Chore(deps): Bump json-schema and jsprim in /pyinstaller/electron #1915

An automation triggered a pipeline warning

Found 95 vulnerabilities. An additional 0 vulnerabilities have been marked as unaffected.

Output from Automations

4 rules were checked:

If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group admins by email

✔️ The rule did not trigger. Manage rule

If a new dependency is added where the license risk is at least medium
then notify all users in the group admins by email

📤 The rule triggered for the following dependencies, causing an email notification. Manage rule

Dependency	Dependency Licenses
certifi (pypi)	MPL-2.0
chardet (pypi)	LGPL-2.1-only
chardet (pypi)	LGPL-2.1-only
hidapi (pypi)	GPL-3.0-only
numpy (pypi)	Zlib
numpy (pypi)	Zlib
pathspec (pypi)	MPL-2.0

If there is a dependency where the license risk is at least high
then send a pipeline warning

⚠️ The rule triggered for the following dependencies, causing a pipeline warning. Manage rule

Dependency	Dependency Licenses
hidapi (pypi)	GPL-3.0-only
libusb1 (pypi)	LGPL-2.1-or-later
numpy (pypi)	Zlib
numpy (pypi)	Zlib
pyinstaller (pypi)	GPL-2.0-only
pyinstaller (pypi)	GPL-2.0-only
pyinstaller-hooks-contrib (pypi)	GPL-2.0-only
python-gitlab (pypi)	LGPL-3.0-only
stem (pypi)	LGPL-3.0-only

If a dependency contains a vulnerability which has not been marked as unaffected
then send a pipeline warning

⚠️ The rule triggered for the following vulnerabilities, causing a pipeline warning. Manage rule

