Bump github/codeql-action from 3.29.2 to 3.29.3 by dependabot[bot] · Pull Request #37 · some-natalie/jekyll-in-a-can

dependabot · 2025-07-21T16:12:25Z

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

--- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-07-21T16:14:36Z

Deleted: /tmp/prior-commit/node_modules/fsevents/fsevents.node [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/binary/opaque	binary contains little text content
-MEDIUM	fs/path/users	references path within /Users	/Users/Philipp/_work/fsevents/fsevents/build/Release/obj.target/fsevent /Users/Philipp/_work/fsevents/fsevents/build/../src/
-LOW	process/multithreaded	creates pthreads	pthread_create

Deleted: /tmp/prior-commit/node_modules/ava/lib/worker/dependency-tracker.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./channel

Deleted: /tmp/prior-commit/node_modules/fsevents/fsevents.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	discover/system/platform	get system identification	process.platform
-MEDIUM	fs/path/relative	references and possibly executes relative path	./fsevents

Deleted: /tmp/prior-commit/node_modules/chokidar/lib/nodefs-handler.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	c2/tool_transfer/os	references multiple operating systems	https:// Windows Linux
-LOW	fs/file/open	opens files	open(
-LOW	fs/file/stat	access filesystem metadata	fs.stat)
-LOW	fs/symlink_resolve	resolves symbolic links	realpath
-LOW	net/url/embedded	contains embedded HTTPS URLs	nodejs/node-v0.x-archive#4337

Deleted: /tmp/prior-commit/node_modules/chokidar/lib/fsevents-handler.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(may be shared across chokidar FSWatcher instances) (path + ROOT_GLOBSTAR) (in case of symlinks) (filteredListener) [filteredListener] (watchedPath) (aliasedPath) (hasSymlink) (parentPath) (linkTarget) parseInt
-LOW	data/encoding/int	parses integers	parseInt(
-LOW	fs/file/delete	deletes files	unlink
-LOW	fs/file/delete_forcibly	Forcibly deletes files	rm pre-existing path transformer rm - path transformer
-LOW	fs/file/stat	access filesystem metadata	fs.stat)
-LOW	fs/symlink_resolve	resolves symbolic links	realpath
-LOW	os/env/get	Retrieve environment variable values	env.CHOKIDAR_PRINT_F

Added: /tmp/current-commit/node_modules/execa/lib/pipe/pipe-arguments.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/tar/dist/esm/list.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./make-command ./options ./parse

Added: /tmp/current-commit/node_modules/consola/dist/basic.cjs [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./shared ./core
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	os/env/get	Retrieve environment variable values	env.CONSOLA_LEVEL

Added: /tmp/current-commit/node_modules/consola/dist/basic.d.cts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./core

Added: /tmp/current-commit/node_modules/execa/lib/resolve/wait-stream.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.exitCode`or`subprocess.signalCode`is set, it means`.destroy() `is being called by Node.js itself.](https://github.com/search?q=subprocess.exitCode%60+or+%60subprocess.signalCode%60+is+set%2C+it+means+%60.destroy%28%29%60+is+being+called+by+Node.js+itself.&type=code)<br>[subprocess.stdin` is destroyed before being fully written to, it is considered aborted and should throw an error subprocess.std`and transforms follow that direction, any stream passed the`std `option has the opposite di](https://github.com/search?q=subprocess.std%2A%60+and+transforms+follow+that+direction%2C+any+stream+passed+the+%60std%2A%60+option+has+the+opposite+di&type=code)<br>[subprocess.stdin` is technically a Duplex, but can only be used as a writable. subprocess.stdin`is a writable, but the`stdin `option is a readable.](https://github.com/search?q=subprocess.stdin%60+is+a+writable%2C+but+the+%60stdin%60+option+is+a+readable.&type=code)<br>[subprocess.stdin.destroy()` is called before subprocess exit. subprocess.stdin.destroy()`before`subprocess.stdin.end()`.](https://github.com/search?q=subprocess.stdin.destroy%28%29%60+before+%60subprocess.stdin.end%28%29%60.&type=code)<br>[subprocess.stdin.destroy()` on exit for cleanup purposes. subprocess.stdin.destroy()`, which we need to ignore.](https://github.com/search?q=subprocess.stdin.destroy%28%29%60%2C+which+we+need+to+ignore.&type=code)<br>[subprocess.stdin._destroy()` by wrapping it.
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/node/blob/0b4cdb4b42956cbd7019058e409e06700a199

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/util/handle_gyp_opts.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./versioning ./napi ./bin
+LOW	os/fd/multiplex	monitor multiple file descriptors	select

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/write-entry.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./warn-method ./read-entry ./options ./header ./types
+LOW	discover/system/platform	system identification	uname

Added: /tmp/current-commit/node_modules/@vercel/nft/out/cli.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/install.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.versions
+MEDIUM	fs/path/relative	references and possibly executes relative path	./util
+MEDIUM	impact/remote_access/agent	references an 'agent'	npm_config_user_agent
+MEDIUM	net/download	download files	but failed to download Tried to download
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
+LOW	fs/directory/create	creates directories	mkdir
+LOW	fs/file/exists	check if a file exists	path.exists
+LOW	fs/file/read	reads files	fs.readFile
+LOW	net/http	Uses the HTTP protocol	http HTTP
+LOW	net/http/proxy	discover proxy address via environment	HTTP_PROXY
+LOW	net/http/request	makes HTTP requests	User-Agent
+LOW	os/env/get	Retrieve environment variable values	env.HTTP_PROXY

Added: /tmp/current-commit/node_modules/ava/lib/worker/completion-handlers.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./state

