From 124df10def301e8572332de2dc0d00f69eb33434 Mon Sep 17 00:00:00 2001 From: Olu <142989683+olusegz07@users.noreply.github.com> Date: Thu, 25 Sep 2025 13:00:27 +0100 Subject: [PATCH 1/5] Update unlink-cases.component.ts --- .../components/unlink-cases/unlink-cases.component.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/ccd-case-ui-toolkit/src/lib/shared/components/palette/linked-cases/components/unlink-cases/unlink-cases.component.ts b/projects/ccd-case-ui-toolkit/src/lib/shared/components/palette/linked-cases/components/unlink-cases/unlink-cases.component.ts index cb79f1f051..a33ab806f6 100644 --- a/projects/ccd-case-ui-toolkit/src/lib/shared/components/palette/linked-cases/components/unlink-cases/unlink-cases.component.ts +++ b/projects/ccd-case-ui-toolkit/src/lib/shared/components/palette/linked-cases/components/unlink-cases/unlink-cases.component.ts @@ -162,7 +162,7 @@ export class UnLinkCasesComponent extends AbstractFieldWriteJourneyComponent imp this.errorMessages.push({ title: 'case-selection', description: LinkedCasesErrorMessages.UnlinkCaseSelectionError, - fieldId: `case-reference-${this.linkedCases[0].caseReference}` + fieldId: `case-reference-${this.linkedCases[0]?.caseReference}` }); this.unlinkErrorMessage = LinkedCasesErrorMessages.UnlinkCaseSelectionError; navigateToNextPage = false; From 959eaed5f275693f1aa34447e9ba93cdadc7f8fc Mon Sep 17 00:00:00 2001 From: Olu <142989683+olusegz07@users.noreply.github.com> Date: Thu, 25 Sep 2025 13:02:10 +0100 Subject: [PATCH 2/5] toolkit version update --- package.json | 2 +- projects/ccd-case-ui-toolkit/package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index e2b217bde7..2531ef1299 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@hmcts/ccd-case-ui-toolkit", - "version": "7.2.46", + "version": "7.2.47-manage-caseLink-event", "engines": { "node": ">=18.19.0" }, diff --git a/projects/ccd-case-ui-toolkit/package.json b/projects/ccd-case-ui-toolkit/package.json index 2cbadf16aa..b336eea357 100644 --- a/projects/ccd-case-ui-toolkit/package.json +++ b/projects/ccd-case-ui-toolkit/package.json @@ -1,6 +1,6 @@ { "name": "@hmcts/ccd-case-ui-toolkit", - "version": "7.2.46", + "version": "7.2.47-manage-caseLink-event", "engines": { "node": ">=18.19.0" }, From 45ff39269da80dc6cb0590318bcbd3b85cdd1e58 Mon Sep 17 00:00:00 2001 From: RiteshHMCTS Date: Wed, 8 Oct 2025 10:53:38 +0100 Subject: [PATCH 3/5] version updated --- RELEASE-NOTES.md | 3 +++ package.json | 2 +- projects/ccd-case-ui-toolkit/package.json | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 250c0842c7..8d7f9ac10f 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,5 +1,8 @@ ## RELEASE NOTES +### Version 7.2.49 +**EXUI-3457** ManageCaseLink Event Not working-Breaking the Nightly build + ### Version 7.2.48 **EXUI-3469** Vulnerabilities identified for Media Viewer diff --git a/package.json b/package.json index da5f3b5553..600e30bbfc 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@hmcts/ccd-case-ui-toolkit", - "version": "7.2.48-manage-caseLink-event", + "version": "7.2.49", "engines": { "node": ">=18.19.0" }, diff --git a/projects/ccd-case-ui-toolkit/package.json b/projects/ccd-case-ui-toolkit/package.json index 41f06cecb5..f9d825c1d3 100644 --- a/projects/ccd-case-ui-toolkit/package.json +++ b/projects/ccd-case-ui-toolkit/package.json @@ -1,6 +1,6 @@ { "name": "@hmcts/ccd-case-ui-toolkit", - "version": "7.2.48-manage-caseLink-event", + "version": "7.2.49", "engines": { "node": ">=18.19.0" }, From 5a7737ea86cb186987f732d7de2eb5b811e3764d Mon Sep 17 00:00:00 2001 From: RiteshHMCTS Date: Wed, 8 Oct 2025 10:55:23 +0100 Subject: [PATCH 4/5] cve --- yarn-audit-known-issues | 47 ----------------------------------------- 1 file changed, 47 deletions(-) diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues index 922f20763d..f436dfae8c 100644 --- a/yarn-audit-known-issues +++ b/yarn-audit-known-issues @@ -1,54 +1,7 @@ -{"value":"abab","children":{"ID":"abab (deprecation)","Issue":"Use your platform's native atob() and btoa() methods instead","Severity":"moderate","Vulnerable Versions":"2.0.6","Tree