Skip to content

chore(deps): replace dependency npm-run-all with npm-run-all2 ^5.0.0#1784

Open
red-hat-konflux[bot] wants to merge 1 commit intomainfrom
konflux/mintmaker/main/npm-run-all-replacement
Open

chore(deps): replace dependency npm-run-all with npm-run-all2 ^5.0.0#1784
red-hat-konflux[bot] wants to merge 1 commit intomainfrom
konflux/mintmaker/main/npm-run-all-replacement

Conversation

@red-hat-konflux
Copy link
Contributor

@red-hat-konflux red-hat-konflux bot commented Nov 6, 2025

This PR contains the following updates:

Package Type Update Change
npm-run-allnpm-run-all2 devDependencies replacement ^4.1.5 -> ^5.0.0

This is a special PR that replaces npm-run-all with the community suggested minimal stable replacement version.


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 54f835f to dcdfc33 Compare December 5, 2025 12:17
@github-actions
Copy link

github-actions bot commented Dec 5, 2025

# npm audit report

happy-dom  <20.0.0
Severity: critical
Happy DOM: VM Context Escape can lead to Remote Code Execution - https://github.com/advisories/GHSA-37j7-fg3j-429f
fix available via `npm audit fix --force`
Will install happy-dom@20.0.11, which is a breaking change
node_modules/happy-dom

js-yaml  <3.14.2 || >=4.0.0 <4.1.1
Severity: moderate
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
fix available via `npm audit fix`
node_modules/@eslint/eslintrc/node_modules/js-yaml
node_modules/cosmiconfig/node_modules/js-yaml
node_modules/eslint/node_modules/js-yaml
node_modules/js-yaml

node-forge  <=1.3.1
Severity: high
node-forge has ASN.1 Unbounded Recursion - https://github.com/advisories/GHSA-554w-wpv2-vw27
node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization - https://github.com/advisories/GHSA-5gfm-wpxj-wjgq
node-forge is vulnerable to ASN.1 OID Integer Truncation - https://github.com/advisories/GHSA-65ch-62r8-g69g
fix available via `npm audit fix`
node_modules/node-forge

3 vulnerabilities (1 moderate, 1 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from dcdfc33 to 6b0f9b2 Compare December 9, 2025 16:17
@github-actions
Copy link

github-actions bot commented Dec 9, 2025

# npm audit report

happy-dom  <20.0.0
Severity: critical
Happy DOM: VM Context Escape can lead to Remote Code Execution - https://github.com/advisories/GHSA-37j7-fg3j-429f
fix available via `npm audit fix --force`
Will install happy-dom@20.0.11, which is a breaking change
node_modules/happy-dom

js-yaml  <3.14.2 || >=4.0.0 <4.1.1
Severity: moderate
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
fix available via `npm audit fix`
node_modules/@eslint/eslintrc/node_modules/js-yaml
node_modules/cosmiconfig/node_modules/js-yaml
node_modules/eslint/node_modules/js-yaml
node_modules/js-yaml

node-forge  <=1.3.1
Severity: high
node-forge has ASN.1 Unbounded Recursion - https://github.com/advisories/GHSA-554w-wpv2-vw27
node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization - https://github.com/advisories/GHSA-5gfm-wpxj-wjgq
node-forge is vulnerable to ASN.1 OID Integer Truncation - https://github.com/advisories/GHSA-65ch-62r8-g69g
fix available via `npm audit fix`
node_modules/node-forge

3 vulnerabilities (1 moderate, 1 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch 7 times, most recently from 6757343 to 7dc2df3 Compare December 13, 2025 00:14
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch 2 times, most recently from eeb86c9 to a29990c Compare December 31, 2025 20:13
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from a29990c to 5c8718d Compare January 9, 2026 20:16
@github-actions
Copy link

github-actions bot commented Jan 9, 2026

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom


3 high severity vulnerabilities

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 5c8718d to c476983 Compare January 10, 2026 00:17
@github-actions
Copy link

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom


3 high severity vulnerabilities

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from c476983 to 784e6ff Compare January 14, 2026 16:16
@github-actions
Copy link