Added: /tmp/current-commit/node_modules/consola/dist/chunks/prompt.mjs [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/remote_commands/code_eval	evaluate code dynamically using exec()	exec(o.slice(E).join("")) exec(u.toString(16)) import
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	exec/shell/TERM	Look up or override terminal settings	TERM
+LOW	os/env/get	Retrieve environment variable values	env.TERMINUS_SUBLIME env.TERMINAL_EMULATO env.TERM_PROGRAM env.FORCE_COLOR env.WT_SESSION env.NO_COLOR
+LOW	os/fd/write	writes to a file handle	output.write(u)

Added: /tmp/current-commit/node_modules/execa/lib/arguments/file-url.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/denoland/deno/blob/f460188e583f00144000aa0d8ade08218d4

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/path-reservations.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+LOW	os/env/get	Retrieve environment variable values	env.TESTING_TAR_FAKE

Added: /tmp/current-commit/node_modules/execa/lib/ipc/send.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess
+MEDIUM	fs/path/relative	references and possibly executes relative path	./validation ./outgoing ./strict

Added: /tmp/current-commit/node_modules/execa/lib/transform/run-async.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/tar/dist/esm/pax.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./header
+LOW	discover/system/platform	system identification	uname

Added: /tmp/current-commit/node_modules/tar/dist/esm/mkdir.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./symlink-error ./cwd-error
+MEDIUM	fs/permission/modify	modifies file permissions	chmod
+LOW	fs/directory/create	creates directories	mkdir
+LOW	fs/file/delete	deletes files	unlink
+LOW	fs/file/stat	access filesystem metadata	fs.statSync(dir).isDirectory() fs.stat(dir

Added: /tmp/current-commit/node_modules/execa/types/ipc.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.getEachMessage()`](https://github.com/search?q=subprocess.getEachMessage%28%29%60&type=code)<br>[subprocess.getOneMessage()` subprocess.sendMessage()`
+MEDIUM	fs/path/relative	references and possibly executes relative path	./arguments
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/API/AbortSignal

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/pack.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./write-entry ./warn-method ./read-entry ./options
+LOW	data/compression/zlib	uses zlib	zlib

Added: /tmp/current-commit/node_modules/execa/types/methods/template.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/cmd	executes a command	execaCommand

Added: /tmp/current-commit/node_modules/cbor/types/lib/objectRecorder.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://cbor.schmorp.de/value-sharing

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/replace.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./make-command

Added: /tmp/current-commit/node_modules/execa/lib/pipe/streaming.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/execa/types/arguments/encoding-option.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/base64	Supports base64 encoded strings	base64

Added: /tmp/current-commit/node_modules/node-gyp-build/optional.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/mjs/mkdirp-manual.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./opts-arg
+LOW	fs/directory/create	creates directories	mkdir

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/pax.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./header
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	discover/system/platform	system identification	uname

Added: /tmp/current-commit/node_modules/execa/lib/stdio/duplicate.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.stdout`and`subprocess.stderr `being the same value.](https://github.com/search?q=subprocess.stdout%60+and+%60subprocess.stderr%60+being+the+same+value.&type=code)<br>[subprocess.std*`.
+MEDIUM	fs/path/relative	references and possibly executes relative path	./output ./type

Added: /tmp/current-commit/node_modules/execa/lib/verbose/ipc.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess
+MEDIUM	fs/path/relative	references and possibly executes relative path	./values ./log

Added: /tmp/current-commit/node_modules/execa/lib/ipc/incoming.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess
+MEDIUM	fs/path/relative	references and possibly executes relative path	./reference ./outgoing ./graceful ./strict
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/node/blob/501546e8f37059cd577041e23941b640d0d4d

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/util/versioning.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	collect/databases/sqlite	accesses SQLite databases	sqlite3
+MEDIUM	discover/system/platform	get system identification	process.versions process.platform process.arch
+MEDIUM	fs/path/relative	references and possibly executes relative path	./abi_crosswalk ./scripts ./napi
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	nodejs/node-v0.x-archive@`ccabd4a` https://github.com/node-inspector/v8-profiler/blob/master/package.json mapbox/node-pre-gyp#124 mapbox/node-pre-gyp#119 https://npm.taobao.org/mirrors/node-inspector/ nodejs/node#253
+LOW	os/env/get	Retrieve environment variable values	env.NODE_PRE_GYP_ABI

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/cjs/src/use-native.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./opts-arg
+LOW	fs/directory/create	creates directories	mkdir
+LOW	os/env/get	Retrieve environment variable values	env.__TESTING_MKDIRP

Added: /tmp/current-commit/src/diff-informed-analysis-utils.test.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./feature-flags ./testing-utils ./actions-util ./api-client ./repository ./logging ./util
+LOW	os/env/get	Retrieve environment variable values	env.CODEQL_ACTION_DI

Added: /tmp/current-commit/node_modules/execa/lib/terminate/graceful.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.kill,
+LOW	net/url/embedded	contains embedded HTTPS URLs	nodejs/node#53225

Added: /tmp/current-commit/node_modules/execa/types/subprocess/stdout.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	[subprocess.stdin

Added: /tmp/current-commit/node_modules/execa/types/subprocess/stdio.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.stdio`

Added: /tmp/current-commit/lib/diff-informed-analysis-utils.test.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./feature-flags ./testing-utils ./actions-util ./api-client ./repository ./logging ./util
+LOW	os/env/get	Retrieve environment variable values	env.CODEQL_ACTION_DI

Added: /tmp/current-commit/node_modules/execa/types/methods/main-sync.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/execa/lib/io/output-sync.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/file/write	writes to file	writeFileSync writeToFiles

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/mjs/use-native.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./opts-arg

Added: /tmp/current-commit/node_modules/execa/types/verbose.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess
+MEDIUM	fs/path/relative	references and possibly executes relative path	./arguments ./return
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://en.wikipedia.org/wiki/Process_identifier

