.0"	Issue 274	Moderate	Runtime	❌
next	>= 12.2.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not adding override for "widget@0.1.0"	Issue 277	High	Runtime	❌
next	>= 12.2.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not adding override for "widget@0.1.0"	Issue 278	Low	Runtime	❌
next	>= 10.0.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not adding override for "widget@0.1.0"	Issue 280	Moderate	Runtime	❌
next	>= 13.4.6 < 15.5.16 >= 16.0.0 < 16.2.5	Not adding override for "widget@0.1.0"	Issue 286	Low	Runtime	❌
postcss	< 8.5.10	Not adding override for "next@14.2.35"	Issue 293	Moderate	Runtime	❌

Operations

[2026-06-19T07:33:39.882Z]	Reset package-lock.json
[2026-06-19T07:34:50.938Z]	Created package-lock.json
[2026-06-19T07:34:51.014Z]	Not adding override for "@next/eslint-plugin-next@14.2.5"
[2026-06-19T07:34:51.017Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.018Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.018Z]	Not adding override for "@typescript-eslint/typescript-estree@7.2.0"
[2026-06-19T07:34:51.019Z]	Not adding override for "@typescript-eslint/typescript-estree@7.2.0"
[2026-06-19T07:34:51.020Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.021Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.022Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.022Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.023Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.023Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.024Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.024Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.024Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.025Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.026Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.026Z]	Not adding override for "widget@0.1.0"
[2026-06-19T07:34:51.026Z]	Not adding override for "next@14.2.35"

Updates to `web/package-lock.json`

This pull request contains updates to web/package-lock.json. If you do not wish to accept one or more of these changes, please close the Dependabot issue. The vulnerabillity patcher will then update this pull request the next time it runs against this repository.

👍 This pull request only regenerated the file referenced above. No other updates were applied.

