File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ {
2+ "version" : 1 ,
3+ "createdAt" : " 2026-06-18T15:47:32.794Z" ,
4+ "findings" : [
5+ {
6+ "name" : " vitest" ,
7+ "version" : " 4.0.17" ,
8+ "advisoryIds" : [
9+ " GHSA-5xrq-8626-4rwp"
10+ ]
11+ },
12+ {
13+ "name" : " jsonpath-plus" ,
14+ "version" : " 4.0.0" ,
15+ "advisoryIds" : [
16+ " GHSA-hw8r-x6gr-5gjp" ,
17+ " GHSA-pppg-cpfq-h7wr"
18+ ]
19+ },
20+ {
21+ "name" : " protobufjs" ,
22+ "version" : " 7.5.4" ,
23+ "advisoryIds" : [
24+ " GHSA-2pr8-phx7-x9h3" ,
25+ " GHSA-66ff-xgx4-vchm" ,
26+ " GHSA-685m-2w69-288q" ,
27+ " GHSA-75px-5xx7-5xc7" ,
28+ " GHSA-f38q-mgvj-vph7" ,
29+ " GHSA-fx83-v9x8-x52w" ,
30+ " GHSA-jggg-4jg4-v7c6" ,
31+ " GHSA-jvwf-75h9-cwgg" ,
32+ " GHSA-q6x5-8v7m-xcrf" ,
33+ " GHSA-wcpc-wj8m-hjx6" ,
34+ " GHSA-xq3m-2v4x-88gg"
35+ ]
36+ },
37+ {
38+ "name" : " ws" ,
39+ "version" : " 8.20.1" ,
40+ "advisoryIds" : [
41+ " GHSA-96hv-2xvq-fx4p"
42+ ]
43+ },
44+ {
45+ "name" : " flatted" ,
46+ "version" : " 3.3.1" ,
47+ "advisoryIds" : [
48+ " GHSA-25h7-pfq9-p65f" ,
49+ " GHSA-rf6f-7fwh-wjgh"
50+ ]
51+ },
52+ {
53+ "name" : " glob" ,
54+ "version" : " 10.3.10" ,
55+ "advisoryIds" : [
56+ " GHSA-5j98-mcp5-4vw2"
57+ ]
58+ },
59+ {
60+ "name" : " glob" ,
61+ "version" : " 10.4.5" ,
62+ "advisoryIds" : [
63+ " GHSA-5j98-mcp5-4vw2"
64+ ]
65+ },
66+ {
67+ "name" : " lodash" ,
68+ "version" : " 4.17.21" ,
69+ "advisoryIds" : [
70+ " GHSA-f23m-r3pf-42rh" ,
71+ " GHSA-r5fr-rjxr-66jc" ,
72+ " GHSA-xxjr-mmjv-4gpg"
73+ ]
74+ },
75+ {
76+ "name" : " minimatch" ,
77+ "version" : " 3.0.8" ,
78+ "advisoryIds" : [
79+ " GHSA-23c5-xmqv-rm74" ,
80+ " GHSA-3ppc-4f35-3m26" ,
81+ " GHSA-7r86-cg39-jmmj"
82+ ]
83+ },
84+ {
85+ "name" : " minimatch" ,
86+ "version" : " 3.1.2" ,
87+ "advisoryIds" : [
88+ " GHSA-23c5-xmqv-rm74" ,
89+ " GHSA-3ppc-4f35-3m26" ,
90+ " GHSA-7r86-cg39-jmmj"
91+ ]
92+ },
93+ {
94+ "name" : " minimatch" ,
95+ "version" : " 9.0.3" ,
96+ "advisoryIds" : [
97+ " GHSA-23c5-xmqv-rm74" ,
98+ " GHSA-3ppc-4f35-3m26" ,
99+ " GHSA-7r86-cg39-jmmj"
100+ ]
101+ },
102+ {
103+ "name" : " minimatch" ,
104+ "version" : " 9.0.4" ,
105+ "advisoryIds" : [
106+ " GHSA-23c5-xmqv-rm74" ,
107+ " GHSA-3ppc-4f35-3m26" ,
108+ " GHSA-7r86-cg39-jmmj"
109+ ]
110+ },
111+ {
112+ "name" : " protobufjs" ,
113+ "version" : " 7.5.6" ,
114+ "advisoryIds" : [
115+ " GHSA-f38q-mgvj-vph7" ,
116+ " GHSA-jggg-4jg4-v7c6" ,
117+ " GHSA-wcpc-wj8m-hjx6"
118+ ]
119+ },
120+ {
121+ "name" : " validator" ,
122+ "version" : " 13.12.0" ,
123+ "advisoryIds" : [
124+ " GHSA-9965-vmph-33xx" ,
125+ " GHSA-vghf-hv5q-vc2g"
126+ ]
127+ },
128+ {
129+ "name" : " @babel/runtime" ,
130+ "version" : " 7.24.5" ,
131+ "advisoryIds" : [
132+ " GHSA-968p-4wvh-cqc8"
133+ ]
134+ },
135+ {
136+ "name" : " @opentelemetry/core" ,
137+ "version" : " 1.27.0" ,
138+ "advisoryIds" : [
139+ " GHSA-8988-4f7v-96qf"
140+ ]
141+ },
142+ {
143+ "name" : " @opentelemetry/core" ,
144+ "version" : " 1.30.1" ,
145+ "advisoryIds" : [
146+ " GHSA-8988-4f7v-96qf"
147+ ]
148+ },
149+ {
150+ "name" : " @opentelemetry/core" ,
151+ "version" : " 2.2.0" ,
152+ "advisoryIds" : [
153+ " GHSA-8988-4f7v-96qf"
154+ ]
155+ },
156+ {
157+ "name" : " @protobufjs/utf8" ,
158+ "version" : " 1.1.0" ,
159+ "advisoryIds" : [
160+ " GHSA-q6x5-8v7m-xcrf"
161+ ]
162+ },
163+ {
164+ "name" : " ajv" ,
165+ "version" : " 6.12.6" ,
166+ "advisoryIds" : [
167+ " GHSA-2g4f-4pwh-qvx6"
168+ ]
169+ },
170+ {
171+ "name" : " brace-expansion" ,
172+ "version" : " 1.1.11" ,
173+ "advisoryIds" : [
174+ " GHSA-f886-m6hf-6m8v" ,
175+ " GHSA-v6h2-p8h4-qcjw"
176+ ]
177+ },
178+ {
179+ "name" : " brace-expansion" ,
180+ "version" : " 2.0.1" ,
181+ "advisoryIds" : [
182+ " GHSA-f886-m6hf-6m8v" ,
183+ " GHSA-v6h2-p8h4-qcjw"
184+ ]
185+ },
186+ {
187+ "name" : " brace-expansion" ,
188+ "version" : " 5.0.4" ,
189+ "advisoryIds" : [
190+ " GHSA-f886-m6hf-6m8v" ,
191+ " GHSA-jxxr-4gwj-5jf2"
192+ ]
193+ },
194+ {
195+ "name" : " js-yaml" ,
196+ "version" : " 3.14.1" ,
197+ "advisoryIds" : [
198+ " GHSA-h67p-54hq-rp68" ,
199+ " GHSA-mh29-5h37-fv8m"
200+ ]
201+ },
202+ {
203+ "name" : " js-yaml" ,
204+ "version" : " 4.1.1" ,
205+ "advisoryIds" : [
206+ " GHSA-h67p-54hq-rp68"
207+ ]
208+ },
209+ {
210+ "name" : " esbuild" ,
211+ "version" : " 0.27.7" ,
212+ "advisoryIds" : [
213+ " GHSA-g7r4-m6w7-qqqr"
214+ ]
215+ }
216+ ]
217+ }
Original file line number Diff line number Diff line change 1+ # SPDX-FileCopyrightText: 2024 LiveKit, Inc.
2+ #
3+ # SPDX-License-Identifier: Apache-2.0
4+
5+ name : Dependency Vulnerability Scan
6+
7+ on :
8+ push :
9+ branches : [next, main, 0.x]
10+ pull_request :
11+ branches : [next, main, 0.x]
12+
13+ jobs :
14+ scan :
15+ name : Dependency Vulnerability Scan
16+ runs-on : ubuntu-latest
17+ steps :
18+ - uses : actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
19+ - uses : pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
20+ - name : Setup node
21+ uses : actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
22+ with :
23+ node-version : 20
24+ cache : pnpm
25+ - name : Install dependencies
26+ run : pnpm install --frozen-lockfile --ignore-scripts
27+ - name : Scan for vulnerabilities
28+ run : npx cve-lite-cli@latest . --fail-on high --ratchet
You can’t perform that action at this time.
0 commit comments