fix(deps): update dependency hibp to v15 by renovate[bot] · Pull Request #1480 · leosuncin/nest-api-example

renovate · 2025-03-23T18:29:56Z

This PR contains the following updates:

Package	Change	Age	Confidence
hibp (source)	`14.1.3` → `15.2.1`

Release Notes

wKovacs64/hibp (hibp)

`v15.2.1`

Compare Source

Patch Changes

#569 a57fece Thanks @wKovacs64! - Fix preview publishing by adding type to the repository section of package.json. This is a package maintenance release only - no changes in the library itself.

`v15.2.0`

Compare Source

Minor Changes

#562 ab40e4a Thanks @wKovacs64! - Add signal option to all modules for user-controlled request cancellation via AbortSignal.

`v15.1.0`

Compare Source

Minor Changes

#543 70db0e1 Thanks @wKovacs64! - Add stealerLogsByEmailDomain module.
#541 655b473 Thanks @wKovacs64! - Add stealerLogsByEmail module.
#542 682cff7 Thanks @wKovacs64! - Add stealerLogsByWebsiteDomain module.
#539 a0c6e9a Thanks @wKovacs64! - Add subscribedDomains module.
#537 e15c6a7 Thanks @wKovacs64! - Add latestBreach module.
#538 f08af27 Thanks @wKovacs64! - Add breachedDomain module.

Patch Changes

#535 d47d462 Thanks @wKovacs64! - Add IncludesStealerLogs field to SubscriptionStatus interface and docs.

`v15.0.1`

Compare Source

Patch Changes

#510 879fe9f Thanks @wKovacs64! - Export the API data model types that were missing in v15.0.0.

`v15.0.0`

Compare Source

Major Changes

#509 e8d4986 Thanks @wKovacs64! - Drop support for Node 18 and remove the CommonJS and UMD builds:
- Drop support for Node.js 18 as it is end-of-life, making the new minimum Node.js runtime v20.19.0. Please upgrade your Node.js environment if necessary, or continue using a previous release if you are unable to upgrade your environment.
  - This also allowed us to drop the fetch polyfill that was only necessary in Node 18, which reduced the bundle size by approximately 33%! 📉 The library now officially has zero dependencies. 🎉
- Remove the CommonJS build since you can now require() ESM as of Node v20.19.0. Consumers in a CommonJS environment should still be able to use the library as before (given the appropriate Node.js version).
- Remove the UMD build as all modern browsers support importing ESM via <script type="module"> tags. See the "Using in the browser" section of the README for more details.

Minor Changes

#506 56fdf38 Thanks @wKovacs64! - Drop JSSHA dependency in favor of a native Web Crypto API SHA-1 hashing implementation. This change reduces the size of the library by approximately 30%! 📉

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2025-03-23T18:32:35Z

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
❌ ACTION	actionlint	6		1	0	0.28s
✅ BASH	bash-exec	3		0	0	0.01s
❌ BASH	shellcheck	3		1	0	0.03s
✅ BASH	shfmt	3	0	0	0	0.03s
✅ COPYPASTE	jscpd	yes		no	no	3.17s
❌ DOCKERFILE	hadolint	2		1	0	0.34s
✅ EDITORCONFIG	editorconfig-checker	157		0	0	0.67s
✅ JSON	jsonlint	18		0	0	0.18s
✅ JSON	npm-package-json-lint	yes		no	no	0.44s
✅ JSON	prettier	18	0	0	0	1.52s
❌ JSON	v8r	18		1	0	9.05s
⚠️ MARKDOWN	markdownlint	2	1	73	0	1.3s
❌ MARKDOWN	markdown-link-check	2		1	0	63.77s
✅ MARKDOWN	markdown-table-formatter	2	1	0	0	0.16s
❌ REPOSITORY	checkov	yes		5	no	15.09s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
❌ REPOSITORY	grype	yes		42	no	36.0s
✅ REPOSITORY	secretlint	yes		no	no	0.69s
✅ REPOSITORY	syft	yes		no	no	5.7s
⚠️ REPOSITORY	trivy	yes		1	no	11.63s
✅ REPOSITORY	trivy-sbom	yes		no	no	5.16s
✅ REPOSITORY	trufflehog	yes		no	no	17.05s
✅ SPELL	cspell	159		0	0	4.76s
❌ SPELL	lychee	32		7	0	2.67s
✅ TYPESCRIPT	prettier	108	36	0	0	4.88s
❌ TYPESCRIPT	ts-standard	108	108	1	0	25.53s
✅ YAML	prettier	12	0	0	0	2.03s
✅ YAML	v8r	12		0	0	5.27s
❌ YAML	yamllint	12		21	0	4.75s