Package	Vulnerable Versions	Message	Issue	Severity	Scope	Status
brace-expansion	>= 1.0.0 <= 1.1.11 >= 2.0.0 <= 2.0.1 = 3.0.0 = 4.0.0	Addressed by lock regeneration	Issue 28	Low	Runtime	✅
next	>= 0.9.9 < 14.2.31 >= 15.0.0 <= 15.4.4	Addressed by lock regeneration	Issue 33	Moderate	Runtime	✅
next	>= 0.9.9 < 14.2.31 >= 15.0.0 <= 15.4.4	Addressed by lock regeneration	Issue 34	Moderate	Runtime	✅
next	>= 0.9.9 < 14.2.32 >= 15.0.0-canary.0 < 15.4.7	Addressed by lock regeneration	Issue 35	Moderate	Runtime	✅
playwright	< 1.55.1	Addressed by lock regeneration	Issue 51	High	Development	✅
js-yaml	< 3.14.2 >= 4.0.0 < 4.1.1	Addressed by lock regeneration	Issue 61	Moderate	Development	✅
js-yaml	< 3.14.2 >= 4.0.0 < 4.1.1	Addressed by lock regeneration	Issue 63	Moderate	Development	✅
mdast-util-to-hast	>= 13.0.0 < 13.2.1	Addressed by lock regeneration	Issue 70	Moderate	Runtime	✅
next	>= 14.3.0-canary.77 < 15.0.5 >= 15.1.0-canary.0 < 15.1.9 >= 15.2.0-canary.0 < 15.2.6 >= 15.3.0-canary.0 < 15.3.6 >= 15.4.0-canary.0 < 15.4.8 >= 15.5.0-canary.0 < 15.5.7 >= 16.0.0-canary.0 < 16.0.7	Addressed by lock regeneration	Issue 71	Critical	Runtime	✅
next	>= 13.3.0 < 14.2.34 >= 15.0.0-canary.0 < 15.0.6 >= 15.1.1-canary.0 < 15.1.10 >= 15.2.0-canary.0 < 15.2.7 >= 15.3.0-canary.0 < 15.3.7 >= 15.4.0-canary.0 < 15.4.9 >= 15.5.1-canary.0 < 15.5.8 >= 15.6.0-canary.0 < 15.6.0-canary.59 >= 16.0.0-beta.0 < 16.0.9 >= 16.1.0-canary.0 < 16.1.0-canary.17	Addressed by lock regeneration	Issue 74	High	Runtime	✅
next	>= 15.0.0-canary.0 < 15.0.6 >= 15.1.1-canary.0 < 15.1.10 >= 15.2.0-canary.0 < 15.2.7 >= 15.3.0-canary.0 < 15.3.7 >= 15.4.0-canary.0 < 15.4.9 >= 15.5.1-canary.0 < 15.5.8 >= 15.6.0-canary.0 < 15.6.0-canary.59 >= 16.0.0-beta.0 < 16.0.9 >= 16.1.0-canary.0 < 16.1.0-canary.17	Addressed by lock regeneration	Issue 75	Moderate	Runtime	✅
storybook	>= 7.0.0 < 7.6.21 >= 8.0.0 < 8.6.15 >= 9.0.0 < 9.1.17 >= 10.0.0 < 10.1.10	Addressed by lock regeneration	Issue 79	High	Development	✅
qs	< 6.14.1	Addressed by lock regeneration	Issue 82	Moderate	Runtime	✅
tar	<= 7.5.2	Addressed by lock regeneration	Issue 98	High	Runtime	✅
diff	< 3.5.1 >= 4.0.0 < 4.0.4 >= 5.0.0 < 5.2.2 >= 6.0.0 < 8.0.3	Addressed by lock regeneration	Issue 100	Low	Runtime	✅
tar	<= 7.5.3	Addressed by lock regeneration	Issue 101	High	Runtime	✅
lodash-es	>= 4.0.0 <= 4.5.2 >= 4.0.0 <= 4.17.22 >= 4.0.0 <= 4.17.22 >= 4.0.0 <= 4.17.22	Addressed by lock regeneration	Issue 102	Moderate	Runtime	✅
lodash	>= 4.0.0 <= 4.5.2 >= 4.0.0 <= 4.17.22 >= 4.0.0 <= 4.17.22 >= 4.0.0 <= 4.17.22	Addressed by lock regeneration	Issue 104	Moderate	Runtime	✅
tar	< 7.5.7	Addressed by lock regeneration	Issue 107	High	Runtime	✅
