Skip to content

Update tc-libs #7161

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jmgasper merged 3 commits into from
Dec 15, 2025

Merge branch 'develop' into fix-tc-core-library-dep

be243b6
Select commit
Loading
Failed to load commit list.
Merged

Update tc-libs #7161

Merge branch 'develop' into fix-tc-core-library-dep
be243b6
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy failed Dec 15, 2025 in 10s

75 new alerts including 3 critical severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 3 critical
  • 37 high
  • 32 medium
  • 3 low

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 2434 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

auth0-js Privilege Escalation Vulnerability High

Package: auth0-js
Installed Version: 6.8.4
Vulnerability CVE-2017-17068
Severity: HIGH
Fixed Version: 8.12.0
Link: CVE-2017-17068

Check failure on line 11256 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests High

Package: axios
Installed Version: 0.21.4
Vulnerability CVE-2025-27152
Severity: HIGH
Fixed Version: 1.8.2, 0.30.0
Link: CVE-2025-27152

Check failure on line 11256 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

axios: Axios DoS via lack of data size check High

Package: axios
Installed Version: 0.21.4
Vulnerability CVE-2025-58754
Severity: HIGH
Fixed Version: 1.12.0, 0.30.2
Link: CVE-2025-58754

Check failure on line 21686 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-prismjs: Regular expression denial of service via prism-asciidoc prism-rest prism-tap and prism-eiffel components High

Package: prismjs
Installed Version: 1.17.1
Vulnerability CVE-2021-23341
Severity: HIGH
Fixed Version: 1.23.0
Link: CVE-2021-23341

Check failure on line 21686 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-prismjs: xss vulnerability that allows attackers to execute arbitrary code High

Package: prismjs
Installed Version: 1.17.1
Vulnerability CVE-2020-15138
Severity: HIGH
Fixed Version: 1.21.0
Link: CVE-2020-15138

Check failure on line 12680 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-is-svg: ReDoS via malicious string High

Package: is-svg
Installed Version: 3.0.0
Vulnerability CVE-2021-28092
Severity: HIGH
Fixed Version: 4.2.2
Link: CVE-2021-28092

Check failure on line 12680 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string High

Package: is-svg
Installed Version: 3.0.0
Vulnerability CVE-2021-29059
Severity: HIGH
Fixed Version: 4.3.0
Link: CVE-2021-29059

Check failure on line 14718 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

json5: Prototype Pollution in JSON5 via Parse Method High

Package: json5
Installed Version: 0.5.1
Vulnerability CVE-2022-46175
Severity: HIGH
Fixed Version: 2.2.2, 1.0.2
Link: CVE-2022-46175

Check failure on line 18232 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

path-to-regexp: Backtracking regular expressions cause ReDoS High

Package: path-to-regexp
Installed Version: 2.4.0
Vulnerability CVE-2024-45296
Severity: HIGH
Fixed Version: 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
Link: CVE-2024-45296

Check failure on line 17071 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

node-forge: node-forge ASN.1 Unbounded Recursion High

Package: node-forge
Installed Version: 0.7.6
Vulnerability CVE-2025-66031
Severity: HIGH
Fixed Version: 1.3.2
Link: CVE-2025-66031

Check failure on line 17071 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications High

Package: node-forge
Installed Version: 0.7.6
Vulnerability CVE-2025-12816
Severity: HIGH
Fixed Version: 1.3.2
Link: CVE-2025-12816

Check failure on line 14996 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties Critical

Package: lodash
Installed Version: 4.17.11
Vulnerability CVE-2019-10744
Severity: CRITICAL
Fixed Version: 4.17.12
Link: CVE-2019-10744

Check failure on line 14996 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-lodash: prototype pollution in zipObjectDeep function High

Package: lodash
Installed Version: 4.17.11
Vulnerability CVE-2020-8203
Severity: HIGH
Fixed Version: 4.17.19
Link: CVE-2020-8203

Check failure on line 14996 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-lodash: command injection via template High

Package: lodash
Installed Version: 4.17.11
Vulnerability CVE-2021-23337
Severity: HIGH
Fixed Version: 4.17.21
Link: CVE-2021-23337

Check failure on line 15001 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-semver: Regular expression denial of service High

Package: semver
Installed Version: 5.1.0
Vulnerability CVE-2022-25883
Severity: HIGH
Fixed Version: 7.5.2, 6.3.1, 5.7.2
Link: CVE-2022-25883

Check failure on line 17071 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery High

Package: node-forge
Installed Version: 0.7.6
Vulnerability CVE-2022-24772
Severity: HIGH
Fixed Version: 1.3.0
Link: CVE-2022-24772

Check failure on line 17071 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery High

Package: node-forge
Installed Version: 0.7.6
Vulnerability CVE-2022-24771
Severity: HIGH
Fixed Version: 1.3.0
Link: CVE-2022-24771

Check failure on line 17071 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-node-forge: prototype pollution via the util.setPath function High

Package: node-forge
Installed Version: 0.7.6
Vulnerability CVE-2020-7720
Severity: HIGH
Fixed Version: 0.10.0
Link: CVE-2020-7720

Check failure on line 17066 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

node-fetch: exposure of sensitive information to an unauthorized actor High

Package: node-fetch
Installed Version: 1.7.3
Vulnerability CVE-2022-0235
Severity: HIGH
Fixed Version: 3.1.1, 2.6.7
Link: CVE-2022-0235

Check failure on line 16694 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

multer: Multer Denial of Service High

Package: multer
Installed Version: 1.4.4
Vulnerability CVE-2025-7338
Severity: HIGH
Fixed Version: 2.0.2
Link: CVE-2025-7338

Check failure on line 16694 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

multer: Multer vulnerable to Denial of Service via unhandled exception High

Package: multer
Installed Version: 1.4.4
Vulnerability CVE-2025-48997
Severity: HIGH
Fixed Version: 2.0.1
Link: CVE-2025-48997

Check failure on line 16694 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

Multer vulnerable to Denial of Service via memory leaks from unclosed streams High

Package: multer
Installed Version: 1.4.4
Vulnerability CVE-2025-47935
Severity: HIGH
Fixed Version: 2.0.0
Link: CVE-2025-47935

Check failure on line 16694 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

Multer vulnerable to Denial of Service from maliciously crafted requests High

Package: multer
Installed Version: 1.4.4
Vulnerability CVE-2025-47944
Severity: HIGH
Fixed Version: 2.0.0
Link: CVE-2025-47944

Check failure on line 2434 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

Cross-Site Request Forgery (CSRF) in Auth0 High

Package: auth0-js
Installed Version: 6.8.4
Vulnerability CVE-2018-6874
Severity: HIGH
Fixed Version: 9.0.0
Link: CVE-2018-6874

Check failure on line 2434 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

Auth0-js bypasses CSRF checks High

Package: auth0-js
Installed Version: 6.8.4
Vulnerability CVE-2018-7307
Severity: HIGH
Fixed Version: 9.3.0
Link: CVE-2018-7307