Vulnerability	CVSS2	CVSS3	CVSS4	Dependency	Dependency Licenses
CVE-2024-57965	N/A	9.8	N/A	axios (npm)	MIT
CVE-2023-37920	N/A	9.8	N/A	certifi (pypi)	MPL-2.0
CVE-2023-26136	N/A	9.8	N/A	tough-cookie (npm)	BSD-3-Clause
CVE-2022-29361	7.5	9.8	N/A	werkzeug (pypi)	BSD-3-Clause
CVE-2022-29247	6.8	9.8	N/A	electron (npm)	MIT
CVE-2025-7783	N/A	N/A	9.4	form-data (npm)	MIT
CVE-2025-43859	N/A	9.1	N/A	h11 (pypi)	MIT
CVE-2025-66418	N/A	7.5	8.9	urllib3 (pypi)	MIT
CVE-2025-66471	N/A	7.5	8.9	urllib3 (pypi)	MIT
CVE-2026-21441	N/A	7.5	8.9	urllib3 (pypi)	MIT
CVE-2025-66418	N/A	7.5	8.9	urllib3 (pypi)	MIT
CVE-2025-66471	N/A	7.5	8.9	urllib3 (pypi)	MIT
CVE-2026-21441	N/A	7.5	8.9	urllib3 (pypi)	MIT
CVE-2023-5217	N/A	8.8	N/A	electron (npm)	MIT
CVE-2026-32274	N/A	7.5	8.7	black (pypi)	MIT
CVE-2022-40899	N/A	7.5	8.7	future (pypi)	MIT
CVE-2026-26996	N/A	7.5	8.7	minimatch (npm)	BlueOak-1.0.0
CVE-2026-26996	N/A	7.5	8.7	minimatch (npm)	BlueOak-1.0.0
CVE-2023-29198	N/A	8.5	N/A	electron (npm)	MIT
CVE-2025-4565	N/A	5.3	8.2	protobuf (pypi)	BSD-3-Clause
CVE-2026-0994	N/A	N/A	8.2	protobuf (pypi)	BSD-3-Clause
CVE-2026-26007	N/A	6.5	8.2	cryptography (pypi)	Apache-2.0
CVE-2023-49797	N/A	7.8	N/A	pyinstaller (pypi)	GPL-2.0-only
CVE-2024-21538	N/A	7.5	7.7	cross-spawn (npm)	MIT
CVE-2025-27152	N/A	5.3	7.7	axios (npm)	MIT
CVE-2023-49083	N/A	7.5	N/A	cryptography (pypi)	Apache-2.0
CVE-2026-27903	N/A	7.5	N/A	minimatch (npm)	BlueOak-1.0.0
CVE-2024-6221	N/A	7.5	N/A	flask-cors (pypi)	MIT
CVE-2022-25883	N/A	7.5	N/A	semver (npm)	ISC
CVE-2023-50782	N/A	7.5	N/A	cryptography (pypi)	Apache-2.0
CVE-2024-39689	N/A	7.5	N/A	certifi (pypi)	MPL-2.0
CVE-2022-25883	N/A	7.5	N/A	semver (npm)	ISC
CVE-2022-25883	N/A	7.5	N/A	semver (npm)	ISC
CVE-2026-27904	N/A	7.5	N/A	minimatch (npm)	BlueOak-1.0.0
CVE-2026-25639	N/A	7.5	N/A	axios (npm)	MIT
CVE-2024-49767	N/A	7.5	N/A	werkzeug (pypi)	BSD-3-Clause
CVE-2023-30861	N/A	7.5	N/A	flask (pypi)	BSD-3-Clause
CVE-2024-6866	N/A	7.5	N/A	flask-cors (pypi)	MIT
CVE-2026-27903	N/A	7.5	N/A	minimatch (npm)	BlueOak-1.0.0
CVE-2026-27904	N/A	7.5	N/A	minimatch (npm)	BlueOak-1.0.0
CVE-2026-32597	N/A	7.5	N/A	pyjwt (pypi)	MIT
CVE-2022-25883	N/A	7.5	N/A	semver (npm)	ISC
CVE-2024-6827	N/A	7.5	N/A	gunicorn (pypi)	MIT
CVE-2024-1135	N/A	7.5	N/A	gunicorn (pypi)	MIT
CVE-2024-34069	N/A	7.5	N/A	werkzeug (pypi)	BSD-3-Clause
CVE-2023-46136	N/A	7.5	N/A	werkzeug (pypi)	BSD-3-Clause
CVE-2023-25577	N/A	7.5	N/A	werkzeug (pypi)	BSD-3-Clause
CVE-2023-43804	N/A	8.1	7.4	urllib3 (pypi)	MIT
CVE-2024-23342	N/A	7.4	N/A	ecdsa (pypi)	MIT
CVE-2023-0286	N/A	7.4	N/A	cryptography (pypi)	Apache-2.0
CVE-2024-27303	N/A	7.3	N/A	app-builder-lib (npm)	MIT
CVE-2022-29257	6.5	7.2	N/A	electron (npm)	MIT
CVE-2023-44402	N/A	7	N/A	electron (npm)	MIT
CVE-2025-59042	N/A	N/A	7	pyinstaller (pypi)	GPL-2.0-only
CVE-2024-5569	N/A	6.2	6.9	zipp (pypi)	MIT
CVE-2024-3651	N/A	7.5	6.9	idna (pypi)	BSD-3-Clause
CVE-2025-13465	N/A	5.3	6.9	lodash (npm)	MIT
CVE-2023-23931	N/A	6.5	6.9	cryptography (pypi)	Apache-2.0
CVE-2023-39956	N/A	6.6	N/A	electron (npm)	MIT
CVE-2024-28849	N/A	6.5	N/A	follow-redirects (npm)	MIT
CVE-2023-45857	N/A	6.5	N/A	axios (npm)	MIT
CVE-2024-37891	N/A	6.5	N/A	urllib3 (pypi)	MIT