Versions":["2.0.6"],"Dependents":["jsdom@virtual:ce56289c4b7a2e9003d709997e253c1c80dcaee4c6fbe440cbe9ba5de5db8af3a7b7ad41bbdec5a5e3d40dc9c3c54bef92dd6885ff84cd436d636d5a1b380a61#npm:20.0.3"]}} -{"value":"body-parser","children":{"ID":1099520,"Issue":"body-parser vulnerable to denial of service when url encoding is enabled","URL":"https://github.com/advisories/GHSA-qwcr-r2fm-qrc7","Severity":"high","Vulnerable Versions":"<1.20.3","Tree Versions":["1.20.1","1.20.2"],"Dependents":["express@npm:4.18.2","json-server@npm:0.15.1"]}} -{"value":"brace-expansion","children":{"ID":1105444,"Issue":"brace-expansion Regular Expression Denial of Service vulnerability","URL":"https://github.com/advisories/GHSA-v6h2-p8h4-qcjw","Severity":"low","Vulnerable Versions":">=2.0.0 <=2.0.1","Tree Versions":["2.0.1"],"Dependents":["minimatch@npm:8.0.4"]}} {"value":"braces","children":{"ID":1098094,"Issue":"Uncontrolled resource consumption in braces","URL":"https://github.com/advisories/GHSA-grv7-fg5c-xmjg","Severity":"high","Vulnerable Versions":"<3.0.3","Tree Versions":["2.3.2"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} -{"value":"cookie","children":{"ID":1103907,"Issue":"cookie accepts cookie name, path, and domain with out of bounds characters","URL":"https://github.com/advisories/GHSA-pxg6-pf52-xh8x","Severity":"low","Vulnerable Versions":"<0.7.0","Tree Versions":["0.5.0"],"Dependents":["express@npm:4.18.2"]}} -{"value":"copy-concurrently","children":{"ID":"copy-concurrently (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"1.0.5","Tree Versions":["1.0.5"],"Dependents":["move-concurrently@npm:1.0.1"]}} -{"value":"core-js","children":{"ID":"core-js (deprecation)","Issue":"core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.","Severity":"moderate","Vulnerable Versions":"1.2.7","Tree Versions":["1.2.7"],"Dependents":["fbjs@npm:0.8.18"]}} -{"value":"cross-spawn","children":{"ID":1104663,"Issue":"Regular Expression Denial of Service (ReDoS) in cross-spawn","URL":"https://github.com/advisories/GHSA-3xgq-45jj-v275","Severity":"high","Vulnerable Versions":"<6.0.6","Tree Versions":["5.1.0"],"Dependents":["execa@npm:0.7.0"]}} -{"value":"domexception","children":{"ID":"domexception (deprecation)","Issue":"Use your platform's native DOMException instead","Severity":"moderate","Vulnerable Versions":"4.0.0","Tree Versions":["4.0.0"],"Dependents":["jsdom@virtual:ce56289c4b7a2e9003d709997e253c1c80dcaee4c6fbe440cbe9ba5de5db8af3a7b7ad41bbdec5a5e3d40dc9c3c54bef92dd6885ff84cd436d636d5a1b380a61#npm:20.0.3"]}} -{"value":"dompurify","children":{"ID":1105772,"Issue":"DOMPurify allows Cross-site Scripting (XSS)","URL":"https://github.com/advisories/GHSA-vhxf-7vqr-mrjg","Severity":"moderate","Vulnerable Versions":"<3.2.4","Tree Versions":["3.1.5"],"Dependents":["mermaid@npm:10.9.1"]}} -{"value":"express","children":{"ID":1096820,"Issue":"Express.js Open Redirect in malformed URLs","URL":"https://github.com/advisories/GHSA-rv95-896h-c2vc","Severity":"moderate","Vulnerable Versions":"<4.19.2","Tree Versions":["4.18.2"],"Dependents":["json-server@npm:0.15.1"]}} -{"value":"express","children":{"ID":1100530,"Issue":"express vulnerable to XSS via response.redirect()","URL":"https://github.com/advisories/GHSA-qw6h-vgh9-j6wx","Severity":"low","Vulnerable Versions":"<4.20.0","Tree Versions":["4.18.2"],"Dependents":["json-server@npm:0.15.1"]}} -{"value":"figgy-pudding","children":{"ID":"figgy-pudding (deprecation)","Issue":"This module is no longer supported.","Severity":"moderate","Vulnerable Versions":"3.5.2","Tree Versions":["3.5.2"],"Dependents":["npm-registry-fetch@npm:4.0.7"]}} -{"value":"form-data","children":{"ID":1106507,"Issue":"form-data uses unsafe random function in form-data for choosing boundary","URL":"https://github.com/advisories/GHSA-fjxv-7rqg-78g4","Severity":"critical","Vulnerable Versions":">=4.0.0 <4.0.4","Tree Versions":["4.0.0"],"Dependents":["jsdom@virtual:ce56289c4b7a2e9003d709997e253c1c80dcaee4c6fbe440cbe9ba5de5db8af3a7b7ad41bbdec5a5e3d40dc9c3c54bef92dd6885ff84cd436d636d5a1b380a61#npm:20.0.3"]}} -{"value":"form-data","children":{"ID":1106509,"Issue":"form-data uses unsafe random function in form-data for choosing boundary","URL":"https://github.com/advisories/GHSA-fjxv-7rqg-78g4","Severity":"critical","Vulnerable