Added: /tmp/current-commit/node_modules/ava/entrypoints/internal.d.mts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/imports/python	imports python modules	import type

Added: /tmp/current-commit/node_modules/@vercel/nft/out/utils/binary-locators.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform process.versions process.arch
+MEDIUM	exec/remote_commands/code_eval	evaluate code dynamically using eval()	eval('require.resolve(resolvedPath)') eval('require.resolve(basePath)')
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse

Added: /tmp/current-commit/node_modules/execa/types/methods/main-async.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.sendMessage('Hello from parent'); subprocess.getOneMessage(); subprocess.js';
+MEDIUM	fs/path/tmp	path reference within /tmp	/tmp/
+LOW	fs/directory/create	creates directories	mkdir
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://example.com/build/info

Added: /tmp/current-commit/node_modules/tar/dist/esm/winchars.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	String.fromCharCode(0xf000

Added: /tmp/current-commit/node_modules/get-stream/source/exports.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./array-buffer ./contents ./buffer ./string

Added: /tmp/current-commit/node_modules/execa/lib/utils/uint-array.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	os/fd/write	writes to a file handle	decoder.write(uint8Array)

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/unpack.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./warn-method ./read-entry ./options ./mkdir ./parse
+MEDIUM	fs/permission/modify	modifies file permissions	chmod
+LOW	fs/directory/create	creates directories	mkdir
+LOW	fs/file/delete	deletes files	unlink

Added: /tmp/current-commit/node_modules/consola/dist/chunks/prompt.cjs [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(hasRequiredPicocolors) (picocolorsExports) (hasRequiredSrc) (handleCancel) (const s of t) (const i of s) (const i of e) (const F of t) xterm-256 parseInt 36Math 24724 u/255 255*5 F/255 e/255 u-232 16+36 30+u 10+8 u/36 38+t
+MEDIUM	discover/system/platform	get system identification	process.platform
+MEDIUM	exec/program	executes external program	exec(o.slice(E).join("")) require
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	exec/shell/TERM	Look up or override terminal settings	TERM
+LOW	os/env/get	Retrieve environment variable values	env.TERMINUS_SUBLIME env.TERMINAL_EMULATO env.TERM_PROGRAM env.FORCE_COLOR env.WT_SESSION env.NO_COLOR
+LOW	os/fd/write	writes to a file handle	output.write(u)

Added: /tmp/current-commit/node_modules/tar/dist/esm/get-write-flag.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+LOW	os/env/get	Retrieve environment variable values	env._FAKE_PLATFORM env.__FAKE_FS_O_FILE

