chore(deps): replace dependency npm-run-all with npm-run-all2 ^5.0.0 by red-hat-konflux[bot] · Pull Request #1784 · ansible/ansible-ai-connect-service

red-hat-konflux · 2025-11-06T00:15:14Z

This PR contains the following updates:

Package	Type	Update	Change
npm-run-all → npm-run-all2	devDependencies	replacement	`^4.1.5` -> `^5.0.0`

This is a special PR that replaces npm-run-all with the community suggested minimal stable replacement version.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

github-actions · 2025-12-05T12:18:25Z

# npm audit report

happy-dom  <20.0.0
Severity: critical
Happy DOM: VM Context Escape can lead to Remote Code Execution - https://github.com/advisories/GHSA-37j7-fg3j-429f
fix available via `npm audit fix --force`
Will install happy-dom@20.0.11, which is a breaking change
node_modules/happy-dom

js-yaml  <3.14.2 || >=4.0.0 <4.1.1
Severity: moderate
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
fix available via `npm audit fix`
node_modules/@eslint/eslintrc/node_modules/js-yaml
node_modules/cosmiconfig/node_modules/js-yaml
node_modules/eslint/node_modules/js-yaml
node_modules/js-yaml

node-forge  <=1.3.1
Severity: high
node-forge has ASN.1 Unbounded Recursion - https://github.com/advisories/GHSA-554w-wpv2-vw27
node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization - https://github.com/advisories/GHSA-5gfm-wpxj-wjgq
node-forge is vulnerable to ASN.1 OID Integer Truncation - https://github.com/advisories/GHSA-65ch-62r8-g69g
fix available via `npm audit fix`
node_modules/node-forge

3 vulnerabilities (1 moderate, 1 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

github-actions · 2025-12-09T16:18:37Z

# npm audit report

happy-dom  <20.0.0
Severity: critical
Happy DOM: VM Context Escape can lead to Remote Code Execution - https://github.com/advisories/GHSA-37j7-fg3j-429f
fix available via `npm audit fix --force`
Will install happy-dom@20.0.11, which is a breaking change
node_modules/happy-dom

js-yaml  <3.14.2 || >=4.0.0 <4.1.1
Severity: moderate
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
fix available via `npm audit fix`
node_modules/@eslint/eslintrc/node_modules/js-yaml
node_modules/cosmiconfig/node_modules/js-yaml
node_modules/eslint/node_modules/js-yaml
node_modules/js-yaml

node-forge  <=1.3.1
Severity: high
node-forge has ASN.1 Unbounded Recursion - https://github.com/advisories/GHSA-554w-wpv2-vw27
node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization - https://github.com/advisories/GHSA-5gfm-wpxj-wjgq
node-forge is vulnerable to ASN.1 OID Integer Truncation - https://github.com/advisories/GHSA-65ch-62r8-g69g
fix available via `npm audit fix`
node_modules/node-forge

3 vulnerabilities (1 moderate, 1 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

github-actions · 2026-01-09T20:16:52Z

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom


3 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · 2026-01-10T00:18:15Z

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom


3 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · 2026-01-14T16:16:51Z

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom


3 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · 2026-01-17T00:15:43Z

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom


3 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · 2026-01-19T16:16:12Z

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom


3 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · 2026-01-27T00:16:55Z

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


4 vulnerabilities (1 moderate, 3 high)

To address all issues, run:
  npm audit fix

github-actions · 2026-01-27T12:17:14Z

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


4 vulnerabilities (1 moderate, 3 high)

To address all issues, run:
  npm audit fix

github-actions · 2026-01-29T00:15:45Z

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


4 vulnerabilities (1 moderate, 3 high)

To address all issues, run:
  npm audit fix

github-actions · 2026-01-29T12:16:36Z

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


4 vulnerabilities (1 moderate, 3 high)

