:arrow_up: Updates node to v26 by renovate[bot] · Pull Request #602 · AlexRogalskiy/github-action-coverage-reporter

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	conventional-changelog-cli@2.1.1
	jest@26.6.3
	husky@5.2.0
	eslint-plugin-node@11.1.0
	cz-conventional-changelog@3.3.0
	@types/jest@26.0.22
	eslint-plugin-spellcheck@0.0.8
	env-cmd@10.1.0
	eslint-plugin-github@4.1.3
	@semantic-release/commit-analyzer@8.0.1
	@semantic-release/release-notes-generator@9.0.2
	eslint-import-resolver-typescript@2.4.0
	@actions/core@1.2.7
	eslint-plugin-unicorn@17.2.0
	@semantic-release/changelog@5.0.1
	eslint-plugin-prettier@3.3.1
	@semantic-release/npm@7.1.1
	@actions/github@2.2.0
	eslint-plugin-jest@23.20.0

View full report

socket-security · 2026-05-06T20:17:08Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Critical CVE: Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code in npm `@babel/traverse` CVE: GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code (CRITICAL) Affected versions: < 7.23.2; >= 8.0.0-alpha.0 < 8.0.0-alpha.4 Patched version: 7.23.2 From: package-lock.json → `npm/folio@0.3.18` → `npm/jest-circus@26.6.3` → `npm/jest@26.6.3` → `npm/@babel/traverse@7.13.15` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@babel/traverse@7.13.15`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: npm `form-data` uses unsafe random function in form-data for choosing boundary CVE: GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary (CRITICAL) Affected versions: < 2.5.4; >= 3.0.0 < 3.0.4; >= 4.0.0 < 4.0.4 Patched version: 2.5.4 From: package-lock.json → `npm/form-data@2.3.3` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/form-data@2.3.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Prototype Pollution in npm `minimist` CVE: GHSA-xvch-5gv4-984h Prototype Pollution in minimist (CRITICAL) Affected versions: >= 1.0.0 < 1.2.6; < 0.2.4 Patched version: 1.2.6 From: package-lock.json → `npm/@semantic-release/release-notes-generator@9.0.2` → `npm/folio@0.3.18` → `npm/cz-conventional-changelog@3.3.0` → `npm/conventional-changelog-cli@2.1.1` → `npm/license-checker@25.0.1` → `npm/@semantic-release/npm@7.1.1` → `npm/jest-circus@26.6.3` → `npm/coveralls@3.1.0` → `npm/jest@26.6.3` → `npm/minimist@1.2.5` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/minimist@1.2.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

github-actions · 2026-05-06T20:17:23Z

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.

github-actions

Scan Summary

Tool	Critical	High	Medium	Low	Status
Security Audit for Infrastructure	0	0	0	3	✅

Recommendation

Looks good ✔️

⬆️ Updates node to v26

935bab5

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

renovate Bot added the npm dependencies label May 6, 2026

auto-assign Bot requested a review from AlexRogalskiy May 6, 2026 20:16

github-actions Bot added the review-required label May 6, 2026

github-actions Bot reviewed May 6, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

⬆️ Updates node to v26#602

⬆️ Updates node to v26#602
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/node-26.x

renovate Bot commented May 6, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 6, 2026

Uh oh!

github-actions Bot commented May 6, 2026

Uh oh!

socket-security Bot commented May 6, 2026

Uh oh!

socket-security Bot commented May 6, 2026

Uh oh!

github-actions Bot commented May 6, 2026

Uh oh!

github-actions Bot left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

renovate Bot commented May 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v26.1.0: 26.1.0

