Skip to content

chore(deps): update dependency archiver to v5.3.2 #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from

chore(deps): update dependency archiver to v5.3.2

d24836c
Select commit
Loading
Failed to load commit list.
Open

chore(deps): update dependency archiver to v5.3.2 #152

chore(deps): update dependency archiver to v5.3.2
d24836c
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Mar 5, 2026 in 14m 57s

Security Report

You have successfully remediated 7 vulnerabilities, but introduced 11 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-2026-27904

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimatch/package.json

Dependency Hierarchy:

-> archiver-5.3.2.tgz (Root Library)

   -> archiver-utils-2.1.0.tgz

     -> glob-7.2.0.tgz

       -> ❌ minimatch-3.1.2.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.2.tgz archiver-5.3.2.tgz Transitive 3.1.4 None
CVE-2026-27903

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimatch/package.json

Dependency Hierarchy:

-> archiver-5.3.2.tgz (Root Library)

   -> archiver-utils-2.1.0.tgz

     -> glob-7.2.0.tgz

       -> ❌ minimatch-3.1.2.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.2.tgz archiver-5.3.2.tgz Transitive https://github.com/isaacs/minimatch.git - v9.0.7,https://github.com/isaacs/minimatch.git - v6.2.2,https://github.com/isaacs/minimatch.git - v4.2.5,https://github.com/isaacs/minimatch.git - v7.4.8,https://github.com/isaacs/minimatch.git - v5.1.8,https://github.com/isaacs/minimatch.git - v10.2.3,https://github.com/isaacs/minimatch.git - v8.0.6,https://github.com/isaacs/minimatch.git - v3.1.3 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimatch/package.json

Dependency Hierarchy:

-> archiver-5.3.2.tgz (Root Library)

   -> archiver-utils-2.1.0.tgz

     -> glob-7.2.0.tgz

       -> ❌ minimatch-3.1.2.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.2.tgz archiver-5.3.2.tgz Transitive https://github.com/isaacs/minimatch.git - v10.2.1,https://github.com/isaacs/minimatch.git - v7.4.7,https://github.com/isaacs/minimatch.git - v6.2.1,https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v9.0.6,https://github.com/isaacs/minimatch.git - v4.2.4,https://github.com/isaacs/minimatch.git - v8.0.5,https://github.com/isaacs/minimatch.git - v5.1.7 None
CVE-2024-45590

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/body-parser/package.json

Dependency Hierarchy:

-> express-4.18.2.tgz (Root Library)

   -> ❌ body-parser-1.20.1.tgz (Vulnerable Library)

High 7.5 Transitive body-parser-1.20.1.tgz express-4.18.2.tgz Transitive 1.20.3 None
CVE-2024-29041

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.18.2.tgz (Vulnerable Library)

Medium 6.1 Direct express-4.18.2.tgz express-4.18.2.tgz 4.19.0 None
CVE-2024-47764

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/express/node_modules/cookie/package.json

Dependency Hierarchy:

-> express-4.18.2.tgz (Root Library)

   -> ❌ cookie-0.5.0.tgz (Vulnerable Library)

Medium 5.3 Transitive cookie-0.5.0.tgz express-4.18.2.tgz Transitive 0.7.0 None
CVE-2024-43800

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/serve-static/package.json

Dependency Hierarchy:

-> express-4.18.2.tgz (Root Library)

   -> ❌ serve-static-1.15.0.tgz (Vulnerable Library)

Medium 5.0 Transitive serve-static-1.15.0.tgz express-4.18.2.tgz Transitive 1.16.0 None
CVE-2024-43799

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/send/package.json

Dependency Hierarchy:

-> express-4.18.2.tgz (Root Library)

   -> ❌ send-0.18.0.tgz (Vulnerable Library)

Medium 5.0 Transitive send-0.18.0.tgz express-4.18.2.tgz Transitive 0.19.0 None
CVE-2024-43796

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.18.2.tgz (Vulnerable Library)

Medium 5.0 Direct express-4.18.2.tgz express-4.18.2.tgz 4.20.0 None
CVE-2026-2391

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/qs/package.json

Dependency Hierarchy:

-> express-4.18.2.tgz (Root Library)

   -> ❌ qs-6.11.0.tgz (Vulnerable Library)

Low 3.7 Transitive qs-6.11.0.tgz express-4.18.2.tgz Transitive 6.14.2 None
CVE-2025-15284

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/qs/package.json

Dependency Hierarchy:

-> express-4.18.2.tgz (Root Library)

   -> ❌ qs-6.11.0.tgz (Vulnerable Library)

Low 3.7 Transitive qs-6.11.0.tgz express-4.18.2.tgz Transitive 6.14.1 None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2024-45590 body-parser-1.19.2.tgz
CVE-2026-2391 qs-6.9.7.tgz
CVE-2024-43799 send-0.17.2.tgz
CVE-2024-43796 express-4.17.3.tgz
CVE-2025-15284 qs-6.9.7.tgz
CVE-2024-29041 express-4.17.3.tgz
CVE-2024-43800 serve-static-1.14.2.tgz

Base branch total remaining vulnerabilities: 64
Base branch commit: null


Total libraries scanned: 273

Scan token: 708fc426ce76442f8ab786257cc29613

View more details on Mend Bolt for GitHub