build(deps): bump tmp, eslint and karma

[dependabot]

Bumps tmp to 0.2.4 and updates ancestor dependencies tmp, eslint and karma. These dependencies need to be updated together.

Updates tmp from 0.0.33 to 0.2.4

Changelog

Sourced from tmp's changelog.

v0.2.2 (2024-02-28)

🐛 Bug Fix

• #278 Closes #268: Revert "fix #246: remove any double quotes or single quotes… (@​mbargiel)

📝 Documentation

• #279 Closes #266: move paragraph on graceful cleanup to the head of the documentation (@​silkentrance)

Committers: 5

• Carsten Klein (@​silkentrance)
• Dave Nicolson (@​dnicolson)
• KARASZI István (@​raszi)
• Maxime Bargiel (@​mbargiel)
• @​robertoaceves

v0.2.1 (2020-04-28)

🚀 Enhancement

• #252 Closes #250: introduce tmpdir option for overriding the system tmp dir (@​silkentrance)

🏠 Internal

• #253 Closes #191: generate changelog from pull requests using lerna-changelog (@​silkentrance)

Committers: 1

• Carsten Klein (@​silkentrance)

v0.2.0 (2020-04-25)

🚀 Enhancement

• #234 feat: stabilize tmp for v0.2.0 release (@​silkentrance)

🐛 Bug Fix

• #231 Closes #230: regression after fix for #197 (@​silkentrance)
• #220 Closes #197: return sync callback when using the sync interface, otherwise return the async callback (@​silkentrance)
• #193 Closes #192: tmp must not exit the process on its own (@​silkentrance)

📝 Documentation

• #221 Gh 206 document name option (@​silkentrance)

🏠 Internal

• #226 Closes #212: enable direct name option test (@​silkentrance)
• #225 Closes #211: existing tests must clean up after themselves (@​silkentrance)
• #224 Closes #217: name tests must use tmpName (@​silkentrance)
• #223 Closes #214: refactor tests and lib (@​silkentrance)
• #198 Update dependencies to latest versions (@​matsev)

... (truncated)

Commits

• 08fa3ab Update version
• 1cf4ec5 Merge commit from fork
• 188b25e Fix GHSA-52f5-9888-hmc6
• 73b9fe4 Add test case for GHSA-52f5-9888-hmc6
• b8e2f29 Remove broken tests
• 2892a02 Remove outdated URL
• f592318 Reformat package.json
• 995ac8c Merge pull request #301 from raszi/dependabot/npm_and_yarn/braces-3.0.3
• caa758d Bump braces from 3.0.2 to 3.0.3
• 5f0b252 Merge pull request #297 from raszi/feat/release-v0.2.3
• Additional commits viewable in compare view

Updates eslint from 5.16.0 to 9.32.0

Release notes

Sourced from eslint's releases.

v9.32.0

Features

• 1245000 feat: support explicit resource management in core rules (#19828) (fnx)
• 0e957a7 feat: support typescript types in accessor rules (#19882) (fnx)

Bug Fixes

• 960fd40 fix: Upgrade @​eslint/js (#19971) (Nicholas C. Zakas)
• bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)
• d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)
• f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)
• 7863d26 fix: remove outdated types in ParserOptions.ecmaFeatures (#19944) (ntnyq)
• 3173305 fix: update execScript message in no-implied-eval rule (#19937) (TKDev7)

Documentation

• 86e7426 docs: Update README (GitHub Actions Bot)

Chores

• 50de1ce chore: package.json update for @​eslint/js release (Jenkins)
• 74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)
• 2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)
• b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)
• f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)
• e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)
• e855717 chore: switch performance tests to hyperfine (#19919) (Francesco Trotta)
• 2f73a23 test: switch to flat config mode in ast-utils tests (#19948) (Milos Djermanovic)
• c565a53 chore: exclude further_reading_links.json from Prettier formatting (#19943) (Milos Djermanovic)

v9.31.0

Features

• 35cf44c feat: output full actual location in rule tester if different (#19904) (ST-DDT)
• a6a6325 feat: support explicit resource management in no-loop-func (#19895) (Milos Djermanovic)
• 4682cdc feat: support explicit resource management in no-undef-init (#19894) (Milos Djermanovic)
• 5848216 feat: support explicit resource management in init-declarations (#19893) (Milos Djermanovic)
• bb370b8 feat: support explicit resource management in no-const-assign (#19892) (Milos Djermanovic)