See detailed report in MegaLinter reports

kodiakhq · 2025-03-24T22:15:23Z

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.

github-actions · 2026-03-03T19:49:13Z

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ COPYPASTE	jscpd	yes		no	no	3.04s
✅ EDITORCONFIG	editorconfig-checker	2		0	0	0.03s
✅ JSON	jsonlint	1		0	0	0.45s
✅ JSON	npm-package-json-lint	yes		no	no	0.47s
⚠️ JSON	prettier	1	0	1	0	0.3s
✅ JSON	v8r	1		0	0	6.53s
❌ REPOSITORY	checkov	yes		5	no	25.32s
❌ REPOSITORY	devskim	yes		45	no	166.65s
✅ REPOSITORY	dustilock	yes		no	no	0.78s
✅ REPOSITORY	git_diff	yes		no	no	0.03s
❌ REPOSITORY	grype	yes		79	no	63.66s
❌ REPOSITORY	kingfisher	yes		1	no	8.51s
❌ REPOSITORY	osv-scanner	yes		79	no	3.74s
❌ REPOSITORY	secretlint	yes		1	no	1.27s
✅ REPOSITORY	syft	yes		no	no	6.05s
⚠️ REPOSITORY	trivy	yes		1	no	16.23s
✅ REPOSITORY	trivy-sbom	yes		no	no	4.16s
✅ REPOSITORY	trufflehog	yes		no	no	3.73s
✅ SPELL	cspell	3		0	0	2.83s
❌ SPELL	lychee	2		1	0	0.9s
✅ YAML	prettier	1	0	0	0	0.45s
✅ YAML	v8r	1		0	0	1.45s
❌ YAML	yamllint	1		4	0	4.8s

Detailed Issues

❌ REPOSITORY / checkov - 5 errors

dockerfile scan results:

Passed checks: 77, Failed checks: 1, Skipped checks: 0

Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
	FAILED for resource: /Dockerfile.
	File: /Dockerfile:1-47
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created

		1  | ARG NODE_VERSION=lts-slim
		2  | 
		3  | FROM node:${NODE_VERSION} AS dependencies
		4  | 
		5  | WORKDIR /app
		6  | 
		7  | ENV PNPM_HOME="/pnpm"
		8  | ENV PATH="$PNPM_HOME:$PATH"
		9  | 
		10 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		11 |     --mount=type=bind,source=package.json,target=/app/package.json \
		12 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		13 |     corepack enable && \
		14 |     pnpm install --frozen-lockfile --strict-peer-dependencies
		15 | 
		16 | FROM dependencies AS builder
		17 | 
		18 | COPY --chown=node:node src/ /app/src
		19 | 
		20 | RUN --mount=type=bind,source=package.json,target=/app/package.json \
		21 |     --mount=type=bind,source=nest-cli.json,target=/app/nest-cli.json \
		22 |     --mount=type=bind,source=tsconfig.json,target=/app/tsconfig.json \
		23 |     --mount=type=bind,source=tsconfig.build.json,target=/app/tsconfig.build.json \
		24 |     pnpm build
		25 | 
		26 | FROM builder AS pruner
		27 | 
		28 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		29 |     --mount=type=bind,source=package.json,target=/app/package.json \
		30 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		31 |     pnpm prune --prod --ignore-scripts
		32 | 
		33 | FROM gcr.io/distroless/nodejs22-debian12:nonroot
		34 | 
		35 | WORKDIR /app
		36 | 
		37 | ENV PORT=3000
		38 | 
		39 | COPY --chown=nonroot:nonroot --from=pruner /app/node_modules ./node_modules
		40 | COPY --chown=nonroot:nonroot --from=builder /app/dist .
		41 | COPY --chown=nonroot:nonroot CHANGELOG.md LICENSE package.json /app/
		42 | 
		43 | EXPOSE ${PORT}
		44 | 
		45 | HEALTHCHECK --interval=30s --timeout=2s --start-period=10s --retries=2 CMD [ "/nodejs/bin/node", "bin/health-checker.js" ]
		46 | 
		47 | CMD ["main.js"]
github_actions scan results:

Passed checks: 212, Failed checks: 4, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CodeQL)
	File: /.github/workflows/codeql-analysis.yml:27-28
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Release)
	File: /.github/workflows/release.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Publish)
	File: /.github/workflows/publish.yml:11-12
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CI)
	File: /.github/workflows/ci.yml:0-1