Versions":"<2.5.4","Tree Versions":["2.3.3"],"Dependents":["request@npm:2.88.2"]}} -{"value":"fs-write-stream-atomic","children":{"ID":"fs-write-stream-atomic (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"1.0.10","Tree Versions":["1.0.10"],"Dependents":["move-concurrently@npm:1.0.1"]}} -{"value":"glob","children":{"ID":"glob (deprecation)","Issue":"Glob versions prior to v9 are no longer supported","Severity":"moderate","Vulnerable Versions":"7.2.3","Tree Versions":["7.2.3"],"Dependents":["cacache@npm:12.0.4"]}} -{"value":"got","children":{"ID":1088948,"Issue":"Got allows a redirect to a UNIX socket","URL":"https://github.com/advisories/GHSA-pfrx-2q88-qq97","Severity":"moderate","Vulnerable Versions":"<11.8.5","Tree Versions":["9.6.0"],"Dependents":["package-json@npm:6.5.0"]}} {"value":"govuk-elements-sass","children":{"ID":"govuk-elements-sass (deprecation)","Issue":"GOV.UK Elements is no longer maintained. Use the GOV.UK Design System instead: https://frontend.design-system.service.gov.uk/v4/migrating-from-legacy-products/","Severity":"moderate","Vulnerable Versions":"3.1.3","Tree Versions":["3.1.3"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} -{"value":"govuk_frontend_toolkit","children":{"ID":"govuk_frontend_toolkit (deprecation)","Issue":"GOV.UK Frontend Toolkit is no longer maintained. Use the GOV.UK Design System instead: https://frontend.design-system.service.gov.uk/v4/migrating-from-legacy-products/","Severity":"moderate","Vulnerable Versions":"7.6.0","Tree Versions":["7.6.0"],"Dependents":["govuk-elements-sass@npm:3.1.3"]}} -{"value":"har-validator","children":{"ID":"har-validator (deprecation)","Issue":"this library is no longer supported","Severity":"moderate","Vulnerable Versions":"5.1.5","Tree Versions":["5.1.5"],"Dependents":["request@npm:2.88.2"]}} -{"value":"http-cache-semantics","children":{"ID":1102456,"Issue":"http-cache-semantics vulnerable to Regular Expression Denial of Service","URL":"https://github.com/advisories/GHSA-rc47-6667-2j5j","Severity":"high","Vulnerable Versions":"<4.1.1","Tree Versions":["3.8.1"],"Dependents":["make-fetch-happen@npm:5.0.2"]}} -{"value":"inflight","children":{"ID":"inflight (deprecation)","Issue":"This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.","Severity":"moderate","Vulnerable Versions":"1.0.6","Tree Versions":["1.0.6"],"Dependents":["glob@npm:7.2.3"]}} -{"value":"ip","children":{"ID":1097720,"Issue":"NPM IP package incorrectly identifies some private IP addresses as public","URL":"https://github.com/advisories/GHSA-78xj-cgh5-2h22","Severity":"low","Vulnerable Versions":"<1.1.9","Tree Versions":["1.1.5"],"Dependents":["socks@npm:2.3.3"]}} -{"value":"ip","children":{"ID":1101851,"Issue":"ip SSRF improper categorization in isPublic","URL":"https://github.com/advisories/GHSA-2p57-rm9w-gvfp","Severity":"high","Vulnerable Versions":"<=2.0.1","Tree Versions":["1.1.5"],"Dependents":["socks@npm:2.3.3"]}} -{"value":"is-accessor-descriptor","children":{"ID":"is-accessor-descriptor (deprecation)","Issue":"Please upgrade to v0.1.7","Severity":"moderate","Vulnerable Versions":"0.1.6","Tree Versions":["0.1.6"],"Dependents":["is-descriptor@npm:0.1.6"]}} -{"value":"is-data-descriptor","children":{"ID":"is-data-descriptor (deprecation)","Issue":"Please upgrade to v0.1.5","Severity":"moderate","Vulnerable Versions":"0.1.4","Tree Versions":["0.1.4"],"Dependents":["is-descriptor@npm:0.1.6"]}} -{"value":"katex","children":{"ID":1107419,"Issue":"KaTeX \\htmlData does not validate attribute names","URL":"https://github.com/advisories/GHSA-cg87-wmx4-v546","Severity":"moderate","Vulnerable Versions":">=0.12.0 <=0.16.20","Tree Versions":["0.16.10"],"Dependents":["ngx-markdown@virtual:6ff8c2a3aef81417d9f60600e3255d97c9c6c863d8733a87ed99d869392767523e0e28c07db1eb2a034bc9265813386132447698258584d621a7fd0e13d93585#npm:17.2.1"]}} {"value":"marked","children":{"ID":1095051,"Issue":"Inefficient Regular Expression Complexity in marked","URL":"https://github.com/advisories/GHSA-rrrm-qjm4-v8hf","Severity":"high","Vulnerable Versions":"<4.0.10","Tree Versions":["0.7.0"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} {"value":"marked","children":{"ID":1095052,"Issue":"Inefficient Regular Expression Complexity in marked","URL":"https://github.com/advisories/GHSA-5v2h-r2cx-5xgj","Severity":"high","Vulnerable Versions":"<4.0.10","Tree Versions":["0.7.0"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} -{"value":"mermaid","children":{"ID":1100231,"Issue":"Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify","URL":"https://github.com/advisories/GHSA-m4gq-x24j-jpmf","Severity":"high","Vulnerable Versions":"<=10.9.2","Tree Versions":["10.9.1"],"Dependents":["ngx-markdown@virtual:6ff8c2a3aef81417d9f60600e3255d97c9c6c863d8733a87ed99d869392767523e0e28c07db1eb2a034bc9265813386132447698258584d621a7fd0e13d93585#npm:17.2.1"]}} -{"value":"mermaid","children":{"ID":1107246,"Issue":"Mermaid improperly sanitizes sequence diagram labels leading to XSS","URL":"https://github.com/advisories/GHSA-7rqq-prvp-x9jh","Severity":"moderate","Vulnerable Versions":">=10.9.0-rc.1 <10.9.4","Tree Versions":["10.9.1"],"Dependents":["ngx-markdown@virtual:6ff8c2a3aef81417d9f60600e3255d97c9c6c863d8733a87ed99d869392767523e0e28c07db1eb2a034bc9265813386132447698258584d621a7fd0e13d93585#npm:17.2.1"]}} -{"value":"micromatch","children":{"ID":1098681,"Issue":"Regular Expression Denial of Service (ReDoS) in micromatch","URL":"https://github.com/advisories/GHSA-952p-6rrq-rcjv","Severity":"moderate","Vulnerable Versions":"<4.0.8","Tree Versions":["4.0.5"],"Dependents":["fast-glob@npm:3.3.2"]}} -{"value":"move-concurrently","children":{"ID":"move-concurrently (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"1.0.1","Tree Versions":["1.0.1"],"Dependents":["cacache@npm:12.0.4"]}} -{"value":"nanoid","children":{"ID":1101163,"Issue":"Predictable results in nanoid generation when given non-integer values","URL":"https://github.com/advisories/GHSA-mwcw-c2x4-8c55","Severity":"moderate","Vulnerable Versions":"<3.3.8","Tree Versions":["2.1.11"],"Dependents":["json-server@npm:0.15.1"]}} -{"value":"node-fetch-npm","children":{"ID":"node-fetch-npm (deprecation)","Issue":"This module is not used anymore, npm uses minipass-fetch for its fetch implementation now","Severity":"moderate","Vulnerable Versions":"2.0.4","Tree Versions":["2.0.4"],"Dependents":["make-fetch-happen@npm:5.0.2"]}} -{"value":"on-headers","children":{"ID":1106812,"Issue":"on-headers is vulnerable to http response header manipulation","URL":"https://github.com/advisories/GHSA-76c9-3jph-rj3q","Severity":"low","Vulnerable Versions":"<1.1.0","Tree Versions":["1.0.2"],"Dependents":["compression@npm:1.7.4"]}} -{"value":"osenv","children":{"ID":"osenv (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"0.1.5","Tree Versions":["0.1.5"],"Dependents":["npm-package-arg@npm:6.1.1"]}} -{"value":"path-to-regexp","children":{"ID":1101849,"Issue":"path-to-regexp outputs backtracking regular expressions","URL":"https://github.com/advisories/GHSA-9wv6-86v2-598j","Severity":"high","Vulnerable Versions":">=0.2.0 <1.9.0","Tree Versions":["1.8.0"],"Dependents":["express-urlrewrite@npm:1.4.0"]}} -{"value":"path-to-regexp","children":{"ID":1101850,"Issue":"path-to-regexp outputs backtracking regular expressions","URL":"https://github.com/advisories/GHSA-9wv6-86v2-598j","Severity":"high","Vulnerable Versions":"<0.1.10","Tree Versions":["0.1.7"],"Dependents":["express@npm:4.18.2"]}} -{"value":"path-to-regexp","children":{"ID":1105199,"Issue":"path-to-regexp contains a ReDoS","URL":"https://github.com/advisories/GHSA-rhx6-c78j-4q9w","Severity":"high","Vulnerable Versions":"<0.1.12","Tree Versions":["0.1.7"],"Dependents":["express@npm:4.18.2"]}} {"value":"prismjs","children":{"ID":1089189,"Issue":"prismjs Regular Expression Denial of Service vulnerability","URL":"https://github.com/advisories/GHSA-hqhp-5p83-hx96","Severity":"moderate","Vulnerable Versions":"<1.25.0","Tree Versions":["1.24.1"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} {"value":"prismjs","children":{"ID":1090424,"Issue":"Cross-site Scripting in Prism","URL":"https://github.com/advisories/GHSA-3949-f494-cm99","Severity":"high","Vulnerable Versions":">=1.14.0 <1.27.0","Tree Versions":["1.24.1"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} {"value":"prismjs","children":{"ID":1105770,"Issue":"PrismJS