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom


3 high severity vulnerabilities

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 784e6ff to f07a1c0 Compare January 17, 2026 00:15
@github-actions
Copy link

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom


3 high severity vulnerabilities

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from f07a1c0 to 93b85d4 Compare January 19, 2026 16:15
@github-actions
Copy link

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom


3 high severity vulnerabilities

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 93b85d4 to e2117ff Compare January 27, 2026 00:15
@github-actions
Copy link

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


4 vulnerabilities (1 moderate, 3 high)

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from e2117ff to 77a4eb5 Compare January 27, 2026 12:16
@github-actions
Copy link

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


4 vulnerabilities (1 moderate, 3 high)

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 77a4eb5 to 0ab2d27 Compare January 29, 2026 00:15
@github-actions
Copy link

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


4 vulnerabilities (1 moderate, 3 high)

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 0ab2d27 to e3a7e97 Compare January 29, 2026 12:15
@github-actions
Copy link

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


4 vulnerabilities (1 moderate, 3 high)

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from e3a7e97 to db475ee Compare January 29, 2026 16:17
@github-actions
Copy link

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

eslint  <9.26.0
Severity: moderate
eslint has a Stack Overflow when serializing objects with circular references - https://github.com/advisories/GHSA-p5wg-g6qr-c7cg
fix available via `npm audit fix --force`
Will install eslint@9.39.2, which is a breaking change
node_modules/eslint
  @typescript-eslint/eslint-plugin  <=8.0.0-alpha.62
  Depends on vulnerable versions of @typescript-eslint/parser
  Depends on vulnerable versions of @typescript-eslint/type-utils
  Depends on vulnerable versions of @typescript-eslint/utils
  Depends on vulnerable versions of eslint
  node_modules/@typescript-eslint/eslint-plugin
    eslint-config-react-app  >=0.1.0
    Depends on vulnerable versions of @typescript-eslint/eslint-plugin
    Depends on vulnerable versions of @typescript-eslint/parser
    Depends on vulnerable versions of eslint
    Depends on vulnerable versions of eslint-plugin-flowtype
    Depends on vulnerable versions of eslint-plugin-jest
    Depends on vulnerable versions of eslint-plugin-react-hooks
    Depends on vulnerable versions of eslint-plugin-testing-library
    node_modules/eslint-config-react-app
    eslint-plugin-jest  25.0.1 - 28.6.0
    Depends on vulnerable versions of @typescript-eslint/eslint-plugin
    Depends on vulnerable versions of eslint
    node_modules/eslint-plugin-jest
  @typescript-eslint/experimental-utils  >=5.7.1-alpha.0
  Depends on vulnerable versions of @typescript-eslint/utils
  Depends on vulnerable versions of eslint
  node_modules/@typescript-eslint/experimental-utils
  @typescript-eslint/parser  1.1.1-alpha.0 - 8.0.0-alpha.62
  Depends on vulnerable versions of eslint
  node_modules/@typescript-eslint/parser
  @typescript-eslint/utils  <=8.0.0-alpha.62
  Depends on vulnerable versions of eslint
  node_modules/@typescript-eslint/utils
    @typescript-eslint/type-utils  5.9.2-alpha.0 - 8.0.0-alpha.62
    Depends on vulnerable versions of @typescript-eslint/utils
    node_modules/@typescript-eslint/type-utils
    eslint-plugin-testing-library  3.3.1 - 7.0.0-beta.6
    Depends on vulnerable versions of @typescript-eslint/utils
    Depends on vulnerable versions of eslint
    node_modules/eslint-plugin-testing-library
  eslint-plugin-flowtype  >=5.0.0
  Depends on vulnerable versions of eslint
  node_modules/eslint-plugin-flowtype
  eslint-plugin-react-hooks  <=5.0.0-next-fecc288b7-20221025
  Depends on vulnerable versions of eslint
  node_modules/eslint-plugin-react-hooks
  eslint-webpack-plugin  <=4.1.0
  Depends on vulnerable versions of eslint
  node_modules/eslint-webpack-plugin

