Skip to content

[PROD RELEASE V6] #1288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kkartunov merged 362 commits into from
Nov 2, 2025

Merge pull request #1289 from topcoder-platform/feat/v6

7b8dfb2
Select commit
Loading
Failed to load commit list.
Merged

[PROD RELEASE V6] #1288

Merge pull request #1289 from topcoder-platform/feat/v6
7b8dfb2
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy failed Nov 2, 2025 in 3s

14 new alerts including 7 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 7 high
  • 6 medium
  • 1 low

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 27 in ssl-local/local.topcoder-dev.com+2-key.pem

See this annotation in the file changed.

Code scanning / Trivy

Asymmetric Private Key High

Artifact: ssl-local/local.topcoder-dev.com+2-key.pem
Type:
Secret Asymmetric Private Key
Severity: HIGH
Match: ****************************************************************

Check failure on line 27 in ssl-local/local.topcoder-dev.com+2-key.pem.bak

See this annotation in the file changed.

Code scanning / Trivy

Asymmetric Private Key High

Artifact: ssl-local/local.topcoder-dev.com+2-key.pem.bak
Type:
Secret Asymmetric Private Key
Severity: HIGH
Match: ****************************************************************

Check failure on line 27 in ssl-local/local.topcoder.com-key.pem

See this annotation in the file changed.

Code scanning / Trivy

Asymmetric Private Key High

Artifact: ssl-local/local.topcoder.com-key.pem
Type:
Secret Asymmetric Private Key
Severity: HIGH
Match: ****************************************************************

Check notice on line 1 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

ISC in @topcoder-platform/platform-ui Low

Artifact: yarn.lock
License ISC
PkgName: notice
Classification: @topcoder-platform/platform-ui
Path: yarn.lock

Check failure on line 5749 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests High

Package: axios
Installed Version: 0.25.0
Vulnerability CVE-2025-27152
Severity: HIGH
Fixed Version: 1.8.2, 0.30.0
Link: CVE-2025-27152

Check failure on line 5749 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

axios: Axios DoS via lack of data size check High

Package: axios
Installed Version: 0.25.0
Vulnerability CVE-2025-58754
Severity: HIGH
Fixed Version: 1.12.0, 0.30.2
Link: CVE-2025-58754

Check warning on line 5749 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

axios: exposure of confidential data stored in cookies Medium

Package: axios
Installed Version: 0.25.0
Vulnerability CVE-2023-45857
Severity: MEDIUM
Fixed Version: 1.6.0, 0.28.0
Link: CVE-2023-45857

Check warning on line 7895 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling Medium

Package: dompurify
Installed Version: 2.5.8
Vulnerability CVE-2025-26791
Severity: MEDIUM
Fixed Version: 3.2.4
Link: CVE-2025-26791

Check warning on line 8527 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

esbuild enables any website to send any requests to the development server and read the response Medium

Package: esbuild
Installed Version: 0.18.20
Vulnerability GHSA-67mh-4wv8-2f99
Severity: MEDIUM
Fixed Version: 0.25.0
Link: GHSA-67mh-4wv8-2f99

Check failure on line 13766 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

node-fetch: exposure of sensitive information to an unauthorized actor High

Package: node-fetch
Installed Version: 1.7.3
Vulnerability CVE-2022-0235
Severity: HIGH
Fixed Version: 3.1.1, 2.6.7
Link: CVE-2022-0235

Check failure on line 13841 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

nodejs-nth-check: inefficient regular expression complexity High

Package: nth-check
Installed Version: 1.0.2
Vulnerability CVE-2021-3803
Severity: HIGH
Fixed Version: 2.0.1
Link: CVE-2021-3803

Check warning on line 15211 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

PostCSS: Improper input validation in PostCSS Medium

Package: postcss
Installed Version: 7.0.39
Vulnerability CVE-2023-44270
Severity: MEDIUM
Fixed Version: 8.4.31
Link: CVE-2023-44270

Check warning on line 19227 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

webpack-dev-server: webpack-dev-server information exposure Medium

Package: webpack-dev-server
Installed Version: 4.15.2
Vulnerability CVE-2025-30359
Severity: MEDIUM
Fixed Version: 5.2.1
Link: CVE-2025-30359

Check warning on line 19227 in yarn.lock

See this annotation in the file changed.

Code scanning / Trivy

webpack-dev-server: webpack-dev-server information exposure Medium

Package: webpack-dev-server
Installed Version: 4.15.2
Vulnerability CVE-2025-30360
Severity: MEDIUM
Fixed Version: 5.2.1
Link: CVE-2025-30360