Added: /tmp/current-commit/node_modules/get-east-asian-width/lookup.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/hex	many references to hexadecimal values	0x100000 0x10FFFD 0x1AFF0 0x1F100 0x3FFFD 0x30000 0x2FFFD 0x20000 0x1FAF8 0x1FAF0 0x1FAE9 0x1FADF 0x1FADC 0x1FACE 0x1FAC6 0x1FA8F 0x1FA89 0x1FA80 0x1FA7C 0x1FA70 0x1F9FF 0x1F947 0x1F945 0x1F93C 0x1F93A 0x1F90C 0x1F7F0 0x1F7EB 0x1F7E0 0x1F6FC 0x1F6F4 0x1F6EC 0x1F6EB 0x1F6DF 0x1F6DC 0x1F6D7 0x1F6D5 0x1F6D2 0x1F6D0 0x1F6CC 0x1F6C5 0x1F680 0x1F64F 0x1F5FB 0x1F5A4 0x1F596 0x1F595 0x1F57A 0x1F567 0x1F550 0x1F54E 0x1F54B 0x1F53D 0x1F4FF 0x1F4FC 0x1F442 0x1F440 0x1F43E 0x1F3F8 0x1F3F4 0x1F3F0 0x1F3E0 0x1F3D3 0x1F12D 0x1F3CF 0x1F3CA 0x1F3A0 0x1F393 0x1F37E 0x1F37C 0x1F337 0x1F335 0x1F32D 0x1F320 0x1F300 0x1F265 0x1F260 0x1F251 0x1F250 0x1F248 0x1F240 0x1F23B 0x1F210 0x1F202 0x1F200 0x1F19A 0x1F191 0x1F18E 0x1F0CF 0x1F004 0x1D376 0x1D360 0x1D356 0x1D300 0x1B2FB 0x1B170 0x1B167 0x1B164 0x1B155 0x1B152 0x1B150 0x1B132 0x1B122 0x1B000 0x1AFFE 0x1AFFD 0x1AFFB 0x1AFF5 0x1AFF3 0x18D08 0x18CFF 0x18CD5 0x18800 0x187F7 0x17000 0x16FF1 0x16FF0 0x16FE4 0x16FE0 0xFFFFD 0xF0000 0xE01EF 0xE0100 0x1F1AC 0x1F19B 0x1F190 0x1F18F 0x1F18D 0x1F170 0x1F169 0x1F110 0x1F130 0x1F10A 0x21D2 0x2795 0x2203 0x2207 0x2208 0x220B 0x220F 0x2211 0x2215 0x221A 0x221D 0x2220 0x2223 0x2225 0x2227 0x222C 0x222E 0x2234 0x2237 0x223C 0x223D 0x2248 0x224C 0x2252 0x2260 0x2261 0x2264 0x2267 0x226A 0x226B 0x226E 0x226F 0x2282 0x2283 0x2286 0x2287 0x2295 0x2299 0x22A5 0x22BF 0x2312 0x2460 0x24E9 0x24EB 0x254B 0x2550 0x2573 0x2580 0x258F 0x2592 0x2595 0x25A0 0x25A1 0x25A3 0x25A9 0x25B2 0x25B3 0x25B6 0x25B7 0x25BC 0x25BD 0x25C0 0x25C1 0x25C6 0x25C8 0x25CB 0x25CE 0x25D1 0x25E2 0x25E5 0x25EF 0x2605 0x2606 0x2609 0x260E 0x260F 0x261C 0x261E 0x2640 0x2642 0x2660 0x2661 0x2663 0x2665 0x2667 0x266A 0x266C 0x266D 0x266F 0x269E 0x269F 0x26BF 0x26C6 0x26CD 0x26CF 0x26D3 0x26D5 0x26E1 0x26E3 0x26E8 0x26E9 0x26EB 0x26F1 0x26F4 0x26F6 0x26F9 0x26FB 0x26FC 0x26FE 0x26FF 0x273D 0x2776 0x277F 0x2B56 0x2B59 0x3248 0x324F 0xE000 0xF8FF 0xFE00 0xFE0F 0xFFFD 0x2200 0x2986 0x2985 0x21E7 0x21D4 0x21B9 0x21B8 0x2199 0x2190 0x2189 0x2179 0x2170 0x216B 0x2160 0x215E 0x215B 0x27ED 0x27E6 0xFF01 0xFF60 0xFFE0 0xFFE6 0x1100 0x115F 0x231A 0x231B 0x2329 0x232A 0x23E9 0x23EC 0x23F0 0x23F3 0x25FD 0x25FE 0x2614 0x2615 0x2630 0x2637 0x2648 0x2653 0x267F 0x268A 0x268F 0x2693 0x26A1 0x26AA 0x26AB 0x26BD 0x26BE 0x26C4 0x26C5 0x26CE 0x26D4 0x26EA 0x26F2 0x26F3 0x26F5 0x26FA 0x26FD 0x2705 0x270A 0x270B 0x2728 0x274C 0x274E 0x2753 0x2755 0x2757 0x2202 0x2797 0x27B0 0x27BF 0x2B1B 0x2B1C 0x2B50 0x2B55 0x2E80 0x2E99 0x2E9B 0x2EF3 0x2F00 0x2FD5 0x2FF0 0x3001 0x303E 0x3041 0x3096 0x3099 0x30FF 0x3105 0x312F 0x3131 0x318E 0x3190 0x31E5 0x31EF 0x321E 0x3220 0x3247 0x3250 0xA48C 0xA490 0xA4C6 0xA960 0xA97C 0xAC00 0xD7A3 0xF900 0xFAFF 0xFE10 0xFE19 0xFE30 0xFE52 0xFE54 0xFE66 0xFE68 0xFE6B 0x2154 0x2153 0x212B 0x2126 0x2122 0x2121 0x2116 0x2113 0x2109 0x2105 0xFFEE 0x2103 0x20AC 0x2084 0x2081 0x207F 0x2074 0x203E 0x203B 0x2035 0x2033 0x2032 0x2030 0x2027 0x2024 0x2022 0x2020 0x201D 0x201C 0x2019 0x2018 0x2016 0x2013 0x2010 0xFFE8 0xFFDC 0xFFDA 0xFFD7 0xFFD2 0xFFCF 0xFFCA 0xFFC7 0xFFC2 0xFFBE 0xFF61 0x20A9 0x3A1 0x167 0x2DF 0x2DD 0x2DB 0x2D8 0x2D0 0x2CD 0x2CB 0x2C9 0x2C4 0x251 0x1DC 0x1DA 0x1D8 0x1D6 0x1D4 0x1D2 0x1D0 0x1CE 0x16B 0x2C7 0x166 0x153 0x152 0x14D 0x14B 0x148 0x144 0x451 0x13F 0x138 0x133 0x131 0x12B 0x127 0x126 0x11B 0x113 0x111 0x101 0x44F 0x410 0x401 0x3C9 0x142 0x3C3 0x3C1 0x3B1 0x3A9 0x3A3 0x36F 0x391 0xAA 0xF2 0xD0 0xC6 0xBF 0xBC 0xBA 0xB6 0xB4 0xB0 0xAE 0xAD 0xEC 0xE1 0xE6 0xDE 0xD8 0xEA 0xFC 0xF7 0xE8 0xED 0xF3 0xA1 0x7E 0xA2 0xA3 0xA5 0xA6 0xAF 0xA7 0xA8

Added: /tmp/current-commit/node_modules/execa/lib/pipe/sequence.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/package.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./util
+LOW	data/compression/gzip	works with gzip files	gzip
+LOW	fs/directory/create	creates directories	mkdir
+LOW	fs/directory/list	Uses NodeJS functions to list a directory	.readdirSync(
+LOW	fs/file/exists	check if a file exists	path.exists

Added: /tmp/current-commit/node_modules/@vercel/nft/out/resolve-dependency.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./node-file-trace

Added: /tmp/current-commit/node_modules/@vercel/nft/out/resolve-dependency.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
+LOW	fs/symlink_resolve	resolves symbolic links	realpath

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/make-command.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./options

Added: /tmp/current-commit/node_modules/ava/entrypoints/main.d.mts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/imports/python	imports python modules	import type

Added: /tmp/current-commit/node_modules/execa/lib/ipc/outgoing.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/intercept	References interception	intercept

Added: /tmp/current-commit/node_modules/execa/lib/io/strip-newline.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.all`

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/util/nw-pre-gyp/index.html [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	data/embedded/html	Contains HTML content
+MEDIUM	discover/system/platform	get system identification	process.platform

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/unpublish.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./util
+LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Added: /tmp/current-commit/node_modules/execa/lib/stdio/direction.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./type

Added: /tmp/current-commit/node_modules/estree-walker/dist/umd/estree-walker.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./walker ./async ./sync

Added: /tmp/current-commit/node_modules/consola/dist/browser.d.mts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./core

Added: /tmp/current-commit/node_modules/execa/lib/ipc/buffer-messages.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.channel,

