Skip to content

Update dependency sqlite3 to v6#17

Open
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/sqlite3-6.x
Open

Update dependency sqlite3 to v6#17
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/sqlite3-6.x

Update dependency sqlite3 to v6

f35850e
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Mar 27, 2026 in 17m 27s

Security Report

You have successfully remediated 35 vulnerabilities, but introduced 20 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-2026-33937

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/handlebars/package.json

Dependency Hierarchy:

-> hbs-4.2.0.tgz (Root Library)

   -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

Critical 9.8 Transitive handlebars-4.7.7.tgz hbs-4.2.0.tgz Transitive Upgrade to version handlebars - 4.7.9 or greater None
CVE-2026-33941

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/handlebars/package.json

Dependency Hierarchy:

-> hbs-4.2.0.tgz (Root Library)

   -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

High 8.2 Transitive handlebars-4.7.7.tgz hbs-4.2.0.tgz Transitive Upgrade to version handlebars - 4.7.9 or greater None
CVE-2026-33940

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/handlebars/package.json

Dependency Hierarchy:

-> hbs-4.2.0.tgz (Root Library)

   -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

High 8.1 Transitive handlebars-4.7.7.tgz hbs-4.2.0.tgz Transitive Upgrade to version handlebars - 4.7.9 or greater None
CVE-2026-33938

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/handlebars/package.json

Dependency Hierarchy:

-> hbs-4.2.0.tgz (Root Library)

   -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

High 8.1 Transitive handlebars-4.7.7.tgz hbs-4.2.0.tgz Transitive Upgrade to version handlebars - 4.7.9 or greater None
CVE-2026-33939

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/handlebars/package.json

Dependency Hierarchy:

-> hbs-4.2.0.tgz (Root Library)

   -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

High 7.5 Transitive handlebars-4.7.7.tgz hbs-4.2.0.tgz Transitive Upgrade to version handlebars - 4.7.9 or greater None
CVE-2026-3304

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz Upgrade to version multer - 2.1.0 or greater None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/glob/node_modules/minimatch/package.json

Dependency Hierarchy:

-> glob-10.5.0.tgz (Root Library)

   -> ❌ minimatch-9.0.9.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-9.0.9.tgz glob-10.5.0.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json

Dependency Hierarchy:

-> unzipper-0.9.15.tgz (Root Library)

   -> fstream-1.0.12.tgz

     -> rimraf-2.7.1.tgz

       -> glob-7.2.3.tgz

         -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz unzipper-0.9.15.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json

Dependency Hierarchy:

-> filesniffer-1.0.3.tgz (Root Library)

   -> filehound-1.17.6.tgz

     -> file-js-0.3.0.tgz

       -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz filesniffer-1.0.3.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/filehound/node_modules/minimatch/package.json

Dependency Hierarchy:

-> filesniffer-1.0.3.tgz (Root Library)

   -> filehound-1.17.6.tgz

     -> ❌ minimatch-5.1.9.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-5.1.9.tgz filesniffer-1.0.3.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json

Dependency Hierarchy:

-> libxmljs-1.0.11.tgz (Root Library)

   -> node-pre-gyp-1.0.11.tgz

     -> rimraf-3.0.2.tgz

       -> glob-7.2.3.tgz

         -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz libxmljs-1.0.11.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json

Dependency Hierarchy:

-> node-pre-gyp-0.15.0.tgz (Root Library)

   -> rimraf-2.7.1.tgz

     -> glob-7.2.3.tgz

       -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz node-pre-gyp-0.15.0.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json

Dependency Hierarchy:

-> grunt-contrib-compress-1.6.0.tgz (Root Library)

   -> archiver-1.3.0.tgz

     -> glob-7.2.3.tgz

       -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz grunt-contrib-compress-1.6.0.tgz Transitive 10.2.1 None
CVE-2026-2359

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz Upgrade to version multer - 2.1.0 or greater None
CVE-2025-7338

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz None
CVE-2025-48997

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.1 None
CVE-2025-47944

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.0 None
CVE-2025-47935

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.0 None
CVE-2024-47764

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/engine.io/node_modules/cookie/package.json

Dependency Hierarchy:

-> socket.io-3.1.2.tgz (Root Library)

   -> engine.io-4.1.2.tgz

     -> ❌ cookie-0.4.2.tgz (Vulnerable Library)

Medium 5.3 Transitive cookie-0.4.2.tgz socket.io-3.1.2.tgz Transitive 0.7.0 None
CVE-2026-33916

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/handlebars/package.json

Dependency Hierarchy:

-> hbs-4.2.0.tgz (Root Library)

   -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

Medium 4.7 Transitive handlebars-4.7.7.tgz hbs-4.2.0.tgz Transitive Upgrade to version handlebars - 4.7.9 or greater None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2026-26996 minimatch-5.1.6.tgz
CVE-636288-474053 on-headers-1.0.2.tgz
CVE-2025-15284 qs-6.5.3.tgz
CVE-2024-45590 body-parser-1.20.2.tgz
CVE-2025-59343 tar-fs-2.1.1.tgz
CVE-2026-2391 qs-6.5.3.tgz
CVE-2024-47764 cookie-0.6.0.tgz
CVE-2024-4067 micromatch-4.0.7.tgz
CVE-2017-18214 moment-2.0.0.tgz
CVE-2026-26996 minimatch-9.0.5.tgz
CVE-2024-29415 ip-2.0.1.tgz
CVE-2024-43796 express-4.19.2.tgz
CVE-2025-64756 glob-10.4.5.tgz
CVE-2026-3304 multer-1.4.5-lts.1.tgz
CVE-2025-47944 multer-1.4.5-lts.1.tgz
CVE-2025-5889 brace-expansion-2.0.1.tgz
CVE-2025-15284 qs-6.11.0.tgz
CVE-2024-45296 path-to-regexp-0.1.7.tgz
CVE-2025-7338 multer-1.4.5-lts.1.tgz
CVE-2025-5889 brace-expansion-1.1.11.tgz
CVE-2026-26996 minimatch-3.1.2.tgz
CVE-2024-47764 cookie-0.4.1.tgz
CVE-2025-69873 ajv-6.12.6.tgz
CVE-2022-25881 http-cache-semantics-3.8.1.tgz
CVE-2026-2391 qs-6.11.0.tgz
CVE-2025-13466 body-parser-1.20.2.tgz
CVE-2025-48997 multer-1.4.5-lts.1.tgz
CVE-2025-47935 multer-1.4.5-lts.1.tgz
CVE-2024-21538 cross-spawn-7.0.3.tgz
CVE-02026-20261 on-headers-1.0.2.tgz
CVE-121740-819191 lodash-4.17.21.tgz
CVE-2025-7339 on-headers-1.0.2.tgz
CVE-2026-2359 multer-1.4.5-lts.1.tgz
CVE-2024-52798 path-to-regexp-0.1.7.tgz
CVE-2024-43800 serve-static-1.15.0.tgz

Base branch total remaining vulnerabilities: 93
Base branch commit: null


Total libraries scanned: 981

Scan token: 4706774e78664457884e0d7e5fe7b29a

View more details on Dev - Mend for GitHub.com