next	>= 13.0.0 < 15.0.8 >= 15.1.1-canary.0 < 15.1.12 >= 15.2.0-canary.0 < 15.2.9 >= 15.3.0-canary.0 < 15.3.9 >= 15.4.0-canary.0 < 15.4.11 >= 15.5.1-canary.0 < 15.5.10 >= 15.6.0-canary.0 < 15.6.0-canary.61 >= 16.0.0-beta.0 < 16.0.11 >= 16.1.0-canary.0 < 16.1.5	Addressed by lock regeneration	Issue 108	High	Runtime	✅
next	>= 10.0.0 < 15.5.10 >= 15.6.0-canary.0 < 16.1.5	Addressed by lock regeneration	Issue 114	Moderate	Runtime	✅
webpack	>= 5.49.0 <= 5.104.0	Addressed by lock regeneration	Issue 121	Low	Runtime	✅
webpack	>= 5.49.0 < 5.104.0	Addressed by lock regeneration	Issue 122	Low	Runtime	✅
qs	>= 6.7.0 <= 6.14.1	Addressed by lock regeneration	Issue 124	Low	Runtime	✅
tar	< 7.5.8	Addressed by lock regeneration	Issue 125	High	Runtime	✅
ajv	< 6.14.0 >= 7.0.0-alpha.0 < 8.18.0	Addressed by lock regeneration	Issue 136	Moderate	Runtime	✅
minimatch	< 3.1.3 >= 4.0.0 < 4.2.4 >= 5.0.0 < 5.1.7 >= 6.0.0 < 6.2.1 >= 7.0.0 < 7.4.7 >= 8.0.0 < 8.0.5 >= 9.0.0 < 9.0.6 >= 10.0.0 < 10.2.1	Addressed by lock regeneration	Issue 139	High	Runtime	✅
minimatch	< 3.1.3 >= 4.0.0 < 4.2.4 >= 5.0.0 < 5.1.7 >= 6.0.0 < 6.2.1 >= 7.0.0 < 7.4.7 >= 8.0.0 < 8.0.5 >= 9.0.0 < 9.0.6 >= 10.0.0 < 10.2.1	Addressed by lock regeneration	Issue 143	High	Runtime	✅
storybook	>= 8.1.0 < 8.6.17 >= 8.7.0-alpha.0 < 9.1.19 >= 10.0.0-beta.0 < 10.2.10	Addressed by lock regeneration	Issue 148	High	Development	✅
minimatch	< 3.1.4 >= 4.0.0 < 4.2.5 >= 5.0.0 < 5.1.8 >= 6.0.0 < 6.2.2 >= 7.0.0 < 7.4.8 >= 8.0.0 < 8.0.6 >= 9.0.0 < 9.0.7 >= 10.0.0 < 10.2.3	Addressed by lock regeneration	Issue 150	High	Runtime	✅
minimatch	< 3.1.3 >= 4.0.0 < 4.2.5 >= 5.0.0 < 5.1.8 >= 6.0.0 < 6.2.2 >= 7.0.0 < 7.4.8 >= 8.0.0 < 8.0.6 >= 9.0.0 < 9.0.7 >= 10.0.0 < 10.2.3	Addressed by lock regeneration	Issue 151	High	Runtime	✅
minimatch	< 3.1.3 >= 4.0.0 < 4.2.5 >= 5.0.0 < 5.1.8 >= 6.0.0 < 6.2.2 >= 7.0.0 < 7.4.8 >= 8.0.0 < 8.0.6 >= 9.0.0 < 9.0.7 >= 10.0.0 < 10.2.3	Addressed by lock regeneration	Issue 155	High	Development	✅
minimatch	< 3.1.3 >= 4.0.0 < 4.2.5 >= 5.0.0 < 5.1.8 >= 6.0.0 < 6.2.2 >= 7.0.0 < 7.4.8 >= 8.0.0 < 8.0.6 >= 9.0.0 < 9.0.7 >= 10.0.0 < 10.2.3	Addressed by lock regeneration	Issue 156	High	Runtime	✅
minimatch	< 3.1.4 >= 4.0.0 < 4.2.5 >= 5.0.0 < 5.1.8 >= 6.0.0 < 6.2.2 >= 7.0.0 < 7.4.8 >= 8.0.0 < 8.0.6 >= 9.0.0 < 9.0.7 >= 10.0.0 < 10.2.3	Addressed by lock regeneration	Issue 157	High	Runtime	✅
minimatch	< 3.1.3 >= 4.0.0 < 4.2.5 >= 5.0.0 < 5.1.8 >= 6.0.0 < 6.2.2 >= 7.0.0 < 7.4.8 >= 8.0.0 < 8.0.6 >= 9.0.0 < 9.0.7 >= 10.0.0 < 10.2.3	Addressed by lock regeneration	Issue 162	High	Development	✅
serialize-javascript	<= 7.0.2	Addressed by lock regeneration	Issue 163	High	Runtime	✅
tar	<= 7.5.9	Addressed by lock regeneration	Issue 169	High	Runtime	✅
tar	<= 7.5.10	Addressed by lock regeneration	Issue 172	High	Runtime	✅