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/normalize-windows-path.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+LOW	os/env/get	Retrieve environment variable values	env.TESTING_TAR_FAKE

Added: /tmp/current-commit/node_modules/acorn-walk/dist/walk.d.mts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/estree/estree

Added: /tmp/current-commit/node_modules/consola/dist/basic.mjs [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./shared ./core
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	os/env/get	Retrieve environment variable values	env.CONSOLA_LEVEL

Added: /tmp/current-commit/node_modules/tar/dist/esm/write-entry.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+MEDIUM	fs/path/relative	references and possibly executes relative path	./warn-method ./mode-fix ./winchars ./options ./header ./pax
+LOW	fs/link_read	read value of a symbolic link	readlink
+LOW	os/env/get	Retrieve environment variable values	env.USER
+LOW	os/fd/write	writes to a file handle	super.write(block) this.write(chunk) super.write(b)
+LOW	privesc/setuid	set real and effective user ID of current process	setuid
+LOW	process/groupid_set	set real and effective group ID of process	setgid

Added: /tmp/current-commit/node_modules/execa/types/return/final-error.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/execa/lib/ipc/get-one.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./validation ./reference ./forward

Added: /tmp/current-commit/node_modules/@vercel/nft/out/utils/sharedlib-emit.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./get-package-base

Added: /tmp/current-commit/node_modules/execa/lib/methods/main-async.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.all = makeAllStream(subprocess, options); subprocess.pipe = pipeToSubprocess.bind(undefined, { subprocess.kill = subprocessKill.bind(undefined, { subprocess.kill.bind(subprocess), [subprocess.stdio];](https://github.com/search?q=subprocess.stdio%5D%3B&type=code) subprocess.js';

Added: /tmp/current-commit/node_modules/consola/dist/shared/consola.DXBYu-KD.mjs [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/shell/TERM	Look up or override terminal settings	TERM
+LOW	os/env/get	Retrieve environment variable values	env.TERM

Added: /tmp/current-commit/node_modules/execa/lib/resolve/all-async.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	[subprocess.stdout`is in objectMode but not`subprocess.stderr `(or the opposite), we need to use both:](https://github.com/search?q=subprocess.stdout%60+is+in+objectMode+but+not+%60subprocess.stderr%60+%28or+the+opposite%29%2C+we+need+to+use+both%3A&type=code)<br>[subprocess.all` and
+MEDIUM	fs/path/relative	references and possibly executes relative path	./stdio

Added: /tmp/current-commit/node_modules/consola/dist/shared/consola.DwRq1yyg.cjs [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/shell/TERM	Look up or override terminal settings	TERM
+LOW	os/env/get	Retrieve environment variable values	env.TERM

Added: /tmp/current-commit/node_modules/nopt/lib/type-defs.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+MEDIUM	discover/user/info	returns user info for the current process	os.homedir
+MEDIUM	fs/path/relative	references and possibly executes relative path	./debug

Added: /tmp/current-commit/node_modules/execa/types/methods/script.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.js';
+LOW	net/url/embedded	contains embedded HTTPS URLs	microsoft/TypeScript#58765

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/cwd-error.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	process/chdir	changes working directory	cd into

Added: /tmp/current-commit/node_modules/execa/lib/transform/object-mode.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.stdin` which:

Added: /tmp/current-commit/node_modules/consola/dist/basic.d.mts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./core

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/cjs/src/mkdirp-native.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./opts-arg
+LOW	fs/directory/create	creates directories	mkdir

Added: /tmp/current-commit/node_modules/nopt/bin/nopt.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/read-entry.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	discover/system/platform	system identification	uname
+LOW	os/fd/write	writes to a file handle	super.write(data)

Added: /tmp/current-commit/node_modules/execa/types/return/result.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.pipe() `method resolves.](https://github.com/search?q=subprocess.pipe%28%29%60+method+resolves.&type=code)<br>[subprocess.kill(error)`.
+LOW	c2/tool_transfer/os	references a specific operating system	https:// Windows
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://en.wikipedia.org/wiki/Standard_streams https://en.wikipedia.org/wiki/Exit_status https://nodejs.org/api/process.html https://nodejs.org/api/errors.html

Added: /tmp/current-commit/node_modules/execa/lib/arguments/fd-options.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./specific

Added: /tmp/current-commit/node_modules/detect-libc/lib/process.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform

Added: /tmp/current-commit/node_modules/execa/lib/return/final-error.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/execa/lib/convert/iterable.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/cbor/types/lib/sharedValueEncoder.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./encoder

Added: /tmp/current-commit/node_modules/execa/lib/return/early-error.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/execa/lib/io/output-async.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	[subprocess.stdin

Added: /tmp/current-commit/node_modules/execa/lib/verbose/start.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./values ./log

Added: /tmp/current-commit/node_modules/execa/lib/resolve/wait-subprocess.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.std*`, which means they are not exposed to users. subprocess.stdio[fdNumber]

Added: /tmp/current-commit/node_modules/execa/lib/convert/concurrent.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/execa/lib/ipc/forward.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess
+MEDIUM	fs/path/relative	references and possibly executes relative path	./reference ./incoming
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/node/blob/2aaeaa863c35befa2ebaa98fb7737ec84df4d

Added: /tmp/current-commit/node_modules/execa/lib/transform/generator.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.std*` uses.