v24.15.0: 24.15.0

v24.14.1: 24.14.1

v24.14.0: 24.14.0

v24.13.1: 24.13.1

v24.13.0: 24.13.0

v24.12.0: 24.12.0

v24.11.1: 24.11.1

v24.11.0: 24.11.0

v24.10.0: 24.10.0

v24.9.0: 24.9.0

v24.8.0: 24.8.0

v24.7.0: 24.7.0

v24.6.0: 24.6.0

v24.5.0: 24.5.0

v24.4.1: 24.4.1

v24.4.0: 24.4.0

v24.3.0: 24.3.0

v24.2.0: 24.2.0

v24.1.0: 24.1.0

v24.0.2: 24.0.2

v24.0.1: 24.0.1

v24.0.0: 24.0.0

v22.22.2: 22.22.2

v22.22.1: 22.22.1

v22.22.0: 22.22.0

v22.21.1: 22.21.1

v22.21.0: 22.21.0

v22.20.0: 22.20.0

v22.19.0: 22.19.0

v22.18.0: 22.18.0

v22.17.1: 22.17.1

v22.17.0: 22.17.0

v22.16.0: 22.16.0

v22.15.1: 22.15.1

v22.15.0: 22.15.0

v22.14.0: 22.14.0

v22.13.1: 22.13.1

v22.13.0: 22.13.0

v22.12.0: 22.12.0

v22.11.0: 22.11.0

v22.10.0: 22.10.0

v22.9.0: 22.9.0

v22.8.0: 22.8.0

v22.7.0: 22.7.0

v22.6.0: 22.6.0

v22.5.1: 22.5.1

v22.5.0: 22.5.0

v22.4.1: 22.4.1

v22.4.0: 22.4.0

v22.3.0: 22.3.0

v22.2.0: 22.2.0

v22.1.0: 22.1.0

v22.0.0: 22.0.0

v20.20.2: 20.20.2

v20.20.1: 20.20.1

v20.20.0: 20.20.0

v20.19.6: 20.19.6

v20.19.5: 20.19.5

v20.19.4: 20.19.4

v20.19.3: 20.19.3

v20.19.2: 20.19.2

v20.19.1: 20.19.1

v20.19.0: 20.19.0

v20.18.3: 20.18.3

v20.18.2: 20.18.2

v20.18.1: 20.18.1

v20.18.0: 20.18.0

v20.17.0: 20.17.0

v20.16.0: 20.16.0

v20.15.1: 20.15.1

v20.15.0: 20.15.0

v20.14.0: 20.14.0

v20.13.1: 20.13.1

v20.13.0: 20.13.0

renovate Bot commented May 6, 2026 •

edited

Loading

`v26.1.0`: 26.1.0

`v24.15.0`: 24.15.0

`v24.14.1`: 24.14.1

`v24.14.0`: 24.14.0

`v24.13.1`: 24.13.1

`v24.13.0`: 24.13.0

`v24.12.0`: 24.12.0

`v24.11.1`: 24.11.1

`v24.11.0`: 24.11.0

`v24.10.0`: 24.10.0

`v24.9.0`: 24.9.0

`v24.8.0`: 24.8.0

`v24.7.0`: 24.7.0

`v24.6.0`: 24.6.0

`v24.5.0`: 24.5.0

`v24.4.1`: 24.4.1

`v24.4.0`: 24.4.0

`v24.3.0`: 24.3.0

`v24.2.0`: 24.2.0

`v24.1.0`: 24.1.0

`v24.0.2`: 24.0.2

`v24.0.1`: 24.0.1

`v24.0.0`: 24.0.0

`v22.22.2`: 22.22.2

`v22.22.1`: 22.22.1

`v22.22.0`: 22.22.0

`v22.21.1`: 22.21.1

`v22.21.0`: 22.21.0

`v22.20.0`: 22.20.0

`v22.19.0`: 22.19.0

`v22.18.0`: 22.18.0

`v22.17.1`: 22.17.1

`v22.17.0`: 22.17.0

`v22.16.0`: 22.16.0

`v22.15.1`: 22.15.1

`v22.15.0`: 22.15.0

`v22.14.0`: 22.14.0

`v22.13.1`: 22.13.1

`v22.13.0`: 22.13.0

`v22.12.0`: 22.12.0

`v22.11.0`: 22.11.0

`v22.10.0`: 22.10.0

`v22.9.0`: 22.9.0

`v22.8.0`: 22.8.0

`v22.7.0`: 22.7.0

`v22.6.0`: 22.6.0

`v22.5.1`: 22.5.1

`v22.5.0`: 22.5.0

`v22.4.1`: 22.4.1

`v22.4.0`: 22.4.0

`v22.3.0`: 22.3.0

`v22.2.0`: 22.2.0

`v22.1.0`: 22.1.0

`v22.0.0`: 22.0.0

`v20.20.2`: 20.20.2

`v20.20.1`: 20.20.1

`v20.20.0`: 20.20.0

`v20.19.6`: 20.19.6

`v20.19.5`: 20.19.5

`v20.19.4`: 20.19.4

`v20.19.3`: 20.19.3

`v20.19.2`: 20.19.2

`v20.19.1`: 20.19.1

`v20.19.0`: 20.19.0

`v20.18.3`: 20.18.3

`v20.18.2`: 20.18.2

`v20.18.1`: 20.18.1

`v20.18.0`: 20.18.0

`v20.17.0`: 20.17.0

`v20.16.0`: 20.16.0

`v20.15.1`: 20.15.1

`v20.15.0`: 20.15.0

`v20.14.0`: 20.14.0

`v20.13.1`: 20.13.1

`v20.13.0`: 20.13.0

`v20.12.2`: 20.12.2

`v20.12.1`: 20.12.1

`v20.12.0`: 20.12.0

`v20.11.1`: 20.11.1