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


16 vulnerabilities (13 moderate, 3 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from db475ee to 225c5af Compare February 3, 2026 20:04
@github-actions
Copy link

github-actions bot commented Feb 3, 2026

# npm audit report

@remix-run/router  <=1.23.1
Severity: high
React Router vulnerable to XSS via Open Redirects - https://github.com/advisories/GHSA-2w69-qvjg-hvjx
fix available via `npm audit fix`
node_modules/@remix-run/router
  react-router  6.0.0 - 6.30.2
  Depends on vulnerable versions of @remix-run/router
  node_modules/react-router
    react-router-dom  6.0.0-alpha.0 - 6.30.2
    Depends on vulnerable versions of @remix-run/router
    Depends on vulnerable versions of react-router
    node_modules/react-router-dom

jsonpath  *
Severity: moderate
JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js - https://github.com/advisories/GHSA-6c59-mwgh-r2x6
fix available via `npm audit fix --force`
Will install bfj@7.0.2, which is a breaking change
node_modules/jsonpath
  bfj  >=7.1.0
  Depends on vulnerable versions of jsonpath
  node_modules/bfj

lodash  4.0.0 - 4.17.21
Severity: moderate
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
fix available via `npm audit fix`
node_modules/lodash


6 vulnerabilities (3 moderate, 3 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch 3 times, most recently from e739c9e to 6e9daa3 Compare February 11, 2026 00:14
@github-actions
Copy link

# npm audit report

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

1 high severity vulnerability

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 6e9daa3 to 7de2ea9 Compare February 11, 2026 16:05
@github-actions
Copy link

# npm audit report

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

1 high severity vulnerability

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 7de2ea9 to a004a58 Compare February 13, 2026 00:14
@red-hat-konflux red-hat-konflux bot changed the title Replace dependency npm-run-all with npm-run-all2 ^5.0.0 chore(deps): replace dependency npm-run-all with npm-run-all2 ^5.0.0 Feb 13, 2026
@github-actions
Copy link

# npm audit report

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

qs  6.7.0 - 6.14.1
qs's arrayLimit bypass in comma parsing allows denial of service - https://github.com/advisories/GHSA-w7fw-mjwx-w883
fix available via `npm audit fix`
node_modules/qs

2 vulnerabilities (1 low, 1 high)

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from a004a58 to 3445717 Compare February 16, 2026 20:14
@github-actions
Copy link

# npm audit report

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

qs  6.7.0 - 6.14.1
qs's arrayLimit bypass in comma parsing allows denial of service - https://github.com/advisories/GHSA-w7fw-mjwx-w883
fix available via `npm audit fix`
node_modules/qs

2 vulnerabilities (1 low, 1 high)

To address all issues, run:
  npm audit fix

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from 3445717 to f363ecb Compare February 17, 2026 20:16
@github-actions
Copy link