next	>= 9.5.0 < 15.5.13 >= 16.0.0-beta.0 < 16.1.7	Addressed by lock regeneration	Issue 184	Moderate	Runtime	✅
flatted	<= 3.4.1	Addressed by lock regeneration	Issue 185	High	Development	✅
next	>= 10.0.0 < 15.5.14 >= 16.0.0-beta.0 < 16.1.7	Addressed by lock regeneration	Issue 188	Moderate	Runtime	✅
yaml	>= 1.0.0 < 1.10.3 >= 2.0.0 < 2.8.3	Addressed by lock regeneration	Issue 195	Moderate	Runtime	✅
yaml	>= 1.0.0 < 1.10.3 >= 2.0.0 < 2.8.3	Addressed by lock regeneration	Issue 196	Moderate	Runtime	✅
lodash-es	>= 4.0.0 < 4.18.0 <= 4.17.23 <= 4.17.23 <= 4.17.23	Addressed by lock regeneration	Issue 211	Moderate	Runtime	✅
lodash-es	>= 4.0.0 < 4.18.0 >= 4.0.0 <= 4.17.23 >= 4.0.0 <= 4.17.23 >= 4.0.0 <= 4.17.23	Addressed by lock regeneration	Issue 212	High	Runtime	✅
lodash	>= 4.0.0 < 4.18.0 <= 4.17.23 <= 4.17.23 <= 4.17.23	Addressed by lock regeneration	Issue 226	Moderate	Runtime	✅
lodash	>= 4.0.0 < 4.18.0 >= 4.0.0 <= 4.17.23 >= 4.0.0 <= 4.17.23 >= 4.0.0 <= 4.17.23	Addressed by lock regeneration	Issue 227	High	Runtime	✅
next	>= 13.0.0 < 15.5.15 >= 16.0.0-beta.0 < 16.2.3	Addressed by lock regeneration	Issue 231	High	Runtime	✅
fast-uri	<= 3.1.0	Addressed by lock regeneration	Issue 251	High	Runtime	✅
fast-uri	<= 3.1.1	Addressed by lock regeneration	Issue 256	High	Runtime	✅
next	>= 15.2.0 < 15.5.16 >= 16.0.0 < 16.2.5	Addressed by lock regeneration	Issue 257	High	Runtime	✅
next	>= 15.2.0 < 15.5.18 >= 16.0.0 < 16.2.6	Addressed by lock regeneration	Issue 258	High	Runtime	✅
next	>= 15.0.0 < 15.5.16 >= 16.0.0 < 16.2.5	Addressed by lock regeneration	Issue 260	High	Runtime	✅
next	>= 14.2.0 < 15.5.16 >= 16.0.0 < 16.2.5	Addressed by lock regeneration	Issue 264	Moderate	Runtime	✅
next	>= 13.4.13 < 15.5.16 >= 16.0.0 < 16.2.5	Addressed by lock regeneration	Issue 273	High	Runtime	✅
next	>= 13.0.0 < 15.5.16 >= 16.0.0 < 16.2.5	Addressed by lock regeneration	Issue 281	High	Runtime	✅
next	>= 13.0.0 < 15.5.16 >= 16.0.0 < 16.2.5	Addressed by lock regeneration	Issue 282	Moderate	Runtime	✅
next	>= 12.2.0 < 15.5.16 >= 16.0.0 < 16.2.5	Addressed by lock regeneration	Issue 283	High	Runtime	✅
next	>= 12.2.0 < 15.5.16 >= 16.0.0 < 16.2.5	Addressed by lock regeneration	Issue 284	Low	Runtime	✅
next	>= 10.0.0 < 15.5.16 >= 16.0.0 < 16.2.5	Addressed by lock regeneration	Issue 285	Moderate	Runtime	✅
next	>= 13.4.6 < 15.5.16 >= 16.0.0 < 16.2.5	Addressed by lock regeneration	Issue 287	Low	Runtime	✅
js-cookie	<= 3.0.5	Addressed by lock regeneration	Issue 289	High	Runtime	✅
serialize-javascript	>= 5.0.0 < 7.0.5	Addressed by lock regeneration	Issue 290	Moderate	Runtime	✅
qs	>= 6.11.1 <= 6.15.1	Addressed by lock regeneration	Issue 291	Moderate	Runtime	✅
next	>= 13.4.0 < 15.5.16 >= 16.0.0 < 16.2.5	Addressed by lock regeneration	Issue 295	Moderate	Runtime	✅