❌ REPOSITORY / devskim - 45 errors

cation":{"uri":"pnpm-lock.yaml"},"region":{"startLine":4995,"startColumn":107,"endLine":4995,"endColumn":110,"charOffset":225853,"charLength":3,"snippet":{"text":"mD4","rendered":{"text":"mD4","markdown":"`mD4`"}},"sourceLanguage":"yaml"}}}],"fixes":[],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS126858","level":"error","message":{"text":"Weak/Broken Hash Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"pnpm-lock.yaml"},"region":{"startLine":3709,"startColumn":107,"endLine":3709,"endColumn":110,"charOffset":166588,"charLength":3,"snippet":{"text":"mD2","rendered":{"text":"mD2","markdown":"`mD2`"}},"sourceLanguage":"yaml"}}}],"fixes":[],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS126858","level":"error","message":{"text":"Weak/Broken Hash Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"pnpm-lock.yaml"},"region":{"startLine":3266,"startColumn":101,"endLine":3266,"endColumn":104,"charOffset":147164,"charLength":3,"snippet":{"text":"Md4","rendered":{"text":"Md4","markdown":"`Md4`"}},"sourceLanguage":"yaml"}}}],"fixes":[],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS126858","level":"error","message":{"text":"Weak/Broken Hash Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"pnpm-lock.yaml"},"region":{"startLine":1257,"startColumn":109,"endLine":1257,"endColumn":112,"charOffset":57697,"charLength":3,"snippet":{"text":"mD4","rendered":{"text":"mD4","markdown":"`mD4`"}},"sourceLanguage":"yaml"}}}],"fixes":[],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS126858","level":"error","message":{"text":"Weak/Broken Hash Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"pnpm-lock.yaml"},"region":{"startLine":950,"startColumn":91,"endLine":950,"endColumn":94,"charOffset":43402,"charLength":3,"snippet":{"text":"mD5","rendered":{"text":"mD5","markdown":"`mD5`"}},"sourceLanguage":"yaml"}}}],"fixes":[],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS126858","level":"error","message":{"text":"Weak/Broken Hash Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"pnpm-lock.yaml"},"region":{"startLine":902,"startColumn":61,"endLine":902,"endColumn":64,"charOffset":41149,"charLength":3,"snippet":{"text":"Md5","rendered":{"text":"Md5","markdown":"`Md5`"}},"sourceLanguage":"yaml"}}}],"fixes":[],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS197836","level":"error","message":{"text":"Do not take the hash of low-entropy content."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"pnpm-lock.yaml"},"region":{"startLine":714,"startColumn":28,"endLine":714,"endColumn":53,"charOffset":31882,"charLength":25,"snippet":{"text":"sha512-hO+ga+uYZ/WA4OtiME","rendered":{"text":"sha512-hO+ga+uYZ/WA4OtiME","markdown":"`sha512-hO+ga+uYZ/WA4OtiME`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Cryptography.HashAlgorithm.InsufficientEntropy"],"DevSkimSeverity":"Important","DevSkimConfidence":"High"}},{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".devcontainer/docker-compose.yml"},"region":{"startLine":24,"startColumn":50,"endLine":24,"endColumn":59,"charOffset":717,"charLength":9,"snippet":{"text":"localhost","rendered":{"text":"localhost","markdown":"`localhost`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Hygiene.Network.AccessingLocalhost"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}}],"columnKind":"utf16CodeUnits"}]}

(Truncated to last 4000 characters out of 313712)

