Bump brace-expansion from 2.0.1 to 2.0.2 in /chains/evm · smartcontractkit/chainlink-ccip@ad7d974

Triggered via pull request September 12, 2025 16:52

opened #1196

Status Failure

Total duration 42s

Artifacts –

dependency-review-vulnerability.yml Required

on: pull_request

1 error and 10 warnings

Dependency review detected vulnerable packages.

npm/inherits has an OpenSSF Scorecard of 2.6, which is less than this repository's threshold of 3.

npm/hmac-drbg has an OpenSSF Scorecard of 2.6, which is less than this repository's threshold of 3.

npm/hash.js has an OpenSSF Scorecard of 1.4, which is less than this repository's threshold of 3.

npm/get-func-name has an OpenSSF Scorecard of 2.9, which is less than this repository's threshold of 3.

npm/fs.realpath has an OpenSSF Scorecard of 2.5, which is less than this repository's threshold of 3.

npm/find-yarn-workspace-root has an OpenSSF Scorecard of 2.5, which is less than this repository's threshold of 3.

npm/elliptic has an OpenSSF Scorecard of 1.4, which is less than this repository's threshold of 3.

npm/cross-spawn has an OpenSSF Scorecard of 2.9, which is less than this repository's threshold of 3.

npm/brorand has an OpenSSF Scorecard of 2.6, which is less than this repository's threshold of 3.

npm/better-ajv-errors has an OpenSSF Scorecard of 2.7, which is less than this repository's threshold of 3.