⚠️ NOTE: This pull request failed to address the following vulnerabilities. You can still merge this pull request, but will need to take other steps to resolve these vulnerabilities.

Package	Vulnerable Versions	Message	Issue	Severity	Scope	Status
glob	>= 10.2.0 < 10.5.0 >= 11.0.0 < 11.1.0	Not adding override for "@next/eslint-plugin-next@14.2.35"	Issue 67	High	Runtime	❌
rollup	< 2.80.0 >= 3.0.0 < 3.30.0 >= 4.0.0 < 4.59.0	Not adding override for "@rollup/plugin-commonjs@28.0.1"	Issue 145	High	Runtime	❌
rollup	< 2.80.0 >= 3.0.0 < 3.30.0 >= 4.0.0 < 4.59.0	Not adding override for "@rollup/pluginutils@5.4.0"	Issue 145	High	Runtime	❌
rollup	< 2.80.0 >= 3.0.0 < 3.30.0 >= 4.0.0 < 4.59.0	Not adding override for "@sentry/nextjs@8.55.2"	Issue 145	High	Runtime	❌
picomatch	< 2.3.2 >= 3.0.0 < 3.0.2 >= 4.0.0 < 4.0.4	Not adding override for "fdir@6.5.0"	Issue 191	High	Runtime	❌
picomatch	< 2.3.2 >= 3.0.0 < 3.0.2 >= 4.0.0 < 4.0.4	Not adding override for "tinyglobby@0.2.15"	Issue 191	High	Runtime	❌
picomatch	< 2.3.2 >= 3.0.0 < 3.0.2 >= 4.0.0 < 4.0.4	Not adding override for "fdir@6.5.0"	Issue 192	Moderate	Runtime	❌
picomatch	< 2.3.2 >= 3.0.0 < 3.0.2 >= 4.0.0 < 4.0.4	Not adding override for "tinyglobby@0.2.15"	Issue 192	Moderate	Runtime	❌
brace-expansion	< 1.1.13 >= 2.0.0 < 2.0.3 >= 3.0.0 < 3.0.2 >= 4.0.0 < 5.0.5	Not adding override for "minimatch@9.0.9"	Issue 199	Moderate	Runtime	❌
picomatch	< 2.3.2 >= 3.0.0 < 3.0.2 >= 4.0.0 < 4.0.4	Not adding override for "fdir@6.5.0"	Issue 218	High	Runtime	❌
picomatch	< 2.3.2 >= 3.0.0 < 3.0.2 >= 4.0.0 < 4.0.4	Not adding override for "tinyglobby@0.2.15"	Issue 218	High	Runtime	❌
picomatch	< 2.3.2 >= 3.0.0 < 3.0.2 >= 4.0.0 < 4.0.4	Not adding override for "fdir@6.5.0"	Issue 220	Moderate	Runtime	❌
picomatch	< 2.3.2 >= 3.0.0 < 3.0.2 >= 4.0.0 < 4.0.4	Not adding override for "tinyglobby@0.2.15"	Issue 220	Moderate	Runtime	❌
ip-address	<= 10.1.0	Not adding override for "socks@2.8.7"	Issue 247	Moderate	Runtime	❌
uuid	< 11.1.1 >= 12.0.0 < 12.0.1 >= 13.0.0 < 13.0.1	Not adding override for "web@1.0.0-dev"	Issue 292	Moderate	Runtime	❌
uuid	< 11.1.1 >= 12.0.0 < 12.0.1 >= 13.0.0 < 13.0.1	Not adding override for "@sentry/webpack-plugin@2.22.7"	Issue 292	Moderate	Runtime	❌
uuid	< 11.1.1 >= 12.0.0 < 12.0.1 >= 13.0.0 < 13.0.1	Not adding override for "@storybook/addon-actions@8.6.14"	Issue 292	Moderate	Runtime	❌
postcss	< 8.5.10	Not adding override for "next@15.5.19"	Issue 294	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/instrumentation-amqplib@0.46.1"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/instrumentation-connect@0.43.0"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/instrumentation-express@0.47.0"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/instrumentation-fastify@0.44.1"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/instrumentation-fs@0.19.0"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/instrumentation-hapi@0.45.1"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/instrumentation-http@0.57.1"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/instrumentation-koa@0.47.0"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/instrumentation-mongoose@0.46.0"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/instrumentation-pg@0.50.0"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/instrumentation-undici@0.10.0"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/resources@1.30.1"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/sdk-trace-base@1.30.1"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@opentelemetry/sql-common@0.40.1"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@sentry/node@8.55.2"	Issue 324	Moderate	Runtime	❌
@opentelemetry/core	< 2.8.0	Not adding override for "@sentry/opentelemetry@8.55.2"	Issue 324	Moderate	Runtime	❌
tar	<= 7.5.15	Not adding override for "npm@10.9.8"	Issue 327	Moderate	Runtime	❌
tar	<= 7.5.15	Not adding override for "pacote@20.0.1"	Issue 327	Moderate	Runtime	❌
tar	<= 7.5.15	Not adding override for "cacache@19.0.1"	Issue 327	Moderate	Runtime	❌
tar	<= 7.5.15	Not adding override for "libnpmdiff@7.0.5"	Issue 327	Moderate	Runtime	❌
tar	<= 7.5.15	Not adding override for "node-gyp@11.5.0"	Issue 327	Moderate	Runtime	❌
tar	<= 7.5.15	Not adding override for "pacote@19.0.2"	Issue 327	Moderate	Runtime	❌

