Skip to content

[S360] Fix multiple CVEs in MockProjects dependencies#2544

Open
lucygramley wants to merge 1 commit intomainfrom
s360/update-vulnerable-deps
Open

[S360] Fix multiple CVEs in MockProjects dependencies#2544
lucygramley wants to merge 1 commit intomainfrom
s360/update-vulnerable-deps

Conversation

@lucygramley
Copy link
Copy Markdown
Contributor

@lucygramley lucygramley commented Apr 28, 2026

S360 Security Fix

CVEs: CVE-2026-27903, CVE-2026-27904, CVE-2026-27970, CVE-2026-32635, GHSA-5c6j-r48x-rmvq, CVE-2026-33671
Severity: High
S360 KPI: [SFI-ES5.2] 1ES Open Source Vulnerabilities

What changed

  • minimatch (3.1.2, 5.1.6, 9.0.5): Updated via lockfile regeneration across all MockProjects — resolves CVE-2026-27903, CVE-2026-27904
  • @angular/core, @angular/compiler (21.0.7 → 21.2.5): Updated in NodeAppWithAngularTests — resolves CVE-2026-27970, CVE-2026-32635
  • serialize-javascript (6.0.2 → 7.0.5): Updated override from 7.0.3 to 7.0.5 in PerFile and OnProject — resolves GHSA-5c6j-r48x-rmvq
  • picomatch (2.3.1): Updated via npm audit fix — resolves CVE-2026-33671

Affected MockProjects

  • NodeAppWithAngularTests
  • NodeAppWithTestsConfiguredPerFile
  • NodeAppWithTestsConfiguredOnProject
  • reactappwithjesttestsjavascript
  • reactappwithjestteststypescript

Testing


  • pm audit\ reports 0 vulnerabilities in all 5 MockProjects
  • These are test mock projects — no production build impact

References

@lucygramley
[S360] Fix multiple CVEs in MockProjects dependencies
42255ea 
Updates vulnerable dependencies across test MockProjects:
- minimatch: resolves CVE-2026-27903, CVE-2026-27904
- @angular/core, @angular/compiler: resolves CVE-2026-27970, CVE-2026-32635
- serialize-javascript: resolves GHSA-5c6j-r48x-rmvq (override 7.0.3 -> 7.0.5)
- picomatch: resolves CVE-2026-33671 via npm audit fix

Affected projects:
- NodeAppWithAngularTests
- NodeAppWithTestsConfiguredPerFile
- NodeAppWithTestsConfiguredOnProject
- reactappwithjesttestsjavascript
- reactappwithjestteststypescript

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lucygramley