Skip to content

CTP-10396#326

Merged
mattloveparasoft merged 3 commits intomasterfrom
CTP-10396
Aug 15, 2025
Merged

CTP-10396#326
mattloveparasoft merged 3 commits intomasterfrom
CTP-10396

Conversation

@smathogparasoft
Copy link

@smathogparasoft smathogparasoft commented Aug 15, 2025

Update dependencies to address vulnerabilities

@mattloveparasoft
Copy link
Member

mattloveparasoft commented Aug 15, 2025

I see npm messages about a few more vulnerabilities.

$ npm audit

npm audit report

brace-expansion 1.0.0 - 1.1.11
brace-expansion Regular Expression Denial of Service vulnerability - GHSA-v6h2-p8h4-qcjw
fix available via npm audit fix
node_modules/brace-expansion

semver 7.0.0 - 7.5.1
Severity: high
semver vulnerable to Regular Expression Denial of Service - GHSA-c2qf-rxjj-qqgw
fix available via npm audit fix
node_modules/@typescript-eslint/experimental-utils/node_modules/semver
node_modules/ts-jest/node_modules/semver

tmpl <1.0.5
Severity: high
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion - GHSA-jgrx-mgxx-jf9v
fix available via npm audit fix
node_modules/tmpl

3 vulnerabilities (1 low, 2 high)

To address all issues, run:
npm audit fix

@mattloveparasoft mattloveparasoft merged commit 94bf228 into master Aug 15, 2025
1 check failed
@mattloveparasoft mattloveparasoft deleted the CTP-10396 branch August 15, 2025 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattloveparasoft mattloveparasoft mattloveparasoft approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@smathogparasoft @mattloveparasoft