Update dependency actions-toolkit to v3 #24

Security Report

You have successfully remediated 15 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue	Reachability
CVE-2025-25290 Path to dependency file: /openapi-release/package.json Path to vulnerable library: /openapi-release/package.json Dependency Hierarchy: -> actions-toolkit-3.0.2.tgz (Root Library) -> graphql-4.8.0.tgz -> ❌ request-5.6.3.tgz (Vulnerable Library)	Medium	5.3	`Transitive` request-5.6.3.tgz	actions-toolkit-3.0.2.tgz	`Transitive` 8.4.1	None	Unreachable
CVE-2025-25289 Path to dependency file: /openapi-release/package.json Path to vulnerable library: /openapi-release/package.json Dependency Hierarchy: -> actions-toolkit-3.0.2.tgz (Root Library) -> graphql-4.8.0.tgz -> request-5.6.3.tgz -> ❌ request-error-2.1.0.tgz (Vulnerable Library)	Medium	5.3	`Transitive` request-error-2.1.0.tgz	actions-toolkit-3.0.2.tgz	`Transitive` 5.1.1	None	Unreachable
CVE-2025-25289 Path to dependency file: /openapi-release/package.json Path to vulnerable library: /openapi-release/package.json Dependency Hierarchy: -> actions-toolkit-3.0.2.tgz (Root Library) -> rest-16.43.2.tgz -> ❌ request-error-1.2.1.tgz (Vulnerable Library)	Medium	5.3	`Transitive` request-error-1.2.1.tgz	actions-toolkit-3.0.2.tgz	`Transitive` 5.1.1	None	Unreachable
CVE-2025-25288 Path to dependency file: /openapi-release/package.json Path to vulnerable library: /openapi-release/package.json Dependency Hierarchy: -> actions-toolkit-3.0.2.tgz (Root Library) -> rest-16.43.2.tgz -> ❌ plugin-paginate-rest-1.1.2.tgz (Vulnerable Library)	Medium	5.3	`Transitive` plugin-paginate-rest-1.1.2.tgz	actions-toolkit-3.0.2.tgz	`Transitive` 9.2.2	None	Unreachable
CVE-2025-25285 Path to dependency file: /openapi-release/package.json Path to vulnerable library: /openapi-release/package.json Dependency Hierarchy: -> actions-toolkit-3.0.2.tgz (Root Library) -> graphql-4.8.0.tgz -> request-5.6.3.tgz -> ❌ endpoint-6.0.12.tgz (Vulnerable Library)	Medium	5.3	`Transitive` endpoint-6.0.12.tgz	actions-toolkit-3.0.2.tgz	`Transitive` @octokit/endpoint - 9.0.6,@octokit/endpoint - 10.1.3	None	Unreachable
CVE-2025-22150 Path to dependency file: /openapi-release/package.json Path to vulnerable library: /openapi-release/package.json Dependency Hierarchy: -> actions-toolkit-3.0.2.tgz (Root Library) -> core-1.11.1.tgz -> http-client-2.2.3.tgz -> ❌ undici-5.29.0.tgz (Vulnerable Library)	Medium	6.8	`Transitive` undici-5.29.0.tgz	actions-toolkit-3.0.2.tgz	`Transitive` undici - 6.21.1,undici - 5.28.5,undici - 7.2.3,undici - 6.21.1,undici - 7.2.3,undici - 5.28.5	None

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-561003-132867	tmp-0.0.33.tgz
CVE-2022-37598	uglify-js-3.7.1.tgz
GHSA-7fhm-mqm4-2wp7	acorn-6.4.0.tgz
CVE-2025-54798	tmp-0.0.33.tgz
GHSA-7fhm-mqm4-2wp7	minimist-1.2.0.tgz
GHSA-6chw-6frg-f759	acorn-6.4.0.tgz
GHSA-7fhm-mqm4-2wp7	minimist-0.0.10.tgz
CVE-2020-15366	ajv-6.10.0.tgz
CVE-2021-23337	lodash-4.17.19.tgz
GHSA-35jh-r3h4-6jhm	lodash-4.17.19.tgz
CVE-2025-25285	endpoint-5.5.0.tgz
CVE-2025-25290	request-5.3.0.tgz
CVE-2020-28500	lodash-4.17.19.tgz
CVE-2025-69873	ajv-6.10.0.tgz
GHSA-7fhm-mqm4-2wp7	minimist-0.0.8.tgz

Base branch total remaining vulnerabilities: 97
Base branch commit: 1fa94290fb5d5a75015c22faad5467200e4eff4a

Total libraries scanned: 640

Scan token: d7f8ce58ecc2441f828cc1d005e644ae

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency actions-toolkit to v3 #24

Uh oh!

Uh oh!

Update dependency actions-toolkit to v3 #24

Uh oh!

Security Report

Re-running checks...

Update dependency actions-toolkit to v3 #24

Are you sure you want to change the base?

Uh oh!

Update dependency actions-toolkit to v3

Uh oh!

Update dependency actions-toolkit to v3 #24

Uh oh!

Security Report

Re-running checks...