# npm audit report

ajv  <8.18.0
Severity: moderate
ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
No fix available
node_modules/ajv
node_modules/ajv-formats/node_modules/ajv
node_modules/schema-utils/node_modules/ajv
node_modules/workbox-build/node_modules/ajv
  @eslint/eslintrc  *
  Depends on vulnerable versions of ajv
  node_modules/@eslint/eslintrc
    eslint  >=4.2.0
    Depends on vulnerable versions of @eslint-community/eslint-utils
    Depends on vulnerable versions of @eslint/eslintrc
    Depends on vulnerable versions of ajv
    node_modules/eslint
      @babel/eslint-parser  *
      Depends on vulnerable versions of eslint
      node_modules/@babel/eslint-parser
        eslint-config-react-app  >=3.0.0-next.03604a46
        Depends on vulnerable versions of @babel/eslint-parser
        Depends on vulnerable versions of @typescript-eslint/eslint-plugin
        Depends on vulnerable versions of @typescript-eslint/parser
        Depends on vulnerable versions of eslint
        Depends on vulnerable versions of eslint-plugin-flowtype
        Depends on vulnerable versions of eslint-plugin-jest
        Depends on vulnerable versions of eslint-plugin-testing-library
        node_modules/eslint-config-react-app
      @eslint-community/eslint-utils  *
      Depends on vulnerable versions of eslint
      node_modules/@eslint-community/eslint-utils
        @typescript-eslint/utils  *
        Depends on vulnerable versions of @eslint-community/eslint-utils
        Depends on vulnerable versions of eslint
        node_modules/@typescript-eslint/utils
          @typescript-eslint/eslint-plugin  *
          Depends on vulnerable versions of @typescript-eslint/parser
          Depends on vulnerable versions of @typescript-eslint/type-utils
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/@typescript-eslint/eslint-plugin
            eslint-plugin-jest  >=22.0.0
            Depends on vulnerable versions of @typescript-eslint/eslint-plugin
            Depends on vulnerable versions of eslint
            node_modules/eslint-plugin-jest
          @typescript-eslint/experimental-utils  >=5.7.1-alpha.0
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/@typescript-eslint/experimental-utils
          @typescript-eslint/type-utils  >=5.9.2-alpha.0
          Depends on vulnerable versions of @typescript-eslint/utils
          node_modules/@typescript-eslint/type-utils
          eslint-plugin-testing-library  *
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/eslint-plugin-testing-library
      @typescript-eslint/parser  *
      Depends on vulnerable versions of eslint
      node_modules/@typescript-eslint/parser
      eslint-plugin-flowtype  >=3.10.5
      Depends on vulnerable versions of eslint
      node_modules/eslint-plugin-flowtype
      eslint-webpack-plugin  *
      Depends on vulnerable versions of eslint
      node_modules/eslint-webpack-plugin
      fork-ts-checker-webpack-plugin  5.0.0-alpha.1 - 7.0.0-alpha.16 || >=7.2.2
      Depends on vulnerable versions of eslint
      Depends on vulnerable versions of schema-utils
      node_modules/fork-ts-checker-webpack-plugin
        react-dev-utils  >=12.0.0-next.31
        Depends on vulnerable versions of fork-ts-checker-webpack-plugin
        node_modules/react-dev-utils
  ajv-keywords  2.1.1 - 4.0.1
  Depends on vulnerable versions of ajv
  node_modules/ajv-keywords
    schema-utils  <=3.3.0
    Depends on vulnerable versions of ajv
    Depends on vulnerable versions of ajv-keywords
    node_modules/babel-loader/node_modules/schema-utils
    node_modules/file-loader/node_modules/schema-utils
    node_modules/fork-ts-checker-webpack-plugin/node_modules/schema-utils
      babel-loader  8.1.0 - 8.4.1
      Depends on vulnerable versions of schema-utils
      node_modules/babel-loader
      file-loader  >=1.1.0
      Depends on vulnerable versions of schema-utils
      node_modules/file-loader

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

qs  6.7.0 - 6.14.1
qs's arrayLimit bypass in comma parsing allows denial of service - https://github.com/advisories/GHSA-w7fw-mjwx-w883
fix available via `npm audit fix`
node_modules/qs

23 vulnerabilities (1 low, 21 moderate, 1 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/npm-run-all-replacement branch from f363ecb to e2205d8 Compare February 18, 2026 16:05
@github-actions
Copy link