To address all issues, run:
  npm audit fix

github-actions · 2026-01-29T16:18:28Z

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

eslint  <9.26.0
Severity: moderate
eslint has a Stack Overflow when serializing objects with circular references - https://github.com/advisories/GHSA-p5wg-g6qr-c7cg
fix available via `npm audit fix --force`
Will install eslint@9.39.2, which is a breaking change
node_modules/eslint
  @typescript-eslint/eslint-plugin  <=8.0.0-alpha.62
  Depends on vulnerable versions of @typescript-eslint/parser
  Depends on vulnerable versions of @typescript-eslint/type-utils
  Depends on vulnerable versions of @typescript-eslint/utils
  Depends on vulnerable versions of eslint
  node_modules/@typescript-eslint/eslint-plugin
    eslint-config-react-app  >=0.1.0
    Depends on vulnerable versions of @typescript-eslint/eslint-plugin
    Depends on vulnerable versions of @typescript-eslint/parser
    Depends on vulnerable versions of eslint
    Depends on vulnerable versions of eslint-plugin-flowtype
    Depends on vulnerable versions of eslint-plugin-jest
    Depends on vulnerable versions of eslint-plugin-react-hooks
    Depends on vulnerable versions of eslint-plugin-testing-library
    node_modules/eslint-config-react-app
    eslint-plugin-jest  25.0.1 - 28.6.0
    Depends on vulnerable versions of @typescript-eslint/eslint-plugin
    Depends on vulnerable versions of eslint
    node_modules/eslint-plugin-jest
  @typescript-eslint/experimental-utils  >=5.7.1-alpha.0
  Depends on vulnerable versions of @typescript-eslint/utils
  Depends on vulnerable versions of eslint
  node_modules/@typescript-eslint/experimental-utils
  @typescript-eslint/parser  1.1.1-alpha.0 - 8.0.0-alpha.62
  Depends on vulnerable versions of eslint
  node_modules/@typescript-eslint/parser
  @typescript-eslint/utils  <=8.0.0-alpha.62
  Depends on vulnerable versions of eslint
  node_modules/@typescript-eslint/utils
    @typescript-eslint/type-utils  5.9.2-alpha.0 - 8.0.0-alpha.62
    Depends on vulnerable versions of @typescript-eslint/utils
    node_modules/@typescript-eslint/type-utils
    eslint-plugin-testing-library  3.3.1 - 7.0.0-beta.6
    Depends on vulnerable versions of @typescript-eslint/utils
    Depends on vulnerable versions of eslint
    node_modules/eslint-plugin-testing-library
  eslint-plugin-flowtype  >=5.0.0
  Depends on vulnerable versions of eslint
  node_modules/eslint-plugin-flowtype
  eslint-plugin-react-hooks  <=5.0.0-next-fecc288b7-20221025
  Depends on vulnerable versions of eslint
  node_modules/eslint-plugin-react-hooks
  eslint-webpack-plugin  <=4.1.0
  Depends on vulnerable versions of eslint
  node_modules/eslint-webpack-plugin

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


16 vulnerabilities (13 moderate, 3 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

github-actions · 2026-02-03T20:05:40Z

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

jsonpath  *
Severity: moderate
JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js - https://github.com/advisories/GHSA-6c59-mwgh-r2x6
fix available via `npm audit fix --force`
Will install bfj@7.0.2, which is a breaking change
node_modules/jsonpath
  bfj  >=7.1.0
  Depends on vulnerable versions of jsonpath
  node_modules/bfj

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


6 vulnerabilities (3 moderate, 3 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

github-actions · 2026-02-11T00:15:02Z

# npm audit report

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · 2026-02-11T16:06:30Z

# npm audit report

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · 2026-02-13T00:15:17Z

# npm audit report

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

qs  6.7.0 - 6.14.1
qs's arrayLimit bypass in comma parsing allows denial of service - https://github.com/advisories/GHSA-w7fw-mjwx-w883
fix available via `npm audit fix`
node_modules/qs

2 vulnerabilities (1 low, 1 high)

To address all issues, run:
  npm audit fix

github-actions · 2026-02-16T20:15:24Z

# npm audit report

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

qs  6.7.0 - 6.14.1
qs's arrayLimit bypass in comma parsing allows denial of service - https://github.com/advisories/GHSA-w7fw-mjwx-w883
fix available via `npm audit fix`
node_modules/qs

2 vulnerabilities (1 low, 1 high)