Bug Fixes

• 07fac6c fix: retry on EMFILE when writing autofix results (#19926) (TKDev7)
• 28cc7ab fix: Remove incorrect RuleContext types (#19910) (Nicholas C. Zakas)

Documentation

• 664cb44 docs: Update README (GitHub Actions Bot)
• 40dbe2a docs: fix mismatch between globalIgnores() code and text (#19914) (MaoShizhong)
• 5a0069d docs: Update README (GitHub Actions Bot)
• fef04b5 docs: Update working on issues info (#19902) (Nicholas C. Zakas)

Chores

• 3ddd454 chore: upgrade to @eslint/[email protected] (#19935) (Francesco Trotta)
• d5054e5 chore: package.json update for @​eslint/js release (Jenkins)
• 0f4a378 chore: update eslint (#19933) (renovate[bot])
• 76c2340 chore: bump mocha to v11 (#19917) (루밀LuMir)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.32.0 - July 25, 2025

• 960fd40 fix: Upgrade @​eslint/js (#19971) (Nicholas C. Zakas)
• 50de1ce chore: package.json update for @​eslint/js release (Jenkins)
• bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)
• 74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)
• d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)
• 2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)
• b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)
• f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)
• f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)
• 86e7426 docs: Update README (GitHub Actions Bot)
• e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)
• 1245000 feat: support explicit resource management in core rules (#19828) (fnx)
• e855717 chore: switch performance tests to hyperfine (#19919) (Francesco Trotta)
• 0e957a7 feat: support typescript types in accessor rules (#19882) (fnx)
• 2f73a23 test: switch to flat config mode in ast-utils tests (#19948) (Milos Djermanovic)
• 7863d26 fix: remove outdated types in ParserOptions.ecmaFeatures (#19944) (ntnyq)
• c565a53 chore: exclude further_reading_links.json from Prettier formatting (#19943) (Milos Djermanovic)
• 3173305 fix: update execScript message in no-implied-eval rule (#19937) (TKDev7)

v9.31.0 - July 11, 2025

• 3ddd454 chore: upgrade to @eslint/[email protected] (#19935) (Francesco Trotta)
• d5054e5 chore: package.json update for @​eslint/js release (Jenkins)
• 0f4a378 chore: update eslint (#19933) (renovate[bot])
• 664cb44 docs: Update README (GitHub Actions Bot)
• 07fac6c fix: retry on EMFILE when writing autofix results (#19926) (TKDev7)
• 35cf44c feat: output full actual location in rule tester if different (#19904) (ST-DDT)
• 40dbe2a docs: fix mismatch between globalIgnores() code and text (#19914) (MaoShizhong)
• 76c2340 chore: bump mocha to v11 (#19917) (루밀LuMir)
• 28cc7ab fix: Remove incorrect RuleContext types (#19910) (Nicholas C. Zakas)
• a6a6325 feat: support explicit resource management in no-loop-func (#19895) (Milos Djermanovic)
• 4682cdc feat: support explicit resource management in no-undef-init (#19894) (Milos Djermanovic)
• 5848216 feat: support explicit resource management in init-declarations (#19893) (Milos Djermanovic)
• bb370b8 feat: support explicit resource management in no-const-assign (#19892) (Milos Djermanovic)
• 5a0069d docs: Update README (GitHub Actions Bot)
• fef04b5 docs: Update working on issues info (#19902) (Nicholas C. Zakas)

v9.30.1 - July 1, 2025

• b035f74 chore: upgrade to @eslint/[email protected] (#19906) (Francesco Trotta)
• b3dbc16 chore: package.json update for @​eslint/js release (Jenkins)
• e91bb87 fix: allow separate default and named type imports (#19899) (xbinaryx)
• ab7c625 docs: Update README (GitHub Actions Bot)
• dae1e5b docs: update jsdoc's link (#19896) (JamesVanWaza)

v9.30.0 - June 27, 2025

• 2b6491c chore: upgrade to @eslint/[email protected] (#19889) (Francesco Trotta)