# npm audit report

ajv  <8.18.0
Severity: moderate
ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
fix available via `npm audit fix --force`
Will install eslint-config-react-app@2.1.0, which is a breaking change
node_modules/ajv
node_modules/ajv-formats/node_modules/ajv
node_modules/schema-utils/node_modules/ajv
node_modules/workbox-build/node_modules/ajv
  @eslint/eslintrc  *
  Depends on vulnerable versions of ajv
  node_modules/@eslint/eslintrc
    eslint  >=4.2.0
    Depends on vulnerable versions of @eslint-community/eslint-utils
    Depends on vulnerable versions of @eslint/eslintrc
    Depends on vulnerable versions of ajv
    node_modules/eslint
      @babel/eslint-parser  *
      Depends on vulnerable versions of eslint
      node_modules/@babel/eslint-parser
        eslint-config-react-app  >=3.0.0-next.03604a46
        Depends on vulnerable versions of @babel/eslint-parser
        Depends on vulnerable versions of @typescript-eslint/eslint-plugin
        Depends on vulnerable versions of @typescript-eslint/parser
        Depends on vulnerable versions of eslint
        Depends on vulnerable versions of eslint-plugin-flowtype
        Depends on vulnerable versions of eslint-plugin-jest
        Depends on vulnerable versions of eslint-plugin-testing-library
        node_modules/eslint-config-react-app
      @eslint-community/eslint-utils  *
      Depends on vulnerable versions of eslint
      node_modules/@eslint-community/eslint-utils
        @typescript-eslint/utils  *
        Depends on vulnerable versions of @eslint-community/eslint-utils
        Depends on vulnerable versions of eslint
        node_modules/@typescript-eslint/utils
          @typescript-eslint/eslint-plugin  *
          Depends on vulnerable versions of @typescript-eslint/parser
          Depends on vulnerable versions of @typescript-eslint/type-utils
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/@typescript-eslint/eslint-plugin
            eslint-plugin-jest  >=22.0.0
            Depends on vulnerable versions of @typescript-eslint/eslint-plugin
            Depends on vulnerable versions of eslint
            node_modules/eslint-plugin-jest
          @typescript-eslint/experimental-utils  >=5.7.1-alpha.0
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/@typescript-eslint/experimental-utils
          @typescript-eslint/type-utils  >=5.9.2-alpha.0
          Depends on vulnerable versions of @typescript-eslint/utils
          node_modules/@typescript-eslint/type-utils
          eslint-plugin-testing-library  *
          Depends on vulnerable versions of @typescript-eslint/utils
          Depends on vulnerable versions of eslint
          node_modules/eslint-plugin-testing-library
      @typescript-eslint/parser  *
      Depends on vulnerable versions of eslint
      node_modules/@typescript-eslint/parser
      eslint-plugin-flowtype  >=3.10.5
      Depends on vulnerable versions of eslint
      node_modules/eslint-plugin-flowtype
      eslint-webpack-plugin  *
      Depends on vulnerable versions of eslint
      node_modules/eslint-webpack-plugin
      fork-ts-checker-webpack-plugin  5.0.0-alpha.1 - 7.0.0-alpha.16 || >=7.2.2
      Depends on vulnerable versions of eslint
      Depends on vulnerable versions of schema-utils
      node_modules/fork-ts-checker-webpack-plugin
        react-dev-utils  >=12.0.0-next.31
        Depends on vulnerable versions of fork-ts-checker-webpack-plugin
        node_modules/react-dev-utils
  ajv-keywords  2.1.1 - 4.0.1
  Depends on vulnerable versions of ajv
  node_modules/ajv-keywords
    schema-utils  <=3.3.0
    Depends on vulnerable versions of ajv
    Depends on vulnerable versions of ajv-keywords
    node_modules/babel-loader/node_modules/schema-utils
    node_modules/file-loader/node_modules/schema-utils
    node_modules/fork-ts-checker-webpack-plugin/node_modules/schema-utils
      babel-loader  8.1.0 - 8.4.1
      Depends on vulnerable versions of schema-utils
      node_modules/babel-loader
      file-loader  >=1.1.0
      Depends on vulnerable versions of schema-utils
      node_modules/file-loader

axios  <=1.13.4
Severity: high
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix`
node_modules/axios

jsonpath  *
Severity: high
jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions - https://github.com/advisories/GHSA-87r5-mp6g-5w5j
fix available via `npm audit fix --force`
Will install bfj@9.1.3, which is a breaking change
node_modules/jsonpath
  bfj  7.1.0 - 9.1.2
  Depends on vulnerable versions of jsonpath
  node_modules/bfj

qs  6.7.0 - 6.14.1
qs's arrayLimit bypass in comma parsing allows denial of service - https://github.com/advisories/GHSA-w7fw-mjwx-w883
fix available via `npm audit fix`
node_modules/qs

25 vulnerabilities (1 low, 21 moderate, 3 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

@sonarqubecloud
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants

Comments