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/mjs/mkdirp-manual.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./opts-arg
+LOW	fs/directory/create	creates directories	mkdir

Added: /tmp/current-commit/node_modules/tar/dist/esm/make-command.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./options

Added: /tmp/current-commit/node_modules/tar/dist/esm/header.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(num * 1000) parseInt 512-byte pull/187
+MEDIUM	fs/path/relative	references and possibly executes relative path	./large-numbers ./types
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	discover/system/platform	system identification	uname
+LOW	net/url/embedded	contains embedded HTTPS URLs	isaacs/node-tar#187

Added: /tmp/current-commit/node_modules/execa/types/pipe.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.pipe(file, arguments?, options?)`but using a`command `template string instead. This follows the sa](https://github.com/search?q=subprocess.pipe%28file%2C+arguments%3F%2C+options%3F%29%60+but+using+a+%60command%60+template+string+instead.+This+follows+the+sa&type=code)<br>[subprocess.pipe(file, arguments?, options?)` but using the return value of another `execa()` call instead. subprocess.pipe()` options subprocess.js';
+MEDIUM	fs/path/relative	references and possibly executes relative path	./subprocess ./arguments ./methods ./return
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://en.wikipedia.org/wiki/File_descriptor https://nodejs.org/api/stream.html

Added: /tmp/current-commit/node_modules/execa/lib/io/max-buffer.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/execa/lib/terminate/cleanup.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.kill()` when the parent process exits subprocess.kill();

Added: /tmp/current-commit/node_modules/execa/lib/verbose/complete.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./values ./error ./log

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/build.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./configure ./util

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/mjs/mkdirp-native.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./mkdirp-manual ./find-made ./opts-arg
+LOW	fs/directory/create	creates directories	mkdir

Added: /tmp/current-commit/node_modules/get-stream/source/buffer.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./array-buffer

Added: /tmp/current-commit/node_modules/execa/lib/terminate/cancel.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.kill();

Added: /tmp/current-commit/node_modules/tar/dist/esm/update.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./make-command

Added: /tmp/current-commit/node_modules/node-gyp-build/node-gyp-build.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.versions os.platform() os.arch()
+LOW	fs/directory/list	Uses NodeJS functions to list a directory	.readdirSync(
+LOW	fs/path/etc	path reference within /etc	/etc/alpine-release
+LOW	os/env/get	Retrieve environment variable values	env.ELECTRON_RUN_AS_ env.PREBUILDS_ONLY env.ARM_VERSION env.LIBC

Added: /tmp/current-commit/node_modules/execa/lib/terminate/signal.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.kill()`'s argument');

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/node-pre-gyp.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.versions
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
+LOW	fs/file/read	reads files	fs.readFile

Added: /tmp/current-commit/node_modules/execa/types/arguments/specific.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./fd-options

Added: /tmp/current-commit/node_modules/@vercel/nft/out/utils/static-eval.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./local
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit/node_modules/@vercel/nft/out/utils/special-cases.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform process.versions process.arch
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
+LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
+LOW	fs/symlink_resolve	resolves symbolic links	realpath
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/npm/node-semver/blob/master/CHANGELOG.md

Added: /tmp/current-commit/node_modules/tar/dist/esm/read-entry.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./header ./types ./pax
+LOW	discover/system/platform	system identification	uname

Added: /tmp/current-commit/node_modules/@vercel/nft/out/node-file-trace.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./analyze ./utils ./foo ./fs
+LOW	fs/link_read	read value of a symbolic link	readlink
+LOW	fs/symlink_resolve	resolves symbolic links	realpath
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://www.typescriptlang.org/docs/handbook/esm-node.html

Added: /tmp/current-commit/node_modules/execa/lib/pipe/throw.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.pipe()`or when using`unpipeSignal`

Added: /tmp/current-commit/node_modules/execa/lib/verbose/info.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./values

Added: /tmp/current-commit/node_modules/nopt/lib/nopt-lib.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./type-defs ./debug
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
+LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Added: /tmp/current-commit/node_modules/tar/dist/esm/list.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./make-command ./parse
+LOW	fs/file/read	reads files	fs.readFile
+LOW	fs/file/stat	access filesystem metadata	fs.statSync(file) fs.stat(file

Added: /tmp/current-commit/node_modules/execa/lib/stdio/handle.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.std*`.

Added: /tmp/current-commit/node_modules/@vercel/nft/out/node-file-trace.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./types
+LOW	fs/link_read	read value of a symbolic link	readlink
+LOW	fs/symlink_resolve	resolves symbolic links	realpath

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/reinstall.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./util

Added: /tmp/current-commit/node_modules/execa/lib/ipc/methods.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess
+MEDIUM	fs/path/relative	references and possibly executes relative path	./get-each ./graceful ./get-one ./send

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/unpack.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+MEDIUM	fs/file/times_set	change file last access and modification times	utimes
+MEDIUM	fs/path/relative	references and possibly executes relative path	./get-write-flag ./winchars ./mkdir ./parse
+MEDIUM	fs/permission/modify	modifies file permissions	chmod
+LOW	anti-behavior/random_behavior	uses a random number generator	randomBytes
+LOW	c2/tool_transfer/os	references a specific operating system	https:// Windows windows
+LOW	fs/directory/create	creates directories	mkdir
+LOW	fs/directory/remove	Uses libc functions to remove directories	rmdir
+LOW	fs/file/delete	deletes files	unlink
+LOW	fs/permission/chown	May change file ownership	fchown
+LOW	net/url/embedded	contains embedded HTTPS URLs	isaacs/node-tar#183
+LOW	os/env/get	Retrieve environment variable values	env.TESTING_TAR_FAKE

Added: /tmp/current-commit/node_modules/consola/dist/browser.cjs [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./core

Added: /tmp/current-commit/node_modules/execa/lib/pipe/setup.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess
+MEDIUM	fs/path/relative	references and possibly executes relative path	./pipe-arguments ./streaming ./sequence ./throw ./abort

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/cjs/src/find-made.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./opts-arg

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/mjs/opts-arg.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	fs/directory/create	creates directories	mkdir

