Summary
The flakiness dashboard's `package-lock.json` resolves `fast-xml-builder` at `1.1.4`. This version is affected by CVE-2026-44665, where attribute values containing unwanted quotes can bypass sanitization.
Affected
- File: `utils/flakiness-dashboard/package-lock.json` (transitive dependency of `aws-sdk`)
- Current version: `1.1.4`
- Fix version: `>=1.1.7`
Fix
Run `npm update fast-xml-builder` in `utils/flakiness-dashboard/` to pull in `>=1.1.7`.
Summary
The flakiness dashboard's `package-lock.json` resolves `fast-xml-builder` at `1.1.4`. This version is affected by CVE-2026-44665, where attribute values containing unwanted quotes can bypass sanitization.
Affected
Fix
Run `npm update fast-xml-builder` in `utils/flakiness-dashboard/` to pull in `>=1.1.7`.