... (truncated)

Commits

• 2364031 9.32.0
• a0e62e2 Build: changelog update for 9.32.0
• 960fd40 fix: Upgrade @​eslint/js (#19971)
• 50de1ce chore: package.json update for @​eslint/js release
• bbf23fa fix: Refactor reporting into FileReport (#19877)
• 74f01a3 ci: unpin jiti to version ^2.5.1 (#19970)
• d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965)
• 2ab1381 ci: pin jiti to version 2.4.2 (#19964)
• b7f7545 test: switch to flat config mode in SourceCode tests (#19953)
• f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by eslintbot, a new releaser for eslint since your current version.

Updates karma from 3.1.4 to 6.4.4

Release notes

Sourced from karma's releases.

v6.4.4

6.4.4 (2024-07-29)

v6.4.3

6.4.3 (2024-02-24)

Bug Fixes

• add build commits for patch release (d7f2d69)

v6.4.2

6.4.2 (2023-04-21)

Bug Fixes

• few typos (c6a4271)

v6.4.1

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

v6.4.0

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

v6.3.20

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

v6.3.19

6.3.19 (2022-04-19)

Bug Fixes

... (truncated)

Changelog

Sourced from karma's changelog.

6.4.4 (2024-07-29)

6.4.3 (2024-02-24)

Bug Fixes

• add build commits for patch release (d7f2d69)

6.4.2 (2023-04-21)

Bug Fixes

• few typos (c6a4271)

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

... (truncated)

Commits

• 84f85e7 chore(release): 6.4.4 [skip ci]
• a4d1284 build(deps-dev): bump ws from 6.2.1 to 6.2.3
• d8cf806 chore(release): 6.4.3 [skip ci]
• d7f2d69 fix: add build commits for patch release
• 85a2eeb build(deps-dev): bump decode-uri-component from 0.2.0 to 0.2.2
• 0bffce2 build(deps): updated socket.io version to fix security issues with socket.io-...
• 86667ab build(deps): bump follow-redirects from 1.11.0 to 1.15.4
• 450fdfd docs: Add deprecation notice to Karma README
• 9de3c00 chore(release): 6.4.2 [skip ci]
• c6a4271 fix: few typos
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[ibcheckmarx]

