Skip to content

Task webui 2038 fix a11y json5 vuln lts2023#3172

Closed
madhurkulshrestha-hyland wants to merge 2 commits into
maintenance-3.1.xfrom
task-webui-2038-fix-a11y-json5-vuln-lts2023
Closed

Task webui 2038 fix a11y json5 vuln lts2023#3172
madhurkulshrestha-hyland wants to merge 2 commits into
maintenance-3.1.xfrom
task-webui-2038-fix-a11y-json5-vuln-lts2023

Conversation

@madhurkulshrestha-hyland

@madhurkulshrestha-hyland madhurkulshrestha-hyland commented May 21, 2026

Copy link
Copy Markdown
Contributor

No description provided.

@madhurkulshrestha-hyland
WEBUI-2038: Regenerate a11y lockfile to fix json5 prototype pollution (
a01d5fc 
…CVE-2022-46175)

The a11y package-lock.json was stale and still resolved babel-register
-> babel-core -> json5@0.5.1 from the ftest package. Since babel-register
was removed from ftest in the round 2 fix, regenerating the lockfile
eliminates the vulnerable json5@0.5.1 dependency entirely.

Fixes Dependabot alert #129.
@madhurkulshrestha-hyland
WEBUI-2038: Fix tmp@0.2.3 resolution in root lockfile for ftest works…
2f836b4 
…pace

The root package-lock.json recorded tmp@0.2.3 for the ftest workspace
sub-tree despite the override specifying ^0.2.4. Updated the lockfile
entry to tmp@0.2.5 to eliminate Dependabot alert GHSA-52f5-9888-hmc6.
Copilot AI review requested due to automatic review settings May 21, 2026 18:30
@madhurkulshrestha-hyland madhurkulshrestha-hyland requested a review from a team as a code owner May 21, 2026 18:30
@madhurkulshrestha-hyland madhurkulshrestha-hyland requested review from naveen-konda and swarnadipa-dev and removed request for a team May 21, 2026 18:30
Copilot AI reviewed May 21, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@sonarqubecloud

sonarqubecloud Bot commented May 21, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@swarnadipa-dev swarnadipa-dev Awaiting requested review from swarnadipa-dev swarnadipa-dev is a code owner automatically assigned from nuxeo/ui

@naveen-konda naveen-konda Awaiting requested review from naveen-konda naveen-konda is a code owner automatically assigned from nuxeo/ui

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@madhurkulshrestha-hyland