DOM Clobbering vulnerability","URL":"https://github.com/advisories/GHSA-x7hr-w5r2-h6wg","Severity":"moderate","Vulnerable Versions":"<1.30.0","Tree Versions":["1.24.1"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} -{"value":"request","children":{"ID":1096727,"Issue":"Server-Side Request Forgery in Request","URL":"https://github.com/advisories/GHSA-p8p7-x288-28g6","Severity":"moderate","Vulnerable Versions":"<=2.88.2","Tree Versions":["2.88.2"],"Dependents":["json-server@npm:0.15.1"]}} -{"value":"resolve-url","children":{"ID":"resolve-url (deprecation)","Issue":"https://github.com/lydell/resolve-url#deprecated","Severity":"moderate","Vulnerable Versions":"0.2.1","Tree Versions":["0.2.1"],"Dependents":["source-map-resolve@npm:0.5.3"]}} -{"value":"rimraf","children":{"ID":"rimraf (deprecation)","Issue":"Rimraf versions prior to v4 are no longer supported","Severity":"moderate","Vulnerable Versions":"2.7.1","Tree Versions":["2.7.1"],"Dependents":["cacache@npm:12.0.4"]}} -{"value":"send","children":{"ID":1100526,"Issue":"send vulnerable to template injection that can lead to XSS","URL":"https://github.com/advisories/GHSA-m6fv-jmcg-4jfg","Severity":"low","Vulnerable Versions":"<0.19.0","Tree Versions":["0.18.0"],"Dependents":["express@npm:4.18.2"]}} -{"value":"serve-static","children":{"ID":1100528,"Issue":"serve-static vulnerable to template injection that can lead to XSS","URL":"https://github.com/advisories/GHSA-cm22-4g7w-348p","Severity":"low","Vulnerable Versions":"<1.16.0","Tree Versions":["1.15.0"],"Dependents":["express@npm:4.18.2"]}} -{"value":"source-map-resolve","children":{"ID":"source-map-resolve (deprecation)","Issue":"See https://github.com/lydell/source-map-resolve#deprecated","Severity":"moderate","Vulnerable Versions":"0.5.3","Tree Versions":["0.5.3"],"Dependents":["snapdragon@npm:0.8.2"]}} -{"value":"source-map-url","children":{"ID":"source-map-url (deprecation)","Issue":"See https://github.com/lydell/source-map-url#deprecated","Severity":"moderate","Vulnerable Versions":"0.4.1","Tree Versions":["0.4.1"],"Dependents":["source-map-resolve@npm:0.5.3"]}} -{"value":"tough-cookie","children":{"ID":1097682,"Issue":"tough-cookie Prototype Pollution vulnerability","URL":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3","Severity":"moderate","Vulnerable Versions":"<4.1.3","Tree Versions":["2.5.0"],"Dependents":["request@npm:2.88.2"]}} -{"value":"urix","children":{"ID":"urix (deprecation)","Issue":"Please see https://github.com/lydell/urix#deprecated","Severity":"moderate","Vulnerable Versions":"0.1.0","Tree Versions":["0.1.0"],"Dependents":["source-map-resolve@npm:0.5.3"]}} -{"value":"uuid","children":{"ID":"uuid (deprecation)","Issue":"Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.","Severity":"moderate","Vulnerable Versions":"3.4.0","Tree Versions":["3.4.0"],"Dependents":["request@npm:2.88.2"]}} From c068caaf396cab7b8740242c2bc950fb0d3eb11a Mon Sep 17 00:00:00 2001 From: RiteshHMCTS Date: Wed, 8 Oct 2025 11:06:38 +0100 Subject: [PATCH 5/5] cve --- yarn-audit-known-issues | 47 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues index f436dfae8c..922f20763d 100644 --- a/yarn-audit-known-issues +++ b/yarn-audit-known-issues @@ -1,7 +1,54 @@ +{"value":"abab","children":{"ID":"abab (deprecation)","Issue":"Use your platform's native atob() and btoa() methods instead","Severity":"moderate","Vulnerable Versions":"2.0.6","Tree Versions":["2.0.6"],"Dependents":["jsdom@virtual:ce56289c4b7a2e9003d709997e253c1c80dcaee4c6fbe440cbe9ba5de5db8af3a7b7ad41bbdec5a5e3d40dc9c3c54bef92dd6885ff84cd436d636d5a1b380a61#npm:20.0.3"]}} +{"value":"body-parser","children":{"ID":1099520,"Issue":"body-parser vulnerable to denial of service when url encoding is enabled","URL":"https://github.com/advisories/GHSA-qwcr-r2fm-qrc7","Severity":"high","Vulnerable Versions":"<1.20.3","Tree Versions":["1.20.1","1.20.2"],"Dependents":["express@npm:4.18.2","json-server@npm:0.15.1"]}} +{"value":"brace-expansion","children":{"ID":1105444,"Issue":"brace-expansion Regular Expression Denial of Service vulnerability","URL":"https://github.com/advisories/GHSA-v6h2-p8h4-qcjw","Severity":"low","Vulnerable