Checkmarx One – Scan Summary & Details – ef82522c-c8e1-4fc4-9c82-344a45be9f60

New Issues (526)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2017-16042	Npm-growl-1.9.2	details Recommended version: 1.10.0 Description: Growl adds growl notification support to nodejs. Growl versions prior to 1.10.0 does not properly sanitize input before passing it to exec, allowin... Attack Vector: NETWORK Attack Complexity: LOW ID: DGrOl%2BtFRw1J3IKUoMMl3ii0pBmK12%2BxqcyKOs8J9cA%3D Vulnerable Package
	CVE-2018-11499	Npm-node-sass-4.5.3	details Description: A Use-After-Free vulnerability exists in "handle_error()" in "sass_context.cpp" in LibSass 3.4.x and 3.5.x through 3.5.5 that could be leveraged to... Attack Vector: NETWORK Attack Complexity: LOW ID: xE91d%2B6PZC5Gf%2FS9%2Buy9Fpkhmpj0Hu6Jp1%2BXW5%2B6qv4%3D Vulnerable Package
	CVE-2018-16492	Npm-extend-3.0.0	details Recommended version: 3.0.2 Description: A Prototype Pollution vulnerability was found in module extend that allows an attacker to inject arbitrary properties onto "Object.Prototype". This... Attack Vector: NETWORK Attack Complexity: LOW ID: 4enhMzUJsToTPdUv83rSfFlscMgc%2FCcCJ0eQOakydg0%3D Vulnerable Package
	CVE-2018-16492	Npm-extend-3.0.1	details Recommended version: 3.0.2 Description: A Prototype Pollution vulnerability was found in module extend that allows an attacker to inject arbitrary properties onto "Object.Prototype". This... Attack Vector: NETWORK Attack Complexity: LOW ID: IigQ1%2B%2B33nCUvxI4SiYhLRiFNPaw3sjoAq0%2Bviq839M%3D Vulnerable Package
	CVE-2018-3739	Npm-https-proxy-agent-1.0.0	details Recommended version: 2.2.0 Description: https-proxy-agent before 2.2.0 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory ... Attack Vector: NETWORK Attack Complexity: LOW ID: Bn4U555scjQK6UuNGfeYygtxRWdFhlZM%2BvJgAds0JZ4%3D Vulnerable Package
	CVE-2018-3739	Npm-https-proxy-agent-2.1.0	details Recommended version: 2.2.0 Description: https-proxy-agent before 2.2.0 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory ... Attack Vector: NETWORK Attack Complexity: LOW ID: O6aY3w56TrUF58%2BsbRtrxCC67KuZiBVBcWB52bKfaFs%3D Vulnerable Package
	CVE-2018-3750	Npm-deep-extend-0.4.1	details Recommended version: 0.5.1 Description: The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attac... Attack Vector: NETWORK Attack Complexity: LOW ID: 7E2H3Ej7Z5CrVy7ksg9LqIwL1MoGLWhIF3sh3UoGr%2B4%3D Vulnerable Package
	CVE-2018-3750	Npm-deep-extend-0.4.2	details Recommended version: 0.5.1 Description: The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attac... Attack Vector: NETWORK Attack Complexity: LOW ID: q%2FBa3rhYpl8iVvyEDk%2B9UzvfXPP9TVGzeaOhXodjB98%3D Vulnerable Package
	CVE-2019-10747	Npm-set-value-0.4.3	details Recommended version: 2.0.1 Description: set-value is vulnerable to Prototype Pollution before 2.0.1 and 3.x before 3.0.1. The function mixin-deep could be tricked into adding or modifying... Attack Vector: NETWORK Attack Complexity: LOW ID: %2FdrkXCEspSi8NWnA2sUhPuecQyEhzeOMvtFaP0BgrnQ%3D Vulnerable Package
	CVE-2019-10747	Npm-set-value-2.0.0	details Recommended version: 2.0.1 Description: set-value is vulnerable to Prototype Pollution before 2.0.1 and 3.x before 3.0.1. The function mixin-deep could be tricked into adding or modifying... Attack Vector: NETWORK Attack Complexity: LOW ID: eUqnrujC68gdaXLKLejIGY2q8NDsP5y83G9%2FJZUT0%2Fs%3D Vulnerable Package
	CVE-2019-15657	Npm-eslint-utils-1.3.1	details Recommended version: 1.4.1 Description: In eslint-utils versions 1.2.0 through 1.4.0, the "getStaticValue" function can execute arbitrary code. Attack Vector: NETWORK Attack Complexity: LOW ID: geBfNAVpXbABzKR6v35N6XG7BZbsMHH0yKbRjkqd0ac%3D Vulnerable Package
