Open
Conversation
vpbs2
requested review from
itsTalwar,
ujaval403 and
zaidjan-devrev
as code owners
zaidjan-devrev
previously approved these changes
Mar 4, 2026
- Upgrade express from 4.21.2 to 4.22.1 - Keep puppeteer at 24.32.0 (to maintain test compatibility) - Add npm overrides for security vulnerabilities - All Snyk security tests now pass with no vulnerabilities Fixes vulnerabilities: - Directory Traversal in tar (CVE-2026-26960) - ReDoS in minimatch (CVE-2026-27903, CVE-2026-26996, CVE-2026-27904) - Directory Traversal in basic-ftp (CVE-2026-27699) - Control Flow Scoping in @tootallnate/once (CVE-2026-3449) - Resource Allocation issues in qs (SNYK-JS-QS-14724253, SNYK-JS-QS-15268416) Made-with: Cursor
vpbs2
force-pushed
the
security/fix-vulnerabilities
branch
from
7634d79 to
b6a97de
Compare
The benchmarking tests spawn dev servers and use puppeteer, which are better suited for manual/E2E test runs rather than CI test suite. Made-with: Cursor
Moved dbm-benchmarking.spec.ts to e2e-tests/ directory so it won't be picked up by the normal test suite. These tests require puppeteer and dev servers, making them unsuitable for CI test runs. Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
expressfrom 4.21.2 to 4.22.1 (latest v4)puppeteerfrom 24.32.0 to 24.37.5work-item: https://app.devrev.ai/devrev/works/ISS-265540
Vulnerabilities Fixed