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/testbinary.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform process.arch
+MEDIUM	fs/file/copy	copy files using cp	cp
+MEDIUM	fs/path/relative	references and possibly executes relative path	./util
+MEDIUM	process/create	create child process	require('child_process')

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/configure.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./util

Added: /tmp/current-commit/node_modules/execa/lib/resolve/exit-async.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/cjs/src/bin.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env

Added: /tmp/current-commit/node_modules/consola/dist/utils.mjs [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./shared

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/reveal.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./util
+LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Added: /tmp/current-commit/node_modules/cbor/lib/sharedValueEncoder.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./encoder

Added: /tmp/current-commit/node_modules/bindings/bindings.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform process.versions process.arch
+MEDIUM	fs/path/relative	references and possibly executes relative path	./lib
+LOW	fs/path/home	references path within /home	/home/nate/node-native-module/lib/index.js
+LOW	net/url/embedded	contains embedded HTTPS URLs	webpack/webpack#4175
+LOW	os/env/get	Retrieve environment variable values	env.NODE_BINDINGS_AR env.NODE_BINDINGS_CO

Added: /tmp/current-commit/node_modules/execa/lib/arguments/cwd.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./file-url

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/mkdir.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./symlink-error ./cwd-error
+LOW	fs/directory/create	creates directories	mkdir
+LOW	fs/file/delete	deletes files	unlink

Added: /tmp/current-commit/node_modules/execa/lib/arguments/shell.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/node/blob/e38ce27f3ca0a65f68a31cedd984cddb927d4

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/testpackage.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./testbinary ./util
+LOW	fs/directory/create	creates directories	mkdir
+LOW	fs/file/exists	check if a file exists	path.exists

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/bin/node-pre-gyp [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env

Added: /tmp/current-commit/node_modules/execa/types/transform/normalize.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess
+LOW	net/url/embedded	contains embedded HTTPS URLs	sindresorhus/execa#694

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/mjs/path-arg.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+LOW	os/env/get	Retrieve environment variable values	env.__TESTING_MKDIRP

Added: /tmp/current-commit/node_modules/execa/lib/ipc/ipc-input.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.sendMessage(ipcInput);
+LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Added: /tmp/current-commit/node_modules/execa/lib/arguments/encoding-option.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/base64	Supports base64 encoded strings	base64

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/rebuild.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./util

Added: /tmp/current-commit/node_modules/node-gyp-build/build-test.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env
+LOW	os/env/get	Retrieve environment variable values	env.NODE_ENV

Added: /tmp/current-commit/node_modules/consola/dist/browser.d.cts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./core

Added: /tmp/current-commit/node_modules/execa/lib/ipc/get-each.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./validation ./reference ./forward

Added: /tmp/current-commit/node_modules/get-stream/source/array-buffer.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./contents ./utils

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/mjs/opts-arg.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/directory/create	creates directories	mkdir

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/cwd-error.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	process/chdir	changes working directory	cd into

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/util/s3_setup.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/intercept	References interception	interceptors
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://mapbox-node-pre-gyp-public-testing-bucket.s3.us-east-1.amazonaws. https://bucket-name.s3.Region.amazonaws.com/key-name https://bucket-name.s3-Region.amazonaws.com/key-name

Added: /tmp/current-commit/node_modules/cbor/lib/objectRecorder.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://cbor.schmorp.de/value-sharing

Added: /tmp/current-commit/node_modules/detect-libc/lib/detect-libc.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	executes external program	exec(command, (err, out) require
+MEDIUM	fs/path/relative	references and possibly executes relative path	./filesystem ./process
+MEDIUM	process/create	create child process	require('child_process')

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/util/napi.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	[napi_build_version_tag + napi_build_version] (napi_build_version_tag + napi_build_version) (napi_build_version_tag) (napi_build_versions) (napi_build_version) [latest_version] (napi_version) (package_json) (command_args) parseInt
+MEDIUM	discover/system/platform	get system identification	process.versions
+MEDIUM	fs/path/relative	references and possibly executes relative path	./log
+LOW	data/encoding/int	parses integers	parseInt(

Added: /tmp/current-commit/node_modules/get-stream/source/contents.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./stream

Added: /tmp/current-commit/node_modules/tar/dist/esm/extract.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./make-command ./unpack

Added: /tmp/current-commit/node_modules/execa/lib/return/duration.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess

Added: /tmp/current-commit/node_modules/execa/types/subprocess/subprocess.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.stdout`and`subprocess.stderr`.
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_ https://en.wikipedia.org/wiki/Process_identifier https://en.wikipedia.org/wiki/Standard_streams https://nodejs.org/api/child_process.html https://nodejs.org/api/os.html

Added: /tmp/current-commit/node_modules/ava/entrypoints/plugin.d.mts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/imports/python	imports python modules	import type
+LOW	exec/plugin	references a 'plugin'	Plugin

Added: /tmp/current-commit/node_modules/execa/lib/transform/encoding-transform.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	subprocess.stdin.write()` accepts Buffer, Uint8Array or string [subprocess.stdout
+LOW	os/fd/write	writes to a file handle	stringDecoder.write(chunk)

Added: /tmp/current-commit/node_modules/execa/types/arguments/fd-options.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	execute external program	[subprocess.readable

Changed (0 added, 18 removed): /tmp/current-commit/node_modules/lodash/flow.js [🛑 HIGH → 🔵 ]