To address all issues, run:
  npm audit fix

github-actions · 2026-02-17T20:17:08Z

# npm audit report

ajv  <8.18.0
Severity: moderate
ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
No fix available
node_modules/ajv
node_modules/ajv-formats/node_modules/ajv
node_modules/schema-utils/node_modules/ajv
node_modules/workbox-build/node_modules/ajv
  @eslint/eslintrc  *
  Depends on vulnerable versions of ajv
  node_modules/@eslint/eslintrc
    eslint  >=4.2.0
    Depends on vulnerable versions of @eslint-community/eslint-utils
    Depends on vulnerable versions of @eslint/eslintrc
    Depends on vulnerable versions of ajv
    node_modules/eslint
      @babel/eslint-parser  *
      Depends on vulnerable versions of eslint
      node_modules/@babel/eslint-parser
        eslint-config-react-app  >=3.0.0-next.03604a46
        Depends on vulnerable versions of @babel/eslint-parser
        Depends on vulnerable versions of @typescript-eslint/eslint-plugin
        Depends on vulnerable versions of @typescript-eslint/parser
        Depends on vulnerable versions of eslint
        Depends on vulnerable versions of eslint-plugin-flowtype
        Depends on vulnerable versions of eslint-plugin-jest
        Depends on vulnerable versions of eslint-plugin-testing-library
        node_modules/eslint-config-react-app
      @eslint-community/eslint-utils  *
      Depends on vulnerable versions of eslint
      node_modules/@eslint-community/eslint-utils
        @typescript-eslint/utils  *
        Depends on vulnerable versions of @eslint-community/eslint-utils
        Depends on vulnerable versions of eslint
        node_modules/@typescript-eslint/utils
          @typescript-eslint/eslint-plugin  *
          Depends on vulnerable versions of @typescript-eslint/parser
          Depends on vulnerable versions of @typescript-eslint/type-utils
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/@typescript-eslint/eslint-plugin
            eslint-plugin-jest  >=22.0.0
            Depends on vulnerable versions of @typescript-eslint/eslint-plugin
            Depends on vulnerable versions of eslint
            node_modules/eslint-plugin-jest
          @typescript-eslint/experimental-utils  >=5.7.1-alpha.0
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/@typescript-eslint/experimental-utils
          @typescript-eslint/type-utils  >=5.9.2-alpha.0
          Depends on vulnerable versions of @typescript-eslint/utils
          node_modules/@typescript-eslint/type-utils
          eslint-plugin-testing-library  *
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/eslint-plugin-testing-library
      @typescript-eslint/parser  *
      Depends on vulnerable versions of eslint
      node_modules/@typescript-eslint/parser
      eslint-plugin-flowtype  >=3.10.5
      Depends on vulnerable versions of eslint
      node_modules/eslint-plugin-flowtype
      eslint-webpack-plugin  *
      Depends on vulnerable versions of eslint
      node_modules/eslint-webpack-plugin
      fork-ts-checker-webpack-plugin  5.0.0-alpha.1 - 7.0.0-alpha.16 || >=7.2.2
      Depends on vulnerable versions of eslint
      Depends on vulnerable versions of schema-utils
      node_modules/fork-ts-checker-webpack-plugin
        react-dev-utils  >=12.0.0-next.31
        Depends on vulnerable versions of fork-ts-checker-webpack-plugin
        node_modules/react-dev-utils
  ajv-keywords  2.1.1 - 4.0.1
  Depends on vulnerable versions of ajv
  node_modules/ajv-keywords
    schema-utils  <=3.3.0
    Depends on vulnerable versions of ajv
    Depends on vulnerable versions of ajv-keywords
    node_modules/babel-loader/node_modules/schema-utils
    node_modules/file-loader/node_modules/schema-utils
    node_modules/fork-ts-checker-webpack-plugin/node_modules/schema-utils
      babel-loader  8.1.0 - 8.4.1
      Depends on vulnerable versions of schema-utils
      node_modules/babel-loader
      file-loader  >=1.1.0
      Depends on vulnerable versions of schema-utils
      node_modules/file-loader

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

qs  6.7.0 - 6.14.1
qs's arrayLimit bypass in comma parsing allows denial of service - https://github.com/advisories/GHSA-w7fw-mjwx-w883
fix available via `npm audit fix`
node_modules/qs