	CVE-2019-19919	Npm-handlebars-4.0.10	details Recommended version: 4.7.7 Description: Versions of handlebars prior to 3.0.8 and 4.x prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may ... Attack Vector: NETWORK Attack Complexity: LOW ID: Ln7HbO31WrI5DcZ5W07G80emNtg42CdCjjM3fvDpi8o%3D Vulnerable Package
	CVE-2019-19919	Npm-handlebars-4.1.2	details Recommended version: 4.7.7 Description: Versions of handlebars prior to 3.0.8 and 4.x prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may ... Attack Vector: NETWORK Attack Complexity: LOW ID: zVyQapjrn3IsDukwFctIk9oNgIP%2F3YHeRcAHyptOX%2B0%3D Vulnerable Package
	CVE-2020-7788	Npm-ini-1.3.4	details Recommended version: 1.3.6 Description: The package ini versions prior to 1.3.6 have a Prototype Pollution vulnerability. If an attacker submits a malicious INI file to an application tha... Attack Vector: NETWORK Attack Complexity: LOW ID: BxOMfEYM17a689eMJoketIT7nyCeSfzCRIHPqV97Jzs%3D Vulnerable Package
	CVE-2020-7788	Npm-ini-1.3.5	details Recommended version: 1.3.6 Description: The package ini versions prior to 1.3.6 have a Prototype Pollution vulnerability. If an attacker submits a malicious INI file to an application tha... Attack Vector: NETWORK Attack Complexity: LOW ID: %2Fdvr9%2BHoI9Q%2BOMXQ%2FZRbTVYJyLZf6bua56cqepinPkM%3D Vulnerable Package
	CVE-2021-21353	Npm-pug-code-gen-2.0.0	details Recommended version: 3.0.3 Description: In pug-code-gen before version 2.0.3 and 3.x before 3.0.2, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. i... Attack Vector: NETWORK Attack Complexity: HIGH ID: jimBhvadzGa10qL0jL5n%2Br6XhvdAhuCONdT0wcuR3IE%3D Vulnerable Package
	CVE-2021-23406	Npm-pac-resolver-2.0.0	details Recommended version: 5.0.0 Description: This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The f... Attack Vector: NETWORK Attack Complexity: LOW ID: 3r1fdHXJnB6Hc5oBW%2BQFz7hYHKjGupr2mso7mWLN16Q%3D Vulnerable Package
	CVE-2021-23406	Npm-degenerator-1.0.4	details Recommended version: 3.0.1 Description: This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The f... Attack Vector: NETWORK Attack Complexity: LOW ID: jLONZiAIYZ6vjX4WkjRAKlW%2FZmmWwJdT9KNGjdbf8JM%3D Vulnerable Package
	CVE-2021-23440	Npm-set-value-2.0.0	details Recommended version: 2.0.1 Description: This affects the package "set-value" prior to 2.0.1, prior to 3.0.3, and prior to 4.0.1. A Type Confusion vulnerability can lead to a bypass of CVE... Attack Vector: NETWORK Attack Complexity: LOW ID: FMlb%2BTEssYDV5KzQYzq7lg0QaqLfM7mn%2B%2F6eDFQQ85Q%3D Vulnerable Package
	CVE-2021-23440	Npm-set-value-0.4.3	details Recommended version: 2.0.1 Description: This affects the package "set-value" prior to 2.0.1, prior to 3.0.3, and prior to 4.0.1. A Type Confusion vulnerability can lead to a bypass of CVE... Attack Vector: NETWORK Attack Complexity: LOW ID: p4DKi5bJGUFlPw5govfTkkySOSYb38oQtrQjl6%2Bie5Y%3D Vulnerable Package
	CVE-2021-23555	Npm-vm2-3.5.0	details Recommended version: 3.9.6 Description: The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation... Attack Vector: NETWORK Attack Complexity: LOW ID: 1rqMvIW6eYqMGPI2DT2Sg5LHXp8foaRRxc2HjE%2Bk7Gs%3D Vulnerable Package
	CVE-2021-23555	Npm-vm2-3.6.0	details Recommended version: 3.9.6 Description: The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation... Attack Vector: NETWORK Attack Complexity: LOW ID: JeoZlLopEOkd7Sk8OUJ56mwim%2FwDDYG9h8RJq4HsAeg%3D Vulnerable Package
	CVE-2021-23807	Npm-jsonpointer-4.0.1	details Recommended version: 5.0.0 Description: A type confusion vulnerability in jsonpointer can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays. Th... Attack Vector: NETWORK Attack Complexity: LOW ID: ZgCr2aG6gQXutpAcxlZEYLY5rUEsyUcAxU4o3hrmNZk%3D Vulnerable Package
