Adds triage artifacts for 27 open Dependabot alerts across package-lock.json (all development-scope transitive dependencies).
Alert summary
Severity
Package
Alert count
High
tar
12 (#51, #50, #45, #43, #41, #40, #36, #35, #20 , #17 , #16 )
Critical
minimist
2 (#23 , #22 )
Critical
fsevents
1 (#26)
High
minimist
2 (#14 , #13 )
High
lodash
2 (#27, #6 )
High
minimatch
1 (#49)
High
braces
1 (#30)
High
decode-uri-component
1 (#12 )
High
copy-props
1 (#10 )
High
y18n
1 (#5 )
High
ini
1 (#4 )
Medium
lodash
1 (#42)
Medium
yargs-parser
1 (#3 )
Low
es5-ext
1 (#29)
Ownership
All vulnerable packages are transitive dev dependencies introduced via gulp (direct devDependency) or node-elm-compiler (direct devDependency). The sole repository contributor Justin Leis (justin.leis@webewizard.com) is the recommended owner for all alerts.
Changed files
27 new triage artifacts added under .triage-agent/dependabot/, no stale files removed.
Generated by Dependabot Triage Agent · ◷
Note
This was originally intended as a pull request, but the git push operation failed.
Workflow Run: View run details and download patch artifact
The patch file is available in the agent-artifacts artifact in the workflow run linked above.
To create a pull request with the changes:
# Download the artifact from the workflow run
gh run download 23099602496 -n agent-artifacts -D /tmp/agent-artifacts-23099602496
# Create a new branch
git checkout -b dependabot-triage-2026-03-15-cf878d657b192708
# Apply the patch (--3way handles cross-repo patches where files may already exist)
git am --3way /tmp/agent-artifacts-23099602496/aw-dependabot-triage-2026-03-15.patch
# Push the branch to origin
git push origin dependabot-triage-2026-03-15-cf878d657b192708
# Create the pull request
gh pr create --title ' chore: update dependabot triage output' --base master --head dependabot-triage-2026-03-15-cf878d657b192708 --repo WebeWizard/lib-webe
Show patch preview (500 of 1336 lines)
From fa7fa067b96e36d59799bc7b60cc6fdabb41a4f1 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Sun, 15 Mar 2026 00:28:06 +0000
Subject: [PATCH] chore: update dependabot triage output
Add triage artifacts for 27 open Dependabot alerts covering:
- tar (12 alerts: #51, #50, #45, #43, #41, #40, #36, #35, #20, #17, #16)
- minimist (4 alerts: #23, #22, #14, #13)
- lodash (3 alerts: #42, #27, #6)
- minimatch (#49), braces (#30), es5-ext (#29), fsevents (#26),
decode-uri-component (#12), copy-props (#10), y18n (#5), ini (#4),
yargs-parser (#3)
All packages are transitive dev dependencies introduced via gulp or
node-elm-compiler. Recommended owner: Justin Leis.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
.../dependabot/alert-10-copy-props.json | 41 ++++++++++++++++++
.../alert-12-decode-uri-component.json | 41 ++++++++++++++++++
.../dependabot/alert-13-minimist.json | 41 ++++++++++++++++++
.../dependabot/alert-14-minimist.json | 41 ++++++++++++++++++
.triage-agent/dependabot/alert-16-tar.json | 41 ++++++++++++++++++
.triage-agent/dependabot/alert-17-tar.json | 41 ++++++++++++++++++
.triage-agent/dependabot/alert-20-tar.json | 41 ++++++++++++++++++
.../dependabot/alert-22-minimist.json | 41 ++++++++++++++++++
.../dependabot/alert-23-minimist.json | 41 ++++++++++++++++++
.../dependabot/alert-26-fsevents.json | 41 ++++++++++++++++++
.triage-agent/dependabot/alert-27-lodash.json | 39 +++++++++++++++++
.../dependabot/alert-29-es5-ext.json | 41 ++++++++++++++++++
.../dependabot/alert-3-yargs-parser.json | 41 ++++++++++++++++++
.triage-agent/dependabot/alert-30-braces.json | 41 ++++++++++++++++++
.triage-agent/dependabot/alert-35-tar.json | 41 ++++++++++++++++++
.triage-agent/dependabot/alert-36-tar.json | 41 ++++++++++++++++++
.triage-agent/dependabot/alert-4-ini.json | 41 +++++++++++++++
... (truncated)
Adds triage artifacts for 27 open Dependabot alerts across
package-lock.json(all development-scope transitive dependencies).Alert summary
tarminimistfseventsminimistlodashminimatchbracesdecode-uri-componentcopy-propsy18ninilodashyargs-parseres5-extOwnership
All vulnerable packages are transitive dev dependencies introduced via
gulp(direct devDependency) ornode-elm-compiler(direct devDependency). The sole repository contributor Justin Leis (justin.leis@webewizard.com) is the recommended owner for all alerts.Changed files
27 new triage artifacts added under
.triage-agent/dependabot/, no stale files removed.Note
This was originally intended as a pull request, but the git push operation failed.
Workflow Run: View run details and download patch artifact
The patch file is available in the
agent-artifactsartifact in the workflow run linked above.To create a pull request with the changes:
Show patch preview (500 of 1336 lines)