Operations

[2026-06-19T07:34:51.031Z]	Reset package-lock.json
[2026-06-19T07:39:37.312Z]	Created package-lock.json
[2026-06-19T07:39:37.861Z]	Not adding override for "@next/eslint-plugin-next@14.2.35"
[2026-06-19T07:39:37.926Z]	Not adding override for "@rollup/plugin-commonjs@28.0.1"
[2026-06-19T07:39:37.926Z]	Not adding override for "@rollup/pluginutils@5.4.0"
[2026-06-19T07:39:37.926Z]	Not adding override for "@sentry/nextjs@8.55.2"
[2026-06-19T07:39:37.970Z]	Not adding override for "fdir@6.5.0"
[2026-06-19T07:39:37.970Z]	Not adding override for "tinyglobby@0.2.15"
[2026-06-19T07:39:37.973Z]	Not adding override for "fdir@6.5.0"
[2026-06-19T07:39:37.973Z]	Not adding override for "tinyglobby@0.2.15"
[2026-06-19T07:39:37.982Z]	Not adding override for "minimatch@9.0.9"
[2026-06-19T07:39:37.991Z]	Not adding override for "fdir@6.5.0"
[2026-06-19T07:39:37.991Z]	Not adding override for "tinyglobby@0.2.15"
[2026-06-19T07:39:37.994Z]	Not adding override for "fdir@6.5.0"
[2026-06-19T07:39:37.994Z]	Not adding override for "tinyglobby@0.2.15"
[2026-06-19T07:39:38.006Z]	Not adding override for "socks@2.8.7"
[2026-06-19T07:39:38.057Z]	Not adding override for "web@1.0.0-dev"
[2026-06-19T07:39:38.057Z]	Not adding override for "@sentry/webpack-plugin@2.22.7"
[2026-06-19T07:39:38.057Z]	Not adding override for "@storybook/addon-actions@8.6.14"
[2026-06-19T07:39:38.060Z]	Not adding override for "next@15.5.19"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/instrumentation-amqplib@0.46.1"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/instrumentation-connect@0.43.0"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/instrumentation-express@0.47.0"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/instrumentation-fastify@0.44.1"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/instrumentation-fs@0.19.0"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/instrumentation-hapi@0.45.1"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/instrumentation-http@0.57.1"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/instrumentation-koa@0.47.0"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/instrumentation-mongoose@0.46.0"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/instrumentation-pg@0.50.0"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/instrumentation-undici@0.10.0"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/resources@1.30.1"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/sdk-trace-base@1.30.1"
[2026-06-19T07:39:38.066Z]	Not adding override for "@opentelemetry/sql-common@0.40.1"
[2026-06-19T07:39:38.066Z]	Not adding override for "@sentry/node@8.55.2"
[2026-06-19T07:39:38.066Z]	Not adding override for "@sentry/opentelemetry@8.55.2"
[2026-06-19T07:39:38.069Z]	Not adding override for "npm@10.9.8"
[2026-06-19T07:39:38.069Z]	Not adding override for "pacote@20.0.1"
[2026-06-19T07:39:38.069Z]	Not adding override for "cacache@19.0.1"
[2026-06-19T07:39:38.069Z]	Not adding override for "libnpmdiff@7.0.5"
[2026-06-19T07:39:38.069Z]	Not adding override for "node-gyp@11.5.0"
[2026-06-19T07:39:38.069Z]	Not adding override for "pacote@19.0.2"

Updates to `examples/widget/package.json`

This pull request contains updates to examples/widget/package.json. If you do not wish to accept one or more of these changes, please close the Dependabot issue. The vulnerabillity patcher will then update this pull request the next time it runs against this repository.

❌ This manifest file cannot be regenerated and no updates were made to it.

⚠️ NOTE: This pull request failed to address the following vulnerabilities. You can still merge this pull request, but will need to take other steps to resolve these vulnerabilities.