Versions":">=2.0.0 <=2.0.1","Tree Versions":["2.0.1"],"Dependents":["minimatch@npm:8.0.4"]}} {"value":"braces","children":{"ID":1098094,"Issue":"Uncontrolled resource consumption in braces","URL":"https://github.com/advisories/GHSA-grv7-fg5c-xmjg","Severity":"high","Vulnerable Versions":"<3.0.3","Tree Versions":["2.3.2"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} +{"value":"cookie","children":{"ID":1103907,"Issue":"cookie accepts cookie name, path, and domain with out of bounds characters","URL":"https://github.com/advisories/GHSA-pxg6-pf52-xh8x","Severity":"low","Vulnerable Versions":"<0.7.0","Tree Versions":["0.5.0"],"Dependents":["express@npm:4.18.2"]}} +{"value":"copy-concurrently","children":{"ID":"copy-concurrently (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"1.0.5","Tree Versions":["1.0.5"],"Dependents":["move-concurrently@npm:1.0.1"]}} +{"value":"core-js","children":{"ID":"core-js (deprecation)","Issue":"core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.","Severity":"moderate","Vulnerable Versions":"1.2.7","Tree Versions":["1.2.7"],"Dependents":["fbjs@npm:0.8.18"]}} +{"value":"cross-spawn","children":{"ID":1104663,"Issue":"Regular Expression Denial of Service (ReDoS) in cross-spawn","URL":"https://github.com/advisories/GHSA-3xgq-45jj-v275","Severity":"high","Vulnerable Versions":"<6.0.6","Tree Versions":["5.1.0"],"Dependents":["execa@npm:0.7.0"]}} +{"value":"domexception","children":{"ID":"domexception (deprecation)","Issue":"Use your platform's native DOMException instead","Severity":"moderate","Vulnerable Versions":"4.0.0","Tree Versions":["4.0.0"],"Dependents":["jsdom@virtual:ce56289c4b7a2e9003d709997e253c1c80dcaee4c6fbe440cbe9ba5de5db8af3a7b7ad41bbdec5a5e3d40dc9c3c54bef92dd6885ff84cd436d636d5a1b380a61#npm:20.0.3"]}} +{"value":"dompurify","children":{"ID":1105772,"Issue":"DOMPurify allows Cross-site Scripting (XSS)","URL":"https://github.com/advisories/GHSA-vhxf-7vqr-mrjg","Severity":"moderate","Vulnerable Versions":"<3.2.4","Tree Versions":["3.1.5"],"Dependents":["mermaid@npm:10.9.1"]}} +{"value":"express","children":{"ID":1096820,"Issue":"Express.js Open Redirect in malformed URLs","URL":"https://github.com/advisories/GHSA-rv95-896h-c2vc","Severity":"moderate","Vulnerable Versions":"<4.19.2","Tree Versions":["4.18.2"],"Dependents":["json-server@npm:0.15.1"]}} +{"value":"express","children":{"ID":1100530,"Issue":"express vulnerable to XSS via response.redirect()","URL":"https://github.com/advisories/GHSA-qw6h-vgh9-j6wx","Severity":"low","Vulnerable Versions":"<4.20.0","Tree Versions":["4.18.2"],"Dependents":["json-server@npm:0.15.1"]}} +{"value":"figgy-pudding","children":{"ID":"figgy-pudding (deprecation)","Issue":"This module is no longer supported.","Severity":"moderate","Vulnerable Versions":"3.5.2","Tree Versions":["3.5.2"],"Dependents":["npm-registry-fetch@npm:4.0.7"]}} +{"value":"form-data","children":{"ID":1106507,"Issue":"form-data uses unsafe random function in form-data for choosing boundary","URL":"https://github.com/advisories/GHSA-fjxv-7rqg-78g4","Severity":"critical","Vulnerable Versions":">=4.0.0 <4.0.4","Tree Versions":["4.0.0"],"Dependents":["jsdom@virtual:ce56289c4b7a2e9003d709997e253c1c80dcaee4c6fbe440cbe9ba5de5db8af3a7b7ad41bbdec5a5e3d40dc9c3c54bef92dd6885ff84cd436d636d5a1b380a61#npm:20.0.3"]}} +{"value":"form-data","children":{"ID":1106509,"Issue":"form-data uses unsafe random function in form-data for choosing boundary","URL":"https://github.com/advisories/GHSA-fjxv-7rqg-78g4","Severity":"critical","Vulnerable Versions":"<2.5.4","Tree Versions":["2.3.3"],"Dependents":["request@npm:2.88.2"]}} +{"value":"fs-write-stream-atomic","children":{"ID":"fs-write-stream-atomic (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"1.0.10","Tree Versions":["1.0.10"],"Dependents":["move-concurrently@npm:1.0.1"]}} +{"value":"glob","children":{"ID":"glob (deprecation)","Issue":"Glob versions prior to v9 are no longer supported","Severity":"moderate","Vulnerable Versions":"7.2.3","Tree Versions":["7.2.3"],"Dependents":["cacache@npm:12.0.4"]}} +{"value":"got","children":{"ID":1088948,"Issue":"Got allows a redirect to a UNIX