	CVE-2021-28918	Npm-netmask-1.0.6	details Recommended version: 2.0.1 Description: Improper input validation of octal strings in the netmask npm package versions through 1.0.6 allows unauthenticated remote attackers to perform ind... Attack Vector: NETWORK Attack Complexity: LOW ID: %2FQPiuF%2FU8%2FpOWIZ27uQh7PJWrSYj22PZrVCNBHtyneE%3D Vulnerable Package
	CVE-2021-3918	Npm-json-schema-0.2.3	details Recommended version: 0.4.0 Description: json-schema before 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Attack Vector: NETWORK Attack Complexity: LOW ID: Yb0J%2FWkPc8bDebcoxSCW%2FxzSS50SWJLrP3ZsfzwBEzg%3D Vulnerable Package
	CVE-2021-42740	Npm-shell-quote-1.6.1	details Recommended version: 1.7.3 Description: The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex de... Attack Vector: NETWORK Attack Complexity: LOW ID: 2dYXMTgM%2FuodaBiTBQQRbZW8g52cKgRYUT2bYQ%2F0VSw%3D Vulnerable Package
	CVE-2022-0686	Npm-url-parse-1.1.9	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable... Attack Vector: NETWORK Attack Complexity: LOW ID: E%2F9Vzrukdh8wd7vYV2mWa6mTmCCZXXsARojHBAKW1sg%3D Vulnerable Package
	CVE-2022-0686	Npm-url-parse-1.4.4	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable... Attack Vector: NETWORK Attack Complexity: LOW ID: i1DwTITtOL6tc1caIPKvUo6Ktwlwa0w5%2BgK%2FIYLLZpE%3D Vulnerable Package
	CVE-2022-0686	Npm-url-parse-1.1.8	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable... Attack Vector: NETWORK Attack Complexity: LOW ID: iyJ2jlARholCh8jgjclCkQKmAXD5L8grhp1Dj0q71hA%3D Vulnerable Package
	CVE-2022-0686	Npm-url-parse-1.4.7	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable... Attack Vector: NETWORK Attack Complexity: LOW ID: L0x%2Fz%2BqwUxvVsPJaIXZsXo9YfB6GA4hmNXoAiO%2FwZzk%3D Vulnerable Package
	CVE-2022-0686	Npm-url-parse-1.0.5	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable... Attack Vector: NETWORK Attack Complexity: LOW ID: N4mXHbsk%2Facruv9Y6%2FGq%2BXqgEZCkgcdPwNB8SnGfQpw%3D Vulnerable Package
	CVE-2022-0691	Npm-url-parse-1.4.7	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse versions 1.4.5 through 1.5.8. Bypasses "https://hackerone\.com/reports/496293" via... Attack Vector: NETWORK Attack Complexity: LOW ID: ccph18tyBR46rOiGtR3J833pHTKLqizgb3xHkySyz6I%3D Vulnerable Package
	CVE-2022-25893	Npm-vm2-3.6.0	details Recommended version: 3.9.10 Description: The package vm2 versions prior to 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the ''WeakMap.prototyp... Attack Vector: NETWORK Attack Complexity: LOW ID: 8MlmQwYMjzNlZjQw4VvjJ9f4TTLKh7CoEqJldZXJTO4%3D Vulnerable Package
	CVE-2022-25893	Npm-vm2-3.5.0	details Recommended version: 3.9.10 Description: The package vm2 versions prior to 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the ''WeakMap.prototyp... Attack Vector: NETWORK Attack Complexity: LOW ID: rWG67jfl2Rj2F1LtEgeM0Q9zf6AQ6k%2Bv%2Fp%2F3xK6qDjQ%3D Vulnerable Package
	CVE-2022-37611	Npm-gh-pages-1.1.0	details Recommended version: 5.0.0 Description: Prototype pollution vulnerability in the package gh-pages versions 0.2.0 through 4.0.0 via the "partial" variable in "util.js". Attack Vector: NETWORK Attack Complexity: LOW ID: 9HnQeiDCn3IXdEI2ojA3Y09Y8vshBhJ%2FUsU9OQxQwfo%3D Vulnerable Package

More results are available on the CxOne platform

Fixed Issues (7)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2022-2421	Npm-socket.io-parser-3.2.0
	Cx29ea9bf3-a8eb	Npm-macaddress-0.2.8
	CVE-2020-36048	Npm-engine.io-3.2.1
	CVE-2020-36049	Npm-socket.io-parser-3.2.0
	CVE-2022-0437	Npm-karma-3.1.4
	CVE-2022-21704	Npm-log4js-3.0.6
	CVE-2022-41940	Npm-engine.io-3.2.1