Antonio-Maranhao opened a new pull request, #1475: URL: https://github.com/apache/couchdb-fauxton/pull/1475
## Overview Address CVEs identified by `npm audit` on @babel/helpers, @babel/runtime, axios and serialize-javascript: ``` @babel/helpers <7.26.10 Severity: moderate Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups - https://github.com/advisories/GHSA-968p-4wvh-cqc8 fix available via `npm audit fix` node_modules/@babel/helpers @babel/runtime <7.26.10 Severity: moderate Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups - https://github.com/advisories/GHSA-968p-4wvh-cqc8 fix available via `npm audit fix` node_modules/@babel/runtime axios <1.8.2 Severity: high axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6 fix available via `npm audit fix` node_modules/axios serialize-javascript 6.0.0 - 6.0.1 Severity: moderate Cross-site Scripting (XSS) in serialize-javascript - https://github.com/advisories/GHSA-76p7-773f-r4q5 fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/serialize-javascript mocha 9.0.2 - 10.5.2 Depends on vulnerable versions of serialize-javascript node_modules/mocha nightwatch 0.2.3-preview.1 || >=2.0.0-alpha.1 Depends on vulnerable versions of mocha node_modules/nightwatch 6 vulnerabilities (5 moderate, 1 high) ``` ## Testing recommendations CI should pass ## GitHub issue number n/a ## Related Pull Requests n/a ## Checklist - [x] Code is written and works correctly; - [x] Changes are covered by tests; - [ ] Documentation reflects the changes; - [ ] Update [rebar.config.script](https://github.com/apache/couchdb/blob/main/rebar.config.script) with the correct tag once a new Fauxton release is made -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