❌ REPOSITORY / grype - 79 errors

2.3.1      2.3.2     npm   GHSA-3v7f-55p6-f55p  Medium    0.4% (32nd)  0.2    
picomatch             4.0.1      4.0.4     npm   GHSA-3v7f-55p6-f55p  Medium    0.4% (32nd)  0.2    
multer                2.0.2      2.2.0     npm   GHSA-72gw-mp4g-v24j  High      0.3% (19th)  0.2    
qs                    6.14.0     6.14.1    npm   GHSA-6rw7-vpxm-498p  Medium    0.4% (32nd)  0.2    
js-yaml               3.14.1     3.14.2    npm   GHSA-mh29-5h37-fv8m  Medium    0.4% (28th)  0.2    
js-yaml               4.1.0      4.1.1     npm   GHSA-mh29-5h37-fv8m  Medium    0.4% (28th)  0.2    
lodash                4.17.21    4.17.23   npm   GHSA-xxjr-mmjv-4gpg  Medium    0.3% (23rd)  0.2    
lodash-es             4.17.21    4.17.23   npm   GHSA-xxjr-mmjv-4gpg  Medium    0.3% (23rd)  0.2    
uuid                  9.0.1      11.1.1    npm   GHSA-w5hq-g745-h8pq  Medium    0.3% (22nd)  0.2    
lodash                4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (21st)  0.2    
lodash                4.17.23    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (21st)  0.2    
lodash-es             4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (21st)  0.2    
qs                    6.14.0     6.14.2    npm   GHSA-w7fw-mjwx-w883  Low       0.5% (37th)  0.2    
diff                  4.0.2      4.0.4     npm   GHSA-73rr-hh4g-fpgx  Low       0.5% (39th)  0.1    
jws                   3.2.2      3.2.3     npm   GHSA-869p-cjfg-cm3x  High      0.2% (9th)   0.1    
qs                    6.14.0     6.15.2    npm   GHSA-q8mj-m7cp-5q26  Medium    0.3% (18th)  0.1    
qs                    6.15.0     6.15.2    npm   GHSA-q8mj-m7cp-5q26  Medium    0.3% (18th)  0.1    
multer                2.0.2      2.2.0     npm   GHSA-3p4h-7m6x-2hcm  Medium    0.3% (19th)  0.1    
@nestjs/core          10.4.22    11.1.18   npm   GHSA-36xv-jgw5-4q75  Medium    0.2% (14th)  0.1    
undici                7.22.0     7.28.0    npm   GHSA-pr7r-676h-xcf6  Medium    0.2% (13th)  0.1    
undici                6.23.0     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    0.3% (16th)  0.1    
undici                7.22.0     7.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    0.3% (16th)  0.1    
brace-expansion       1.1.11     1.1.12    npm   GHSA-v6h2-p8h4-qcjw  Low       0.4% (35th)  0.1    
brace-expansion       2.0.1      2.0.2     npm   GHSA-v6h2-p8h4-qcjw  Low       0.4% (35th)  0.1    
brace-expansion       5.0.4      5.0.6     npm   GHSA-jxxr-4gwj-5jf2  Medium    0.2% (10th)  0.1    
undici                6.23.0     6.27.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.2% (10th)  0.1    
undici                7.22.0     7.28.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.2% (10th)  0.1    
tmp                   0.0.33     0.2.4     npm   GHSA-52f5-9888-hmc6  Low       0.3% (22nd)  < 0.1  
webpack               5.97.1     5.104.0   npm   GHSA-38r7-794h-5758  Low       0.2% (9th)   < 0.1  
webpack               5.97.1     5.104.1   npm   GHSA-8fgc-7cc6-rx7x  Low       0.2% (9th)   < 0.1  
undici                6.23.0     6.27.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (9th)   < 0.1  
undici                7.22.0     7.28.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (9th)   < 0.1  
undici                6.23.0     6.27.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (7th)   < 0.1  
undici                7.22.0     7.28.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (7th)   < 0.1  
serialize-javascript  6.0.1      7.0.3     npm   GHSA-5c6j-r48x-rmvq  High      N/A          N/A    
follow-redirects      1.15.9     1.16.0    npm   GHSA-r4q5-vmmm-2653  Medium    N/A          N/A    
js-yaml               3.14.1     4.2.0     npm   GHSA-h67p-54hq-rp68  Medium    N/A          N/A    
js-yaml               4.1.0      4.2.0     npm   GHSA-h67p-54hq-rp68  Medium    N/A          N/A    
@babel/core           7.27.4     7.29.6    npm   GHSA-4x5r-pxfx-6jf8  Low       N/A          N/A
[0063] ERROR discovered vulnerabilities at or above the severity threshold

(Truncated to last 4000 characters out of 8295)

❌ REPOSITORY / kingfisher - 1 error

New Kingfisher release 1.103.0 available
 INFO kingfisher: Launching with 8 concurrent scan jobs. Use --num-jobs to override.
 INFO kingfisher::rule_loader: Loaded 921 rules
 INFO kingfisher::scanner::runner: Starting secret validation phase...
POSTGRES URL WITH HARDCODED PASSWORD => [KINGFISHER.POSTGRES.1]
 |Finding.......: [REDACTED:5553318a]
 |Fingerprint...: 2034115162828868254
 |Confidence....: medium
 |Entropy.......: 3.87
 |Validation....: Inactive Credential
 |__Response....: Postgres connection failed.
 |Language......: YAML
 |Line Num......: 24
 |Path..........: ./.devcontainer/docker-compose.yml


