Skip to content

NXT-15186: Update package dependencies to fix security vulnerabilities#263

Merged
dan-ichim-lgp merged 2 commits into
developfrom
feature/NXT-15186
Jun 30, 2026
Merged

NXT-15186: Update package dependencies to fix security vulnerabilities#263
dan-ichim-lgp merged 2 commits into
developfrom
feature/NXT-15186

Conversation

@alexandrumorariu

Copy link
Copy Markdown
Contributor

Enact-DCO-1.0-Signed-off-by: Alexandru Morariu alexandru.morariu@lgepartner.com

Checklist

  • I have read and understand the contribution guide
  • A CHANGELOG entry is included
  • At least one test case is included for this feature or bug fix
  • Documentation was added or is not needed
  • This is an API breaking change

Issue Resolved / Feature Added

I updated minor dependencies to their latest releases.

Resolution

Additional Considerations

Links

NXT-15186

Comments

@daniel-stoian-lgp daniel-stoian-lgp left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please solve this high vulnerability:

samples/. vulnerabilities check

npm audit report

picomatch <=2.3.1
Severity: high
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching - GHSA-3v7f-55p6-f55p
Picomatch has a ReDoS vulnerability via extglob quantifiers - GHSA-c2c7-rcm5-vvqj
fix available via npm audit fix
node_modules/picomatch

1 high severity vulnerability

@dan-ichim-lgp dan-ichim-lgp merged commit c4fe5d5 into develop Jun 30, 2026
5 checks passed
@dan-ichim-lgp dan-ichim-lgp deleted the feature/NXT-15186 branch June 30, 2026 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants