fix: Security updates #137
StepSecurity Required Checks
Finished StepSecurity Required Checks
- PyPI Package Cooldown Check - Fails if any PyPI package version in the PR was released within the configured cooldown period
- Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers
- Script Injection Check - Checks for script injection vulnerabilities in the PR
- NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
- NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
- PyPI Compromised Packages Check - Checks for compromised PyPI package versions in the PR
Details
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ PyPI Package Cooldown Check
No PyPI package upgrades to recent releases found in current PR.
✅ PyPI Compromised Packages Check
No compromised PyPI package versions found in current PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| fast-xml-builder | 1.1.4 | 1.1.5 | package-lock.json | 2026-04-17T07:44:20Z |
| @nodable/entities | 2.1.0 | package-lock.json | 2026-04-16T06:57:01Z | |
| path-expression-matcher | 1.2.0 | 1.5.0 | package-lock.json | 2026-04-10T03:31:40Z |
| strnum | 2.2.1 | 2.2.3 | package-lock.json | 2026-04-07T04:51:15Z |
| @actions/cache | 4.0.2 | 4.1.0 | package-lock.json | 2025-09-24T12:40:19Z |
| @protobuf-ts/runtime-rpc | 2.10.0 | 2.11.1 | package-lock.json | 2025-06-18T19:58:07Z |
| @protobuf-ts/runtime | 2.10.0 | 2.11.1 | package-lock.json | 2025-06-18T19:58:04Z |
| @actions/tool-cache | 2.0.1 | 2.0.2 | package-lock.json | 2025-01-15T21:08:59Z |
| uuid | 3.4.0 | 8.3.2 | package-lock.json | 2020-12-08T20:38:36Z |
⏲️ History
Previous invocation results of same check:
✅ Script Injection Vulnerabilities Check
No Script Injection vulnerabilities found in this PR.
✅ PyPI Package Cooldown Check
No PyPI package upgrades to recent releases found in current PR.
✅ Pwn Request Vulnerabilities Check
No Pwn Request vulnerabilities found in this PR.
✅ PyPI Compromised Packages Check
No compromised PyPI package versions found in current PR.
✅ NPM Compromised Packages Check
No Compromised npm packages are added in current PR.
✅ NPM Package Cooldown Check
No npm package upgrades to recent releases found in current PR.
The following npm packages are inspected in current PR
| Package Name | Previous Version | Current Version | file | Current Version Release Date |
|---|---|---|---|---|
| fast-xml-builder | 1.1.4 | 1.1.5 | package-lock.json | 2026-04-17T07:44:20Z |
| @nodable/entities | 2.1.0 | package-lock.json | 2026-04-16T06:57:01Z | |
| path-expression-matcher | 1.2.0 | 1.5.0 | package-lock.json | 2026-04-10T03:31:40Z |
| strnum | 2.2.1 | 2.2.3 | package-lock.json | 2026-04-07T04:51:15Z |
| @actions/cache | 4.0.2 | 4.1.0 | package-lock.json | 2025-09-24T12:40:19Z |
| @protobuf-ts/runtime-rpc | 2.10.0 | 2.11.1 | package-lock.json | 2025-06-18T19:58:07Z |
| @protobuf-ts/runtime | 2.10.0 | 2.11.1 | package-lock.json | 2025-06-18T19:58:04Z |
| @actions/tool-cache | 2.0.1 | 2.0.2 | package-lock.json | 2025-01-15T21:08:59Z |
| uuid | 3.4.0 | 8.3.2 | package-lock.json | 2020-12-08T20:38:36Z |