==========================================
Scan Summary:
==========================================
 |Findings....................: 1
 |__Successful Validations....: 0
 |__Failed Validations........: 1
 |__Skipped Validations.......: 0
 |Rules Applied...............: 921
 |__Blobs Scanned.............: 225
 |Bytes Scanned...............: 8.18 MiB
 |Scan Duration...............: 121ms 413us 363ns
 |Scan Date...................: 2026-06-20 21:37:16 +00:00
 |Kingfisher Version..........: 1.99.0
 |__Latest Version............: 1.103.0
New Kingfisher release 1.103.0 available

❌ SPELL / lychee - 1 error

📝 Summary
---------------------
🔍 Total............7
🔗 Unique...........4
✅ Successful.......1
⏳ Timeouts.........0
🔀 Redirected.......1
👻 Excluded.........5
❓ Unknown..........0
🚫 Errors...........1
⛔ Unsupported......1

Errors in pnpm-lock.yaml
[403] https://www.npmjs.com/support (at 2286:65) | Rejected status code: 403 Forbidden

Hint: Followed 1 redirect. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: You can configure accepted/rejected response codes with `-a` or `--accept`

❌ REPOSITORY / osv-scanner - 79 errors

| https://osv.dev/GHSA-q8mj-m7cp-5q26 | 6.3  | npm       | qs                   | 6.15.0  | 6.15.2        | pnpm-lock.yaml |
| https://osv.dev/GHSA-5c6j-r48x-rmvq | 8.1  | npm       | serialize-javascript | 6.0.1   | 7.0.3         | pnpm-lock.yaml |
| https://osv.dev/GHSA-76p7-773f-r4q5 | 5.4  | npm       | serialize-javascript | 6.0.1   | 6.0.2         | pnpm-lock.yaml |
| https://osv.dev/GHSA-qj8w-gfj5-8c6v | 5.9  | npm       | serialize-javascript | 6.0.1   | 7.0.5         | pnpm-lock.yaml |
| https://osv.dev/GHSA-52f5-9888-hmc6 | 2.5  | npm       | tmp                  | 0.0.33  | 0.2.4         | pnpm-lock.yaml |
| https://osv.dev/GHSA-ph9p-34f9-6g65 | 7.7  | npm       | tmp                  | 0.0.33  | 0.2.6         | pnpm-lock.yaml |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-35p6-xmwp-9g52 | 3.7  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-f269-vfmq-vjvj | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-g8m3-5g58-fq7m | 3.7  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-p88m-4jfj-68fv | 5.9  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-35p6-xmwp-9g52 | 3.7  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-f269-vfmq-vjvj | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-g8m3-5g58-fq7m | 3.7  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-p88m-4jfj-68fv | 5.9  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-phc3-fgpg-7m6h | 5.9  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-pr7r-676h-xcf6 | 5.9  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-w5hq-g745-h8pq | 7.5  | npm       | uuid                 | 9.0.1   | 11.1.1        | pnpm-lock.yaml |
| https://osv.dev/GHSA-38r7-794h-5758 | 3.7  | npm       | webpack              | 5.97.1  | 5.104.0       | pnpm-lock.yaml |
| https://osv.dev/GHSA-8fgc-7cc6-rx7x | 3.7  | npm       | webpack              | 5.97.1  | 5.104.1       | pnpm-lock.yaml |
| https://osv.dev/GHSA-58qx-3vcg-4xpx | 4.4  | npm       | ws                   | 8.18.1  | 8.20.1        | pnpm-lock.yaml |
| https://osv.dev/GHSA-96hv-2xvq-fx4p | 7.5  | npm       | ws                   | 8.18.1  | 8.21.0        | pnpm-lock.yaml |
+-------------------------------------+------+-----------+----------------------+---------+---------------+----------------+

(Truncated to last 4000 characters out of 10749)

❌ REPOSITORY / secretlint - 1 error

.devcontainer/docker-compose.yml
  24:21  error  [PostgreSQLConnection] found PostgreSQL connection string: ****************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

.github/workflows/ci.yml
  89:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string
  95:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

✖ 3 problems (3 errors, 0 warnings, 0 infos)

❌ YAML / yamllint - 4 errors

pnpm-lock.yaml
  1:1       warning  missing document start "---"  (document-start)
  40:501    error    line too long (545 > 500 characters)  (line-length)
  10064:501 error    line too long (537 > 500 characters)  (line-length)
  10199:501 error    line too long (584 > 500 characters)  (line-length)