socket","URL":"https://github.com/advisories/GHSA-pfrx-2q88-qq97","Severity":"moderate","Vulnerable Versions":"<11.8.5","Tree Versions":["9.6.0"],"Dependents":["package-json@npm:6.5.0"]}} {"value":"govuk-elements-sass","children":{"ID":"govuk-elements-sass (deprecation)","Issue":"GOV.UK Elements is no longer maintained. Use the GOV.UK Design System instead: https://frontend.design-system.service.gov.uk/v4/migrating-from-legacy-products/","Severity":"moderate","Vulnerable Versions":"3.1.3","Tree Versions":["3.1.3"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} +{"value":"govuk_frontend_toolkit","children":{"ID":"govuk_frontend_toolkit (deprecation)","Issue":"GOV.UK Frontend Toolkit is no longer maintained. Use the GOV.UK Design System instead: https://frontend.design-system.service.gov.uk/v4/migrating-from-legacy-products/","Severity":"moderate","Vulnerable Versions":"7.6.0","Tree Versions":["7.6.0"],"Dependents":["govuk-elements-sass@npm:3.1.3"]}} +{"value":"har-validator","children":{"ID":"har-validator (deprecation)","Issue":"this library is no longer supported","Severity":"moderate","Vulnerable Versions":"5.1.5","Tree Versions":["5.1.5"],"Dependents":["request@npm:2.88.2"]}} +{"value":"http-cache-semantics","children":{"ID":1102456,"Issue":"http-cache-semantics vulnerable to Regular Expression Denial of Service","URL":"https://github.com/advisories/GHSA-rc47-6667-2j5j","Severity":"high","Vulnerable Versions":"<4.1.1","Tree Versions":["3.8.1"],"Dependents":["make-fetch-happen@npm:5.0.2"]}} +{"value":"inflight","children":{"ID":"inflight (deprecation)","Issue":"This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.","Severity":"moderate","Vulnerable Versions":"1.0.6","Tree Versions":["1.0.6"],"Dependents":["glob@npm:7.2.3"]}} +{"value":"ip","children":{"ID":1097720,"Issue":"NPM IP package incorrectly identifies some private IP addresses as public","URL":"https://github.com/advisories/GHSA-78xj-cgh5-2h22","Severity":"low","Vulnerable Versions":"<1.1.9","Tree Versions":["1.1.5"],"Dependents":["socks@npm:2.3.3"]}} +{"value":"ip","children":{"ID":1101851,"Issue":"ip SSRF improper categorization in isPublic","URL":"https://github.com/advisories/GHSA-2p57-rm9w-gvfp","Severity":"high","Vulnerable Versions":"<=2.0.1","Tree Versions":["1.1.5"],"Dependents":["socks@npm:2.3.3"]}} +{"value":"is-accessor-descriptor","children":{"ID":"is-accessor-descriptor (deprecation)","Issue":"Please upgrade to v0.1.7","Severity":"moderate","Vulnerable Versions":"0.1.6","Tree Versions":["0.1.6"],"Dependents":["is-descriptor@npm:0.1.6"]}} +{"value":"is-data-descriptor","children":{"ID":"is-data-descriptor (deprecation)","Issue":"Please upgrade to v0.1.5","Severity":"moderate","Vulnerable Versions":"0.1.4","Tree Versions":["0.1.4"],"Dependents":["is-descriptor@npm:0.1.6"]}} +{"value":"katex","children":{"ID":1107419,"Issue":"KaTeX \\htmlData does not validate attribute names","URL":"https://github.com/advisories/GHSA-cg87-wmx4-v546","Severity":"moderate","Vulnerable Versions":">=0.12.0 <=0.16.20","Tree Versions":["0.16.10"],"Dependents":["ngx-markdown@virtual:6ff8c2a3aef81417d9f60600e3255d97c9c6c863d8733a87ed99d869392767523e0e28c07db1eb2a034bc9265813386132447698258584d621a7fd0e13d93585#npm:17.2.1"]}} {"value":"marked","children":{"ID":1095051,"Issue":"Inefficient Regular Expression Complexity in marked","URL":"https://github.com/advisories/GHSA-rrrm-qjm4-v8hf","Severity":"high","Vulnerable Versions":"<4.0.10","Tree Versions":["0.7.0"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} {"value":"marked","children":{"ID":1095052,"Issue":"Inefficient Regular Expression Complexity in marked","URL":"https://github.com/advisories/GHSA-5v2h-r2cx-5xgj","Severity":"high","Vulnerable Versions":"<4.0.10","Tree Versions":["0.7.0"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} +{"value":"mermaid","children":{"ID":1100231,"Issue":"Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify","URL":"https://github.com/advisories/GHSA-m4gq-x24j-jpmf","Severity":"high","Vulnerable Versions":"<=10.9.2","Tree Versions":["10.9.1"],"Dependents":["ngx-markdown@virtual:6ff8c2a3aef81417d9f60600e3255d97c9c6c863d8733a87ed99d869392767523e0e28c07db1eb2a034bc9265813386132447698258584d621a7fd0e13d93585#npm:17.2.1"]}} +{"value":"mermaid","children":{"ID":1107246,"Issue":"Mermaid