CVE-2026-27199	N/A	5.3	6.3	werkzeug (pypi)	BSD-3-Clause
CVE-2026-21860	N/A	5.3	6.3	werkzeug (pypi)	BSD-3-Clause
CVE-2025-66221	N/A	5.3	6.3	werkzeug (pypi)	BSD-3-Clause
CVE-2024-49766	N/A	5.3	6.3	werkzeug (pypi)	BSD-3-Clause
CVE-2025-15284	N/A	3.7	6.3	qs (npm)	BSD-3-Clause
CVE-2022-36077	N/A	6.1	N/A	electron (npm)	MIT
CVE-2025-50181	N/A	6.1	N/A	urllib3 (pypi)	MIT
CVE-2025-50181	N/A	6.1	N/A	urllib3 (pypi)	MIT
CVE-2023-28155	N/A	6.1	N/A	@cypress/request (npm)	Apache-2.0
CVE-2024-22195	N/A	6.1	N/A	jinja2 (pypi)	BSD-3-Clause
CVE-2023-26159	N/A	6.1	N/A	follow-redirects (npm)	MIT
CVE-2023-28155	N/A	6.1	N/A	request (npm)	Apache-2.0
CVE-2025-55305	N/A	6.1	N/A	electron (npm)	MIT
CVE-2023-32681	N/A	6.1	N/A	requests (pypi)	Apache-2.0
CVE-2023-45803	N/A	4.2	5.7	urllib3 (pypi)	MIT
CVE-2024-35195	N/A	5.6	N/A	requests (pypi)	Apache-2.0
CVE-2024-0727	N/A	5.5	N/A	cryptography (pypi)	Apache-2.0
CVE-2024-34064	N/A	5.4	N/A	jinja2 (pypi)	BSD-3-Clause
CVE-2024-56201	N/A	8.8	5.4	jinja2 (pypi)	BSD-3-Clause
CVE-2024-56326	N/A	7.8	5.4	jinja2 (pypi)	BSD-3-Clause
CVE-2025-27516	N/A	8.8	5.4	jinja2 (pypi)	BSD-3-Clause
CVE-2024-6844	N/A	5.3	N/A	flask-cors (pypi)	MIT
CVE-2024-21503	N/A	5.3	N/A	black (pypi)	MIT
CVE-2025-64718	N/A	5.3	N/A	js-yaml (npm)	MIT
CVE-2024-6839	N/A	5.3	N/A	flask-cors (pypi)	MIT
CVE-2024-1681	N/A	5.3	N/A	flask-cors (pypi)	MIT
CVE-2017-16137	5	5.3	N/A	debug (npm)	MIT
CVE-2017-16137	5	5.3	N/A	debug (npm)	MIT
CVE-2017-16137	5	5.3	N/A	debug (npm)	MIT
CVE-2024-47081	N/A	5.3	N/A	requests (pypi)	Apache-2.0
CVE-2022-33987	5	5.3	N/A	got (npm)	MIT
CVE-2025-54798	N/A	5.3	N/A	tmp (npm)	MIT
CVE-2024-46993	N/A	N/A	4.4	electron (npm)	MIT
CVE-2024-33883	N/A	4	N/A	ejs (npm)	Apache-2.0
CVE-2023-23934	N/A	3.5	N/A	werkzeug (pypi)	BSD-3-Clause
CVE-2025-69873	N/A	2.9	N/A	ajv (npm)	MIT
CVE-2026-27205	N/A	4.3	2.3	flask (pypi)	BSD-3-Clause
CVE-2025-5889	2.1	3.1	1.3	brace-expansion (npm)	MIT
CVE-2025-5889	2.1	3.1	1.3	brace-expansion (npm)	MIT
GMS-2023-1778	N/A	N/A	N/A	cryptography (pypi)	Apache-2.0
debricked-234888	N/A	N/A	N/A	cryptography (pypi)	Apache-2.0
debricked-234887	N/A	N/A	N/A	cryptography (pypi)	Apache-2.0
GHSA-jm77-qphf-c4w8	N/A	N/A	N/A	cryptography (pypi)	Apache-2.0
debricked-228740	N/A	N/A	N/A	cryptography (pypi)	Apache-2.0
debricked-224116	N/A	N/A	N/A	cryptography (pypi)	Apache-2.0
debricked-219246	N/A	N/A	N/A	cryptography (pypi)	Apache-2.0
debricked-234886	N/A	N/A	N/A	cryptography (pypi)	Apache-2.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Chore(deps): Bump json-schema and jsprim in /pyinstaller/electron #1915

Uh oh!

Uh oh!

Chore(deps): Bump json-schema and jsprim in /pyinstaller/electron #1915

Uh oh!

An automation triggered a pipeline warning

Output from Automations

4 rules were checked:

Re-running checks...

Chore(deps): Bump json-schema and jsprim in /pyinstaller/electron #1915

Uh oh!

Merge branch 'master' into dependabot/npm_and_yarn/pyinstaller/electr…

Uh oh!

Chore(deps): Bump json-schema and jsprim in /pyinstaller/electron #1915

Uh oh!

An automation triggered a pipeline warning

Output from Automations

4 rules were checked:

Re-running checks...