Package	Vulnerable Versions	Message	Issue	Severity	Scope	Status
next	>= 10.0.0 < 15.5.10 >= 15.6.0-canary.0 < 16.1.5	Not a package-lock.json file	Issue 111	Moderate	Runtime	❔
next	>= 13.0.0 < 15.0.8 >= 15.1.1-canary.0 < 15.1.12 >= 15.2.0-canary.0 < 15.2.9 >= 15.3.0-canary.0 < 15.3.9 >= 15.4.0-canary.0 < 15.4.11 >= 15.5.1-canary.0 < 15.5.10 >= 15.6.0-canary.0 < 15.6.0-canary.61 >= 16.0.0-beta.0 < 16.0.11 >= 16.1.0-canary.0 < 16.1.5	Not a package-lock.json file	Issue 115	High	Runtime	❔
next	>= 9.5.0 < 15.5.13 >= 16.0.0-beta.0 < 16.1.7	Not a package-lock.json file	Issue 182	Moderate	Runtime	❔
next	>= 10.0.0 < 15.5.14 >= 16.0.0-beta.0 < 16.1.7	Not a package-lock.json file	Issue 186	Moderate	Runtime	❔
next	>= 13.0.0 < 15.5.15 >= 16.0.0-beta.0 < 16.2.3	Not a package-lock.json file	Issue 229	High	Runtime	❔
next	>= 14.2.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not a package-lock.json file	Issue 261	Moderate	Runtime	❔
next	>= 13.4.13 < 15.5.16 >= 16.0.0 < 16.2.5	Not a package-lock.json file	Issue 265	High	Runtime	❔
next	>= 13.4.6 < 15.5.16 >= 16.0.0 < 16.2.5	Not a package-lock.json file	Issue 267	Low	Runtime	❔
next	>= 13.4.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not a package-lock.json file	Issue 268	Moderate	Runtime	❔
next	>= 13.0.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not a package-lock.json file	Issue 270	High	Runtime	❔
next	>= 13.0.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not a package-lock.json file	Issue 271	Moderate	Runtime	❔
next	>= 12.2.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not a package-lock.json file	Issue 275	High	Runtime	❔
next	>= 12.2.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not a package-lock.json file	Issue 276	Low	Runtime	❔
next	>= 10.0.0 < 15.5.16 >= 16.0.0 < 16.2.5	Not a package-lock.json file	Issue 279	Moderate	Runtime	❔

Updates to `web/package.json`

This pull request contains updates to web/package.json. If you do not wish to accept one or more of these changes, please close the Dependabot issue. The vulnerabillity patcher will then update this pull request the next time it runs against this repository.

❌ This manifest file cannot be regenerated and no updates were made to it.

⚠️ NOTE: This pull request failed to address the following vulnerabilities. You can still merge this pull request, but will need to take other steps to resolve these vulnerabilities.

Package	Vulnerable Versions	Message	Issue	Severity	Scope	Status
uuid	< 11.1.1 >= 12.0.0 < 12.0.1 >= 13.0.0 < 13.0.1	Not a package-lock.json file	Issue 288	Moderate	Runtime	❔

orm-vulnerabilityscanner added the maintenance Relates to project upkeep or maintenance label Jul 27, 2025

orm-vulnerabilityscanner force-pushed the orm-vulnerability-patcher/patches-low branch 23 times, most recently from 0fbc11f to 542ba08 Compare August 4, 2025 00:35

orm-vulnerabilityscanner force-pushed the orm-vulnerability-patcher/patches-low branch 6 times, most recently from a0f0f87 to d042d6c Compare August 5, 2025 12:38

orm-vulnerabilityscanner force-pushed the orm-vulnerability-patcher/patches-low branch 21 times, most recently from 8aa630a to ddc33aa Compare August 15, 2025 06:42

orm-vulnerabilityscanner force-pushed the orm-vulnerability-patcher/patches-low branch 8 times, most recently from 38292b3 to 5232f22 Compare August 19, 2025 00:40

chore: Apply vulnerability patches

671ccac

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: Vulnerability Patches - Low or greater#2

chore: Vulnerability Patches - Low or greater#2
orm-vulnerabilityscanner wants to merge 1 commit into
mainfrom
orm-vulnerability-patcher/patches-low

orm-vulnerabilityscanner commented Jul 27, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

orm-vulnerabilityscanner commented Jul 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Updates to examples/widget/package-lock.json

Updates to web/package-lock.json

Updates to examples/widget/package.json

Updates to web/package.json

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

orm-vulnerabilityscanner commented Jul 27, 2025 •

edited

Loading

Updates to `examples/widget/package-lock.json`

Updates to `web/package-lock.json`

Updates to `examples/widget/package.json`

Updates to `web/package.json`