chore(deps-dev): bump stylelint from 15.11.0 to 16.23.0 #2194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

dependabot wants to merge 1 commit into main from dependabot/npm_and_yarn/stylelint-16.23.0

Closed

chore(deps-dev): bump stylelint from 15.11.0 to 16.23.0 #2194

chore(deps-dev): bump stylelint from 15.11.0 to 16.23.0

GitHub Advanced Security / Trivy failed Aug 4, 2025 in 3s

16 new alerts including 7 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

7 high
9 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 9385 in package-lock.json

Code scanning / Trivy

nodejs-axios: Regular expression denial of service in trim function High

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2021-3749
Severity: HIGH
Fixed Version: 0.21.2
Link: CVE-2021-3749

Check warning on line 9385 in package-lock.json

Code scanning / Trivy

nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address Medium

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2020-28168
Severity: MEDIUM
Fixed Version: 0.21.1
Link: CVE-2020-28168

Check warning on line 9385 in package-lock.json

Code scanning / Trivy

axios: exposure of confidential data stored in cookies Medium

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2023-45857
Severity: MEDIUM
Fixed Version: 1.6.0, 0.28.0
Link: CVE-2023-45857

Check failure on line 9385 in package-lock.json

Code scanning / Trivy

axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests High

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2025-27152
Severity: HIGH
Fixed Version: 1.8.2, 0.30.0
Link: CVE-2025-27152

Check warning on line 10739 in package-lock.json

Code scanning / Trivy

nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets Medium

Package: got
Installed Version: 6.7.1
Vulnerability CVE-2022-33987
Severity: MEDIUM
Fixed Version: 12.1.0, 11.8.5
Link: CVE-2022-33987

Check failure on line 14542 in package-lock.json

Code scanning / Trivy

follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor High

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2022-0155
Severity: HIGH
Fixed Version: 1.14.7
Link: CVE-2022-0155

Check warning on line 14542 in package-lock.json

Code scanning / Trivy

follow-redirects: Exposure of Sensitive Information via Authorization Header leak Medium

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2022-0536
Severity: MEDIUM
Fixed Version: 1.14.8
Link: CVE-2022-0536

Check warning on line 14542 in package-lock.json

Code scanning / Trivy

follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() Medium

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2023-26159
Severity: MEDIUM
Fixed Version: 1.15.4
Link: CVE-2023-26159

Check warning on line 14542 in package-lock.json

Code scanning / Trivy

follow-redirects: Possible credential leak Medium

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2024-28849
Severity: MEDIUM
Fixed Version: 1.15.6
Link: CVE-2024-28849

Check failure on line 15671 in package-lock.json

Code scanning / Trivy

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability High

Package: http-cache-semantics
Installed Version: 3.8.1
Vulnerability CVE-2022-25881
Severity: HIGH
Fixed Version: 4.1.1
Link: CVE-2022-25881

Check failure on line 17527 in package-lock.json

Code scanning / Trivy

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode High

Package: ssri
Installed Version: 5.3.0
Vulnerability CVE-2021-27290
Severity: HIGH
Fixed Version: 6.0.2, 7.1.1, 8.0.1
Link: CVE-2021-27290

Check failure on line 23684 in package-lock.json

Code scanning / Trivy

node-fetch: exposure of sensitive information to an unauthorized actor High

Package: node-fetch
Installed Version: 1.7.3
Vulnerability CVE-2022-0235
Severity: HIGH
Fixed Version: 3.1.1, 2.6.7
Link: CVE-2022-0235

Check warning on line 25237 in package-lock.json

Code scanning / Trivy

index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ... Medium

Package: ssri
Installed Version: 4.1.6
Vulnerability CVE-2018-7651
Severity: MEDIUM
Fixed Version: 5.2.2
Link: CVE-2018-7651

Check failure on line 26084 in package-lock.json

Code scanning / Trivy

cross-spawn: regular expression denial of service High

Package: cross-spawn
Installed Version: 5.1.0
Vulnerability CVE-2024-21538
Severity: HIGH
Fixed Version: 7.0.5, 6.0.6
Link: CVE-2024-21538

Check warning on line 27530 in package-lock.json

Code scanning / Trivy

webpack-dev-server: webpack-dev-server information exposure Medium

Package: webpack-dev-server
Installed Version: 4.15.2
Vulnerability CVE-2025-30359
Severity: MEDIUM
Fixed Version: 5.2.1
Link: CVE-2025-30359

Check warning on line 27530 in package-lock.json

Code scanning / Trivy

webpack-dev-server: webpack-dev-server information exposure Medium

Package: webpack-dev-server
Installed Version: 4.15.2
Vulnerability CVE-2025-30360
Severity: MEDIUM
Fixed Version: 5.2.1
Link: CVE-2025-30360

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps-dev): bump stylelint from 15.11.0 to 16.23.0 #2194

Uh oh!

Uh oh!

chore(deps-dev): bump stylelint from 15.11.0 to 16.23.0 #2194

Uh oh!

16 new alerts including 7 high severity security vulnerabilities

New alerts in code changed by this pull request

Annotations

Re-running checks...