Skip to content

fix(deps): vuln minor upgrades — 6 packages (minor: 2 · patch: 4) [examples/typescript-stack]#615

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/npm/typescript-stack/3-1781593317
Open

fix(deps): vuln minor upgrades — 6 packages (minor: 2 · patch: 4) [examples/typescript-stack]#615
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/npm/typescript-stack/3-1781593317

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown
Contributor

Summary: High-severity security update — 6 packages upgraded (MINOR changes included)

Manifests changed:

  • examples/typescript-stack (yarn)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
minimatch 3.1.2 3.1.5 patch Transitive 6 HIGH
aws-cdk-lib 2.238.0 2.259.0 minor Direct 1 HIGH
ajv 8.12.0 8.20.0 minor Transitive 2 MEDIUM
brace-expansion 1.1.12 1.1.15 patch Transitive 2 MEDIUM
yaml 1.10.2 1.10.3 patch Transitive 2 MEDIUM
diff 4.0.2 4.0.4 patch Transitive 2 LOW

Security Details

🚨 Critical & High Severity (7 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
aws-cdk-lib GHSA-999r-qq7v-r334 HIGH aws-cdk-lib: OS Command Injection in NodejsFunction Bundling 2.238.0 2.246.0
minimatch GHSA-3ppc-4f35-3m26 HIGH minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern 3.1.2 10.2.1
minimatch CVE-2026-27904 HIGH minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions 3.1.2 -
minimatch GHSA-23c5-xmqv-rm74 HIGH minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions 3.1.2 10.2.3
minimatch CVE-2026-26996 HIGH minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern 3.1.2 -
minimatch GHSA-7r86-cg39-jmmj HIGH minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments 3.1.2 10.2.3
minimatch CVE-2026-27903 HIGH minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments 3.1.2 -
ℹ️ Other Vulnerabilities (8)
Package CVE Severity Summary Unsafe Version Fixed In
ajv CVE-2025-69873 MODERATE - 8.12.0 -
ajv GHSA-2g4f-4pwh-qvx6 MODERATE ajv has ReDoS when using $data option 8.12.0 8.18.0
brace-expansion GHSA-f886-m6hf-6m8v MODERATE brace-expansion: Zero-step sequence causes process hang and memory exhaustion 1.1.12 5.0.5
brace-expansion CVE-2026-33750 MODERATE brace-expansion: Zero-step sequence causes process hang and memory exhaustion 1.1.12 -
yaml GHSA-48c2-rrv3-qjmp MODERATE yaml is vulnerable to Stack Overflow via deeply nested YAML collections 1.10.2 2.8.3
yaml CVE-2026-33532 MODERATE yaml is vulnerable to Stack Overflow via deeply nested YAML collections 1.10.2 -
diff CVE-2026-24001 LOW jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch 4.0.2 -
diff GHSA-73rr-hh4g-fpgx LOW jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch 4.0.2 8.0.3

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@gh-worker-campaigns-3e9aa4

gh-worker-campaigns-3e9aa4 Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor Author

Auto-rebase failed

Lockfile regeneration failed during rebase onto main. Your branch was not updated. You may need to rebase and regenerate lockfiles manually.

Error details

child workflow execution error (type: engraver.Engraver_AllManagersWorkflow, workflowID: 019f1e0a-372f-77da-90f6-88845cbfe55e_57, runID: 019f1e0a-4cb5-77ac-adb9-cdeecb56c649, initiatedEventID: 57, startedEventID: 58): custom action(s) failed and produced no changes: [registry.ddbuild.io/images/engraver-custom-action:update-yarn-lockfile]


Auto-Rebase · Add no-auto-rebase to opt out

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants