Skip to content

[Snyk] Security upgrade webpack from 4.38.0 to 5.94.0#3227

Merged
zerbitx merged 2 commits intomainfrom
snyk-fix-f751488a3fc336dc00254cbb4cac6477
Apr 23, 2026
Merged

[Snyk] Security upgrade webpack from 4.38.0 to 5.94.0#3227
zerbitx merged 2 commits intomainfrom
snyk-fix-f751488a3fc336dc00254cbb4cac6477

Conversation

@lizardruss
Copy link
Copy Markdown
Collaborator

@lizardruss lizardruss commented Apr 23, 2026

snyk-top-banner

Snyk has created this PR to fix 13 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • ui/package.json
  • ui/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Use of a Cryptographic Primitive with a Risky Implementation
SNYK-JS-ELLIPTIC-14908844		   ****  
medium severity Cross-site Scripting (XSS)
SNYK-JS-WEBPACK-7840298		   ****  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-15309438		   756  
high severity Inefficient Algorithmic Complexity
SNYK-JS-MINIMATCH-15353389		   756  
high severity Excessive Platform Resource Consumption within a Loop
SNYK-JS-BRACES-6838727		   696  
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		   631  
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		   589  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		   586  
high severity Infinite loop
SNYK-JS-BRACEEXPANSION-15789759		   569  
high severity Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		   492  
medium severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		   479  
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607		   412  
high severity Allocation of Resources Without Limits or Throttling
SNYK-JS-SERIALIZEJAVASCRIPT-15809196		   410  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Allocation of Resources Without Limits or Throttling
🦉 Arbitrary Code Injection
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: ui/package.json & ui/package-lock.json to reduce vulnerabilities
8b584a6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844
- https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-15309438
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-15353389
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-15789759
- https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607
- https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-15809196
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 23, 2026
edited
Loading

Deploy Preview for devspace-docs canceled.

Name Link
🔨 Latest commit c26a41f
🔍 Latest deploy log https://app.netlify.com/projects/devspace-docs/deploys/69ea6f6e70dc7100085ce620

@zerbitx zerbitx merged commit 4342d75 into main Apr 23, 2026
4 of 8 checks passed
@zerbitx zerbitx deleted the snyk-fix-f751488a3fc336dc00254cbb4cac6477 branch April 23, 2026 19:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FabianKramm FabianKramm Awaiting requested review from FabianKramm

@LukasGentele LukasGentele Awaiting requested review from LukasGentele

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lizardruss @zerbitx @snyk-bot