18 removed behaviors

RISK	KEY	DESCRIPTION	EVIDENCE
-HIGH	anti-static/obfuscation/bitwise	uses an excessive amount of unsigned bitwise math	function( charAt(t charAt(c charAt(W r>>>12 v>>>32 r>>>16 r>>>17 x>>>19 v>>>12 v>>>18 r>>>18 x>>>24 x>>>16 c>>>0 m>>>0 r>>>6 v>>>6 k>>>0 c>>>6 a>>>6 j>>>6 e>>>0 t>>>0 v>>>0 a>>>0 i>>>0 u>>>0 h>>>3 l>>>0 r>>>0 b>>>0 x>>>0 n>>>0 o>>>0 j>>>0 h>>>0 o>>>1 i>>>1 i>>>8
-MEDIUM	anti-static/obfuscation/hex	many references to hexadecimal values	0xd1342543 0xdaba0b6e \x00 \x7f \xff \xEF \xBF \xBD \x07 \x1B
-MEDIUM	anti-static/obfuscation/js	high entropy javascript (>5.37) that uses charAt/substr/join loops	function( substr( charAt( join( for(
-MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	var dq=1000000010; charAt
-MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	[=String.fromCharCode(LD
-MEDIUM	discover/system/platform	get system identification	process.platform process.versions
-MEDIUM	fs/path/dev	path reference within /dev	/dev/stdin
-LOW	anti-behavior/random_behavior	uses a random number generator	getRandomValues randomBytes
-LOW	crypto/public_key	references a 'public key'	PublicKey
-LOW	data/encoding/int	parses integers	parseInt(
-LOW	exec/plugin	references a 'plugin'	prettierPlugins
-LOW	fs/directory/create	creates directories	mkdir
-LOW	fs/directory/list	Uses NodeJS functions to list a directory	.readdirSync(
-LOW	fs/directory/remove	Uses libc functions to remove directories	rmdir
-LOW	fs/file/delete	deletes files	unlink
-LOW	fs/file/stat	access filesystem metadata	fs.statSync(this.nm(x)).isDirectory() fs.statSync(this.nm(x)).isFile()
-LOW	fs/link_read	read value of a symbolic link	readlink
-LOW	fs/tempdir	looks up location of temp directory	TMPDIR

Bump github/codeql-action from 3.29.2 to 3.29.3

80dc9ae

--- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 21, 2025

some-natalie merged commit d356c59 into main Jul 21, 2025
5 checks passed

some-natalie deleted the dependabot/github_actions/github/codeql-action-3.29.3 branch July 21, 2025 17:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github/codeql-action from 3.29.2 to 3.29.3#37

Bump github/codeql-action from 3.29.2 to 3.29.3#37
some-natalie merged 1 commit intomainfrom
dependabot/github_actions/github/codeql-action-3.29.3

dependabot Bot commented on behalf of github Jul 21, 2025

Uh oh!

github-actions Bot commented Jul 21, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jul 21, 2025

Uh oh!

github-actions Bot commented Jul 21, 2025

Deleted: /tmp/prior-commit/node_modules/fsevents/fsevents.node [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/ava/lib/worker/dependency-tracker.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/fsevents/fsevents.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/chokidar/lib/nodefs-handler.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/chokidar/lib/fsevents-handler.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/pipe/pipe-arguments.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/tar/dist/esm/list.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/consola/dist/basic.cjs [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/consola/dist/basic.d.cts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/resolve/wait-stream.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/util/handle_gyp_opts.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/write-entry.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/@vercel/nft/out/cli.d.ts [🔵 LOW]

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/install.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/ava/lib/worker/completion-handlers.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/consola/dist/chunks/prompt.mjs [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/arguments/file-url.js [🔵 LOW]

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/path-reservations.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/ipc/send.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/transform/run-async.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/tar/dist/esm/pax.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/tar/dist/esm/mkdir.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/types/ipc.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/pack.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/types/methods/template.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/cbor/types/lib/objectRecorder.d.ts [🔵 LOW]

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/replace.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/pipe/streaming.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/types/arguments/encoding-option.d.ts [🔵 LOW]

Added: /tmp/current-commit/node_modules/node-gyp-build/optional.js [🔵 LOW]

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/mjs/mkdirp-manual.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/pax.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/stdio/duplicate.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/verbose/ipc.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/ipc/incoming.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/util/versioning.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/cjs/src/use-native.js [🟡 MEDIUM]

Added: /tmp/current-commit/src/diff-informed-analysis-utils.test.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/terminate/graceful.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/types/subprocess/stdout.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/types/subprocess/stdio.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/lib/diff-informed-analysis-utils.test.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/types/methods/main-sync.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/io/output-sync.js [🔵 LOW]

Added: /tmp/current-commit/node_modules/tar/node_modules/mkdirp/dist/mjs/use-native.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/types/verbose.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/ava/entrypoints/internal.d.mts [🔵 LOW]

Added: /tmp/current-commit/node_modules/@vercel/nft/out/utils/binary-locators.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/types/methods/main-async.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/tar/dist/esm/winchars.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/get-stream/source/exports.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/utils/uint-array.js [🔵 LOW]

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/unpack.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/consola/dist/chunks/prompt.cjs [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/tar/dist/esm/get-write-flag.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/get-east-asian-width/lookup.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/pipe/sequence.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/package.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/@vercel/nft/out/resolve-dependency.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/@vercel/nft/out/resolve-dependency.js [🔵 LOW]

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/make-command.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/ava/entrypoints/main.d.mts [🔵 LOW]

Added: /tmp/current-commit/node_modules/execa/lib/ipc/outgoing.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/io/strip-newline.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/util/nw-pre-gyp/index.html [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/@mapbox/node-pre-gyp/lib/unpublish.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/stdio/direction.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/estree-walker/dist/umd/estree-walker.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/consola/dist/browser.d.mts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/ipc/buffer-messages.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/tar/dist/commonjs/normalize-windows-path.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/acorn-walk/dist/walk.d.mts [🔵 LOW]

Added: /tmp/current-commit/node_modules/consola/dist/basic.mjs [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/tar/dist/esm/write-entry.js [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/types/return/final-error.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit/node_modules/execa/lib/ipc/get-one.js [🟡 MEDIUM]