23 vulnerabilities (1 low, 21 moderate, 1 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>

github-actions · 2026-02-18T16:06:20Z

# npm audit report

ajv  <8.18.0
Severity: moderate
ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
fix available via `npm audit fix --force`
Will install eslint-config-react-app@2.1.0, which is a breaking change
node_modules/ajv
node_modules/ajv-formats/node_modules/ajv
node_modules/schema-utils/node_modules/ajv
node_modules/workbox-build/node_modules/ajv
  @eslint/eslintrc  *
  Depends on vulnerable versions of ajv
  node_modules/@eslint/eslintrc
    eslint  >=4.2.0
    Depends on vulnerable versions of @eslint-community/eslint-utils
    Depends on vulnerable versions of @eslint/eslintrc
    Depends on vulnerable versions of ajv
    node_modules/eslint
      @babel/eslint-parser  *
      Depends on vulnerable versions of eslint
      node_modules/@babel/eslint-parser
        eslint-config-react-app  >=3.0.0-next.03604a46
        Depends on vulnerable versions of @babel/eslint-parser
        Depends on vulnerable versions of @typescript-eslint/eslint-plugin
        Depends on vulnerable versions of @typescript-eslint/parser
        Depends on vulnerable versions of eslint
        Depends on vulnerable versions of eslint-plugin-flowtype
        Depends on vulnerable versions of eslint-plugin-jest
        Depends on vulnerable versions of eslint-plugin-testing-library
        node_modules/eslint-config-react-app
      @eslint-community/eslint-utils  *
      Depends on vulnerable versions of eslint
      node_modules/@eslint-community/eslint-utils
        @typescript-eslint/utils  *
        Depends on vulnerable versions of @eslint-community/eslint-utils
        Depends on vulnerable versions of eslint
        node_modules/@typescript-eslint/utils
          @typescript-eslint/eslint-plugin  *
          Depends on vulnerable versions of @typescript-eslint/parser
          Depends on vulnerable versions of @typescript-eslint/type-utils
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/@typescript-eslint/eslint-plugin
            eslint-plugin-jest  >=22.0.0
            Depends on vulnerable versions of @typescript-eslint/eslint-plugin
            Depends on vulnerable versions of eslint
            node_modules/eslint-plugin-jest
          @typescript-eslint/experimental-utils  >=5.7.1-alpha.0
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/@typescript-eslint/experimental-utils
          @typescript-eslint/type-utils  >=5.9.2-alpha.0
          Depends on vulnerable versions of @typescript-eslint/utils
          node_modules/@typescript-eslint/type-utils
          eslint-plugin-testing-library  *
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/eslint-plugin-testing-library
      @typescript-eslint/parser  *
      Depends on vulnerable versions of eslint
      node_modules/@typescript-eslint/parser
      eslint-plugin-flowtype  >=3.10.5
      Depends on vulnerable versions of eslint
      node_modules/eslint-plugin-flowtype
      eslint-webpack-plugin  *
      Depends on vulnerable versions of eslint
      node_modules/eslint-webpack-plugin
      fork-ts-checker-webpack-plugin  5.0.0-alpha.1 - 7.0.0-alpha.16 || >=7.2.2
      Depends on vulnerable versions of eslint
      Depends on vulnerable versions of schema-utils
      node_modules/fork-ts-checker-webpack-plugin
        react-dev-utils  >=12.0.0-next.31
        Depends on vulnerable versions of fork-ts-checker-webpack-plugin
        node_modules/react-dev-utils
  ajv-keywords  2.1.1 - 4.0.1
  Depends on vulnerable versions of ajv
  node_modules/ajv-keywords
    schema-utils  <=3.3.0
    Depends on vulnerable versions of ajv
    Depends on vulnerable versions of ajv-keywords
    node_modules/babel-loader/node_modules/schema-utils
    node_modules/file-loader/node_modules/schema-utils
    node_modules/fork-ts-checker-webpack-plugin/node_modules/schema-utils
      babel-loader  8.1.0 - 8.4.1
      Depends on vulnerable versions of schema-utils
      node_modules/babel-loader
      file-loader  >=1.1.0
      Depends on vulnerable versions of schema-utils
      node_modules/file-loader

