Preparing for v4.9.0 release.

Author: github-actions[bot]

package.json

@@ -1,7 +1,7 @@
 {
 	"name": "@salesforce/sfdx-scanner",
 	"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
-	"version": "4.8.0",
+	"version": "4.9.0",
 	"author": "Salesforce Code Analyzer Team",
 	"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
 	"dependencies": {

retire-js/RetireJsVulns.json

@@ -4957,8 +4957,7 @@
         "identifiers": {
           "summary": "Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4",
           "CVE": [
-            "CVE-2022-31129",
-            "CVE-2023-22467"
+            "CVE-2022-31129"
           ],
           "githubID": "GHSA-wc69-rhjr-hc9g"
         },
@@ -6815,6 +6814,27 @@
           "https://github.com/vercel/next.js"
         ]
       },
+      {
+        "atOrAbove": "13.0.0",
+        "below": "13.5.8",
+        "cwe": [
+          "CWE-770"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
+          "CVE": [
+            "CVE-2024-56332"
+          ],
+          "githubID": "GHSA-7m27-7ghc-44w9"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-7m27-7ghc-44w9",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
+          "https://github.com/vercel/next.js"
+        ]
+      },
       {
         "atOrAbove": "13.4.0",
         "below": "14.1.1",
@@ -6906,6 +6926,48 @@
           "https://github.com/vercel/next.js",
           "https://github.com/vercel/next.js/releases/tag/v14.2.15"
         ]
+      },
+      {
+        "atOrAbove": "14.0.0",
+        "below": "14.2.21",
+        "cwe": [
+          "CWE-770"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
+          "CVE": [
+            "CVE-2024-56332"
+          ],
+          "githubID": "GHSA-7m27-7ghc-44w9"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-7m27-7ghc-44w9",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
+          "https://github.com/vercel/next.js"
+        ]
+      },
+      {
+        "atOrAbove": "15.0.0",
+        "below": "15.1.2",
+        "cwe": [
+          "CWE-770"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
+          "CVE": [
+            "CVE-2024-56332"
+          ],
+          "githubID": "GHSA-7m27-7ghc-44w9"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-7m27-7ghc-44w9",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
+          "https://github.com/vercel/next.js"
+        ]
       }
     ],
     "extractors": {
@@ -7867,7 +7929,6 @@
         "identifiers": {
           "summary": "PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF",
           "CVE": [
-            "CVE-2024-34342",
             "CVE-2024-4367"
           ],
           "githubID": "GHSA-wgrm-67xf-hhpq"