Skip to content

[Snyk] Security upgrade @teselagen/ove from 0.7.21-beta.4 to 0.7.21#25

Open
bijupki wants to merge 1 commit into
mainfrom
snyk-fix-f07957eda5f4f28a895d67d166044cde
Open

[Snyk] Security upgrade @teselagen/ove from 0.7.21-beta.4 to 0.7.21#25
bijupki wants to merge 1 commit into
mainfrom
snyk-fix-f07957eda5f4f28a895d67d166044cde

Conversation

@bijupki
Copy link
Copy Markdown

@bijupki bijupki commented Jan 13, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • example-demos/oveWebpackDemo/package.json
  • example-demos/oveWebpackDemo/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELRUNTIME-10044504		   666  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: example-demos/oveWebpackDemo/package.json & example-demos/oveWeb…
0ca67bf 
…packDemo/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
@segrem25830-pki
Copy link
Copy Markdown

segrem25830-pki commented Jan 13, 2026

Logo
Checkmarx One – Scan Summary & Detailse6b0dd9e-ed43-4c42-8e58-53e3f8aa0c96

New Issues (21)

Checkmarx found the following issues in this Pull Request

# Severity Issue Source File / Package Checkmarx Insight
1 HIGH CVE-2023-45133 Npm-@babel/traverse-7.22.10
detailsRecommended version: 7.23.2
Description: Babel is a compiler for writing JavaScript. In `@babel/traverse` versions prior to 7.23.2 and 8.0.x prior to 8.0.0-alpha.4, using Babel to compile ...
Attack Vector: LOCAL
Attack Complexity: LOW
Vulnerable Package
2 HIGH CVE-2024-21536 Npm-http-proxy-middleware-2.0.6
detailsRecommended version: 2.0.9
Description: The http-proxy-middleware versions through 2.0.7-beta.0 and 3.0.0-beta.0 through 3.0.2 are vulnerable to Denial of Service (DoS) due to an "Unhandl...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
3 HIGH CVE-2024-29180 Npm-webpack-dev-middleware-5.3.3
detailsRecommended version: 5.3.4
Description: In webpack-dev-middleware versions prior to 5.3.4, 6.x.x prior to 6.1.2, and 7.0.0 the development middleware for devpack does not validate the sup...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
4 HIGH CVE-2024-45590 Npm-body-parser-1.20.1
detailsRecommended version: 1.20.3
Description: The body-parser is Node.js body parsing middleware. The body-parser package versions prior to 1.20.3 and 2.0.x prior to 2.0.0 are vulnerable to Den...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
5 HIGH CVE-2024-52798 Npm-path-to-regexp-0.1.7
detailsRecommended version: 0.1.12
Description: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploit...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
6 HIGH CVE-2025-12816 Npm-node-forge-1.3.1
detailsRecommended version: 1.3.2
Description: An interpretation-conflict (CWE-436) vulnerability in node-forge versions through 1.3.1 enables unauthenticated attackers to craft ASN.1 structures...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
7 HIGH CVE-2025-66031 Npm-node-forge-1.3.1
detailsRecommended version: 1.3.2
Description: Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in n...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
8 HIGH CVE-2026-21884 Npm-react-router-4.3.1
detailsRecommended version: 7.12.0
Description: A XSS vulnerability exists in in React Router's "" API in Framework Mode when using the "getKey/storageKey" props during Server-...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
9 HIGH CVE-2026-21884 Npm-react-router-5.3.4
detailsRecommended version: 7.12.0
Description: A XSS vulnerability exists in in React Router's "" API in Framework Mode when using the "getKey/storageKey" props during Server-...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
10 MEDIUM CVE-2023-26159 Npm-follow-redirects-1.15.2
detailsRecommended version: 1.15.6
Description: The package follow-redirects versions prior to 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the "url....
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
11 MEDIUM CVE-2023-44270 Npm-postcss-8.4.28
detailsRecommended version: 8.4.31
Description: An issue was discovered in postcss versions prior to 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An at...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
12 MEDIUM CVE-2024-11831 Npm-serialize-javascript-6.0.1
detailsRecommended version: 6.0.2
Description: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain i...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
13 MEDIUM CVE-2024-29041 Npm-express-4.18.2
detailsRecommended version: 4.20.0
Description: Express.js minimalist web framework for node. Express.js versions prior to 4.19.2, and 5.0.x prior to 5.0.0-beta.3 are affected by an open redirect...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
14 MEDIUM CVE-2024-43788 Npm-webpack-5.88.2
detailsRecommended version: 5.94.0
Description: Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundlin...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
15 MEDIUM CVE-2024-43796 Npm-express-4.18.2
detailsRecommended version: 4.20.0
Description: Express.js minimalist web framework for node. In express versions prior to 4.20.0 and 5.0.x prior to 5.0.0, passing untrusted user input even after...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
16 MEDIUM CVE-2024-43799 Npm-send-0.18.0
detailsRecommended version: 0.19.0
Description: Send is a library for streaming files from the file system as an HTTP response. Send passes untrusted user input to "SendStream.redirect()" which e...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
17 MEDIUM CVE-2024-43800 Npm-serve-static-1.15.0
detailsRecommended version: 1.16.0
Description: serve-static serves static files. serve-static passes untrusted user input even after sanitizing it to "redirect()" and may execute untrusted code....
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
18 MEDIUM CVE-2024-47764 Npm-cookie-0.5.0
detailsRecommended version: 0.7.0
Description: The NPM package cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cook...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
19 MEDIUM CVE-2025-66030 Npm-node-forge-1.3.1
detailsRecommended version: 1.3.2
Description: Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-fo...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
20 LOW CVE-2025-7339 Npm-on-headers-1.0.2
detailsRecommended version: 1.1.0
Description: The on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions prior to 1.1.0 may result in r...
Attack Vector: LOCAL
Attack Complexity: LOW
Vulnerable Package
21 LOW CVE-2025-9910 Npm-jsondiffpatch-0.4.1
detailsRecommended version: 0.7.2
Description: jsondiffpatch versions prior to 0.7.2 are vulnerable to Cross-site Scripting (XSS) via "HtmlFormatter::nodeBegin". An attacker can inject malicious...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bijupki @segrem25830-pki @snyk-bot