Bump anchore/sbom-action from 0.23.0 to 0.23.1 by dependabot[bot] · Pull Request #571 · some-natalie/kubernoodles

dependabot · 2026-03-10T15:14:32Z

Bumps anchore/sbom-action from 0.23.0 to 0.23.1.

Release notes

Sourced from anchore/sbom-action's releases.

v0.23.1

⬆️ Dependencies

chore(deps): update Syft to v1.42.2 (#607) [@anchore-actions-token-generator[bot]]

chore(deps): bump fast-xml-parser and all other deps (#604) [@dependabot[bot]]

Commits

57aae52 chore(deps): update Syft to v1.42.2 (#607)
c29e913 chore(deps): bump fast-xml-parser and other deps (#604)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.23.0 to 0.23.1. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@17ae174...57aae52) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.23.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-10T15:16:12Z

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/bin/semver.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://semver.org/

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/classes/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./comparator ./semver ./range

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/classes/range.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	sus/exclamation	gets very excited	return !!

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/clean.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/cmp.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./gte ./lte ./neq ./eq

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/coerce.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	exec/program	executes external program	exec(version)) require

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/compare-loose.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/diff.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/eq.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/gt.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/gte.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/lt.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/lte.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/neq.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/prerelease.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/rcompare.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/rsort.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare-build

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/sort.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare-build

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/valid.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./functions ./internal ./classes ./ranges

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/internal/debug.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	os/env/get	Retrieve environment variable values	env.NODE_DEBUG

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/internal/re.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./debug

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/package.json [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/npm/node-semver.git

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/preload.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./index

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/ranges/gtr.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./outside

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/ranges/ltr.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./outside

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/bin/semver.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://semver.org/

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/classes/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./comparator ./semver ./range

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/classes/range.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	sus/exclamation	gets very excited	return !!

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/clean.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/cmp.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./gte ./lte ./neq ./eq

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/coerce.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	exec/program	executes external program	exec(version)) require

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/compare-loose.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/diff.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/eq.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/gt.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/gte.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/lt.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/lte.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/neq.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/prerelease.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/rcompare.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/rsort.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare-build

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/sort.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compare-build

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/valid.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./functions ./internal ./classes ./ranges

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/internal/debug.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	os/env/get	Retrieve environment variable values	env.NODE_DEBUG

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/internal/re.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./debug

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/package.json [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/npm/node-semver.git

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/preload.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./index

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/ranges/gtr.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./outside

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/ranges/ltr.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./outside

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	discover/system/platform	get system identification	os.platform()
-MEDIUM	fs/path/relative	references and possibly executes relative path	./lib

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/lib/parse.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	exec/program	executes external program	exec(remaining()) exec(str) require
-MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./utils

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/lib/picomatch.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	exec/program	executes external program	exec(output) require
-MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./parse ./utils ./scan ./foo

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/lib/scan.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./utils

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/lib/utils.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	discover/system/platform	get system identification	process.platform
-MEDIUM	fs/path/relative	references and possibly executes relative path	./constants

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/package.json [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	exec/plugin	references a 'plugin'	plugins
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/micromatch/picomatch/issues https://github.com/sponsors/jonschlinkert https://github.com/jonschlinkert

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/posix.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./lib

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/fdir/dist/index.cjs [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	discover/system/platform	get system identification	process.platform
-LOW	fs/directory/list	Uses NodeJS functions to list a directory	.readdirSync(
-LOW	fs/symlink_resolve	resolves symbolic links	realpath

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/fdir/dist/index.mjs [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	fs/symlink_resolve	resolves symbolic links	realpath

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/fdir/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	discover/system/sysinfo	get system information (load, swap)	systeminfo
-MEDIUM	fs/path/relative	references and possibly executes relative path	./package ./scripts ./dist
-MEDIUM	net/email/exotic_addr	Contains an exotic email address	thecodrr@protonmail.com
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/thecodrr/fdir/issues https://github.com/thecodrr/fdir.git

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	discover/system/platform	get system identification	os.platform()
-MEDIUM	fs/path/relative	references and possibly executes relative path	./lib

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/lib/parse.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	exec/program	executes external program	exec(remaining()) exec(str) require
-MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./utils

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/lib/picomatch.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	exec/program	executes external program	exec(output) require
-MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./parse ./utils ./scan ./foo

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/lib/scan.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./utils

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/lib/utils.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	discover/system/platform	get system identification	process.platform
-MEDIUM	fs/path/relative	references and possibly executes relative path	./constants

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/package.json [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	exec/plugin	references a 'plugin'	plugins
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/micromatch/picomatch/issues https://github.com/sponsors/jonschlinkert https://github.com/jonschlinkert

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/posix.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./lib

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/artifact/lib/internal/upload/stream.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/symlink_resolve	resolves symbolic links	realpath
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/node/issues/8855

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/artifact/lib/internal/upload/types.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exfil/office_file_ext	References multiple Office file extensions (possible exfil)	docx xlsx ppt
+LOW	data/compression/gzip	works with gzip files	gzip

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./package ./dist ./src
+LOW	fs/directory/create	creates directories	mkdir

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion/dist/commonjs/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	fromCharCode (need + 1) [a-zA-Z] parseInt
+MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	String.fromCharCode(i)
+LOW	anti-behavior/random_behavior	uses a random number generator	random
+LOW	data/encoding/int	parses integers	parseInt(

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion/dist/commonjs/index.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	String.fromCharCode(i)\n
+LOW	anti-behavior/random_behavior	uses a random number generator	random
+LOW	data/encoding/int	parses integers	parseInt(

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion/dist/esm/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	fromCharCode (need + 1) [a-zA-Z] parseInt
+MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	String.fromCharCode(i)
+LOW	anti-behavior/random_behavior	uses a random number generator	random
+LOW	data/encoding/int	parses integers	parseInt(

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion/dist/esm/index.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	String.fromCharCode(i)\n
+LOW	anti-behavior/random_behavior	uses a random number generator	random
+LOW	data/encoding/int	parses integers	parseInt(

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./package ./dist ./src
+LOW	fs/directory/create	creates directories	mkdir

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/commonjs/ast.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./index

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/commonjs/ast.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./unescape
+MEDIUM	sus/exclamation	gets very excited	return !!

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/commonjs/ast.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/exclamation	gets very excited	n return !!

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/commonjs/escape.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./index

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/commonjs/index.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./unescape ./escape ./ast

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/commonjs/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+MEDIUM	fs/path/relative	references and possibly executes relative path	./unescape ./escape ./ast
+MEDIUM	sus/exclamation	gets very excited	return !!
+LOW	c2/tool_transfer/os	references a specific operating system	https:// Windows windows
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/yetingli
+LOW	os/env/get	Retrieve environment variable values	env.__MINIMATCH_TEST

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/commonjs/index.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	c2/tool_transfer/os	references multiple operating systems	https:// Windows windows darwin linux
+MEDIUM	sus/exclamation	gets very excited	n return !! n !!
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/yetingli
+LOW	os/env/get	Retrieve environment variable values	env.__MINIMATCH_TEST

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/commonjs/unescape.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./index

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/esm/ast.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./index

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/esm/ast.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./unescape
+MEDIUM	sus/exclamation	gets very excited	return !!

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/esm/ast.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/exclamation	gets very excited	n return !!

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/esm/escape.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./index

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/esm/index.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./unescape ./escape ./ast

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/esm/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+MEDIUM	fs/path/relative	references and possibly executes relative path	./unescape ./escape ./ast
+MEDIUM	sus/exclamation	gets very excited	return !!
+LOW	c2/tool_transfer/os	references a specific operating system	https:// Windows windows
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/yetingli
+LOW	os/env/get	Retrieve environment variable values	env.__MINIMATCH_TEST

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/esm/index.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	c2/tool_transfer/os	references multiple operating systems	https:// Windows windows darwin linux
+MEDIUM	sus/exclamation	gets very excited	n return !! n !!
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/yetingli
+LOW	os/env/get	Retrieve environment variable values	env.__MINIMATCH_TEST

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/dist/esm/unescape.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./index

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./package ./dist ./src
+LOW	fs/directory/create	creates directories	mkdir
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/sponsors/isaacs

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/fast-xml-builder/lib/builder.min.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./lib ./src

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/fast-xml-builder/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./lib ./src
+LOW	exec/plugin	references a 'plugin'	plugin
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/NaturalIntelligence/fast-xml-builder.git https://github.com/sponsors/NaturalIntelligence https://solothought.com