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

jsonpath  *
Severity: high
jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions - https://github.com/advisories/GHSA-87r5-mp6g-5w5j
fix available via `npm audit fix --force`
Will install bfj@9.1.3, which is a breaking change
node_modules/jsonpath
  bfj  7.1.0 - 9.1.2
  Depends on vulnerable versions of jsonpath
  node_modules/bfj

qs  6.7.0 - 6.14.1
qs's arrayLimit bypass in comma parsing allows denial of service - https://github.com/advisories/GHSA-w7fw-mjwx-w883
fix available via `npm audit fix`
node_modules/qs

25 vulnerabilities (1 low, 21 moderate, 3 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

sonarqubecloud · 2026-02-18T16:18:05Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 54f835f to dcdfc33 Compare December 5, 2025 12:17

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from dcdfc33 to 6b0f9b2 Compare December 9, 2025 16:17

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch 7 times, most recently from 6757343 to 7dc2df3 Compare December 13, 2025 00:14

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch 2 times, most recently from eeb86c9 to a29990c Compare December 31, 2025 20:13

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from a29990c to 5c8718d Compare January 9, 2026 20:16

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 5c8718d to c476983 Compare January 10, 2026 00:17

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from c476983 to 784e6ff Compare January 14, 2026 16:16

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 784e6ff to f07a1c0 Compare January 17, 2026 00:15

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from f07a1c0 to 93b85d4 Compare January 19, 2026 16:15

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 93b85d4 to e2117ff Compare January 27, 2026 00:15

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from e2117ff to 77a4eb5 Compare January 27, 2026 12:16

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 77a4eb5 to 0ab2d27 Compare January 29, 2026 00:15

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 0ab2d27 to e3a7e97 Compare January 29, 2026 12:15

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from e3a7e97 to db475ee Compare January 29, 2026 16:17

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from db475ee to 225c5af Compare February 3, 2026 20:04

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch 3 times, most recently from e739c9e to 6e9daa3 Compare February 11, 2026 00:14

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 6e9daa3 to 7de2ea9 Compare February 11, 2026 16:05

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 7de2ea9 to a004a58 Compare February 13, 2026 00:14

red-hat-konflux bot changed the title ~~Replace dependency npm-run-all with npm-run-all2 ^5.0.0~~ chore(deps): replace dependency npm-run-all with npm-run-all2 ^5.0.0 Feb 13, 2026

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from a004a58 to 3445717 Compare February 16, 2026 20:14

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 3445717 to f363ecb Compare February 17, 2026 20:16

chore(deps): replace dependency npm-run-all with npm-run-all2 ^5.0.0

e2205d8

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>

red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from f363ecb to e2205d8 Compare February 18, 2026 16:05

Conversation

red-hat-konflux bot commented Nov 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Configuration

Documentation

Uh oh!

github-actions bot commented Dec 5, 2025

Uh oh!

github-actions bot commented Dec 9, 2025

Uh oh!

github-actions bot commented Jan 9, 2026

Uh oh!

github-actions bot commented Jan 10, 2026

Uh oh!

github-actions bot commented Jan 14, 2026

Uh oh!

github-actions bot commented Jan 17, 2026

Uh oh!

github-actions bot commented Jan 19, 2026

Uh oh!

github-actions bot commented Jan 27, 2026

Uh oh!

github-actions bot commented Jan 27, 2026

Uh oh!

github-actions bot commented Jan 29, 2026

Uh oh!

github-actions bot commented Jan 29, 2026

Uh oh!

github-actions bot commented Jan 29, 2026

Uh oh!

github-actions bot commented Feb 3, 2026

Uh oh!

github-actions bot commented Feb 11, 2026

Uh oh!

github-actions bot commented Feb 11, 2026

Uh oh!

github-actions bot commented Feb 13, 2026

Uh oh!

github-actions bot commented Feb 16, 2026

Uh oh!

github-actions bot commented Feb 17, 2026

Uh oh!

github-actions bot commented Feb 18, 2026

Uh oh!

sonarqubecloud bot commented Feb 18, 2026

Quality Gate passed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

red-hat-konflux bot commented Nov 6, 2025 •

edited

Loading