⚠️ JSON / prettier - 1 error

[error] Cannot find package 'prettier-plugin-toml' imported from noop.js

⚠️ REPOSITORY / trivy - 1 error

│        │                   │ 6.15.2                                                  │ ### Summary `qs.stringify` throws `TypeError` when called    │
│                 │                │          │        │                   │                                                         │ with `arr...                                                 │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-8723                    │
│                 ├────────────────┼──────────┤        │                   ├─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2026-2391  │ LOW      │        │                   │ 6.14.2                                                  │ qs: qs's arrayLimit bypass in comma parsing allows denial of │
│                 │                │          │        │                   │                                                         │ service                                                      │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-2391                    │
├─────────────────┼────────────────┼──────────┤        ├───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ uuid            │ CVE-2026-41907 │ MEDIUM   │        │ 9.0.1             │ 11.1.1, 12.0.1, 13.0.1                                  │ uuid: uuid: Out-of-bounds write vulnerability impacts data   │
│                 │                │          │        │                   │                                                         │ integrity and confidentiality                                │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-41907                   │
└─────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────┘

.devcontainer/Dockerfile (dockerfile)
=====================================
Tests: 27 (SUCCESSES: 25, FAILURES: 2)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────


DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds-0026
────────────────────────────────────────



Dockerfile (dockerfile)
=======================
Tests: 27 (SUCCESSES: 26, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────



📣 Notices:
  - Version 0.71.2 of Trivy is now available, current version is 0.70.0

To suppress version checks, run Trivy scans with the --skip-version-check flag

(Truncated to last 4000 characters out of 24036)

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository

kodiakhq · 2026-03-06T00:40:47Z

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.

renovate Bot added the automerge Auto merge PR with Kodiak label Mar 23, 2025

renovate Bot enabled auto-merge (rebase) March 23, 2025 18:29

kodiakhq Bot approved these changes Mar 23, 2025

View reviewed changes

renovate Bot force-pushed the renovate/hibp-15.x branch 4 times, most recently from 77900df to d553c62 Compare March 24, 2025 22:14

kodiakhq Bot removed the automerge Auto merge PR with Kodiak label Mar 24, 2025

renovate Bot force-pushed the renovate/hibp-15.x branch 12 times, most recently from 604036d to 1ee5ea1 Compare April 1, 2025 01:37

renovate Bot force-pushed the renovate/hibp-15.x branch 8 times, most recently from a987e5f to 8e11e2c Compare April 5, 2025 06:10

renovate Bot force-pushed the renovate/hibp-15.x branch 13 times, most recently from 6369e8a to d82d065 Compare April 25, 2025 22:54

renovate Bot force-pushed the renovate/hibp-15.x branch 10 times, most recently from 891718a to 2aebd18 Compare May 3, 2025 01:38

renovate Bot force-pushed the renovate/hibp-15.x branch 4 times, most recently from 662badf to 39446f4 Compare May 5, 2025 22:31

fix(deps): update dependency hibp to v15

5d7b350

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency hibp to v15#1480

fix(deps): update dependency hibp to v15#1480
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/hibp-15.x

renovate Bot commented Mar 23, 2025 •

edited

Loading

Uh oh!

github-actions Bot commented Mar 23, 2025 •

edited

Loading

Uh oh!

kodiakhq Bot commented Mar 24, 2025

Uh oh!

github-actions Bot commented Mar 3, 2026 •

edited

Loading

Uh oh!

kodiakhq Bot commented Mar 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

renovate Bot commented Mar 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v15.2.1

Patch Changes

v15.2.0

Minor Changes

v15.1.0

Minor Changes

Patch Changes

v15.0.1

Patch Changes

v15.0.0

Major Changes

Minor Changes

Configuration

Uh oh!

github-actions Bot commented Mar 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🦙 MegaLinter status: ❌ ERROR

Uh oh!

kodiakhq Bot commented Mar 24, 2025

Uh oh!

github-actions Bot commented Mar 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

❌MegaLinter analysis: Error

Detailed Issues

Notices

Uh oh!

kodiakhq Bot commented Mar 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate Bot commented Mar 23, 2025 •

edited

Loading

`v15.2.1`

`v15.2.0`

`v15.1.0`

`v15.0.1`

`v15.0.0`

github-actions Bot commented Mar 23, 2025 •

edited

Loading

github-actions Bot commented Mar 3, 2026 •

edited

Loading