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/fdir/dist/index.cjs [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+LOW	fs/directory/list	Uses NodeJS functions to list a directory	.readdirSync(
+LOW	fs/symlink_resolve	resolves symbolic links	realpath

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/fdir/dist/index.mjs [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/symlink_resolve	resolves symbolic links	realpath

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/fdir/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/sysinfo	get system information (load, swap)	systeminfo
+MEDIUM	fs/path/relative	references and possibly executes relative path	./package ./scripts ./dist
+MEDIUM	net/email/exotic_addr	Contains an exotic email address	thecodrr@protonmail.com
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/thecodrr/fdir/issues https://github.com/thecodrr/fdir.git

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/picomatch/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	os.platform()
+MEDIUM	fs/path/relative	references and possibly executes relative path	./lib

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/picomatch/lib/parse.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	executes external program	exec(remaining()) exec(str) require
+MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./utils

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/picomatch/lib/picomatch.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	executes external program	exec(output) require
+MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./parse ./utils ./scan ./foo

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/picomatch/lib/scan.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./utils

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/picomatch/lib/utils.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+MEDIUM	fs/path/relative	references and possibly executes relative path	./constants

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/picomatch/package.json [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	plugins
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/micromatch/picomatch/issues https://github.com/sponsors/jonschlinkert https://github.com/jonschlinkert

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/picomatch/posix.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./lib

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/bin/semver.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://semver.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/classes/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./comparator ./semver ./range

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/classes/range.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/exclamation	gets very excited	return !!

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/clean.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/cmp.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./gte ./lte ./neq ./eq

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/coerce.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/program	executes external program	exec(version)) require

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/compare-loose.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/diff.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/eq.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/gt.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/gte.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/lt.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/lte.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/neq.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/prerelease.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/rcompare.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compare

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/rsort.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compare-build

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/sort.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compare-build

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/functions/valid.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./parse

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./functions ./internal ./classes ./ranges

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/internal/debug.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	os/env/get	Retrieve environment variable values	env.NODE_DEBUG

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/internal/re.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./debug

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/package.json [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/npm/node-semver.git

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/preload.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./index

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/ranges/gtr.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./outside

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/semver/ranges/ltr.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./outside

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code patch Patch semver labels Mar 10, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump anchore/sbom-action from 0.23.0 to 0.23.1#571

Bump anchore/sbom-action from 0.23.0 to 0.23.1#571
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/anchore/sbom-action-0.23.1

dependabot bot commented on behalf of github Mar 10, 2026

Uh oh!

github-actions bot commented Mar 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 10, 2026

v0.23.1

⬆️ Dependencies

Uh oh!

github-actions bot commented Mar 10, 2026

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/bin/semver.js [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/classes/index.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/classes/range.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/clean.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/cmp.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/coerce.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/compare-loose.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/diff.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/eq.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/gt.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/gte.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/lt.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/lte.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/neq.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/prerelease.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/rcompare.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/rsort.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/sort.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/functions/valid.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/index.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/internal/debug.js [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/internal/re.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/package.json [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/preload.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/ranges/gtr.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/tool-cache/node_modules/semver/ranges/ltr.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/bin/semver.js [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/classes/index.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/classes/range.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/clean.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/cmp.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/coerce.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/compare-loose.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/diff.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/eq.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/gt.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/gte.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/lt.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/lte.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/neq.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/prerelease.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/rcompare.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/rsort.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/sort.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/functions/valid.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/index.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/internal/debug.js [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/internal/re.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/package.json [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/preload.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/ranges/gtr.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/ranges/ltr.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/index.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/lib/parse.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/lib/picomatch.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/lib/scan.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/lib/utils.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/package.json [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/pretty-quick/node_modules/picomatch/posix.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/fdir/dist/index.cjs [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/fdir/dist/index.mjs [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/fdir/package.json [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/index.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/lib/parse.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/lib/picomatch.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/lib/scan.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/lib/utils.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/package.json [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/tinyglobby/node_modules/picomatch/posix.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/artifact/lib/internal/upload/stream.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/artifact/lib/internal/upload/types.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match/package.json [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion/dist/commonjs/index.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion/dist/commonjs/index.js.map [🟡 MEDIUM]