improperly sanitizes sequence diagram labels leading to XSS","URL":"https://github.com/advisories/GHSA-7rqq-prvp-x9jh","Severity":"moderate","Vulnerable Versions":">=10.9.0-rc.1 <10.9.4","Tree Versions":["10.9.1"],"Dependents":["ngx-markdown@virtual:6ff8c2a3aef81417d9f60600e3255d97c9c6c863d8733a87ed99d869392767523e0e28c07db1eb2a034bc9265813386132447698258584d621a7fd0e13d93585#npm:17.2.1"]}} +{"value":"micromatch","children":{"ID":1098681,"Issue":"Regular Expression Denial of Service (ReDoS) in micromatch","URL":"https://github.com/advisories/GHSA-952p-6rrq-rcjv","Severity":"moderate","Vulnerable Versions":"<4.0.8","Tree Versions":["4.0.5"],"Dependents":["fast-glob@npm:3.3.2"]}} +{"value":"move-concurrently","children":{"ID":"move-concurrently (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"1.0.1","Tree Versions":["1.0.1"],"Dependents":["cacache@npm:12.0.4"]}} +{"value":"nanoid","children":{"ID":1101163,"Issue":"Predictable results in nanoid generation when given non-integer values","URL":"https://github.com/advisories/GHSA-mwcw-c2x4-8c55","Severity":"moderate","Vulnerable Versions":"<3.3.8","Tree Versions":["2.1.11"],"Dependents":["json-server@npm:0.15.1"]}} +{"value":"node-fetch-npm","children":{"ID":"node-fetch-npm (deprecation)","Issue":"This module is not used anymore, npm uses minipass-fetch for its fetch implementation now","Severity":"moderate","Vulnerable Versions":"2.0.4","Tree Versions":["2.0.4"],"Dependents":["make-fetch-happen@npm:5.0.2"]}} +{"value":"on-headers","children":{"ID":1106812,"Issue":"on-headers is vulnerable to http response header manipulation","URL":"https://github.com/advisories/GHSA-76c9-3jph-rj3q","Severity":"low","Vulnerable Versions":"<1.1.0","Tree Versions":["1.0.2"],"Dependents":["compression@npm:1.7.4"]}} +{"value":"osenv","children":{"ID":"osenv (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"0.1.5","Tree Versions":["0.1.5"],"Dependents":["npm-package-arg@npm:6.1.1"]}} +{"value":"path-to-regexp","children":{"ID":1101849,"Issue":"path-to-regexp outputs backtracking regular expressions","URL":"https://github.com/advisories/GHSA-9wv6-86v2-598j","Severity":"high","Vulnerable Versions":">=0.2.0 <1.9.0","Tree Versions":["1.8.0"],"Dependents":["express-urlrewrite@npm:1.4.0"]}} +{"value":"path-to-regexp","children":{"ID":1101850,"Issue":"path-to-regexp outputs backtracking regular expressions","URL":"https://github.com/advisories/GHSA-9wv6-86v2-598j","Severity":"high","Vulnerable Versions":"<0.1.10","Tree Versions":["0.1.7"],"Dependents":["express@npm:4.18.2"]}} +{"value":"path-to-regexp","children":{"ID":1105199,"Issue":"path-to-regexp contains a ReDoS","URL":"https://github.com/advisories/GHSA-rhx6-c78j-4q9w","Severity":"high","Vulnerable Versions":"<0.1.12","Tree Versions":["0.1.7"],"Dependents":["express@npm:4.18.2"]}} {"value":"prismjs","children":{"ID":1089189,"Issue":"prismjs Regular Expression Denial of Service vulnerability","URL":"https://github.com/advisories/GHSA-hqhp-5p83-hx96","Severity":"moderate","Vulnerable Versions":"<1.25.0","Tree Versions":["1.24.1"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} {"value":"prismjs","children":{"ID":1090424,"Issue":"Cross-site Scripting in Prism","URL":"https://github.com/advisories/GHSA-3949-f494-cm99","Severity":"high","Vulnerable Versions":">=1.14.0 <1.27.0","Tree Versions":["1.24.1"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} {"value":"prismjs","children":{"ID":1105770,"Issue":"PrismJS DOM Clobbering vulnerability","URL":"https://github.com/advisories/GHSA-x7hr-w5r2-h6wg","Severity":"moderate","Vulnerable Versions":"<1.30.0","Tree Versions":["1.24.1"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}} +{"value":"request","children":{"ID":1096727,"Issue":"Server-Side Request Forgery in Request","URL":"https://github.com/advisories/GHSA-p8p7-x288-28g6","Severity":"moderate","Vulnerable Versions":"<=2.88.2","Tree Versions":["2.88.2"],"Dependents":["json-server@npm:0.15.1"]}} +{"value":"resolve-url","children":{"ID":"resolve-url (deprecation)","Issue":"https://github.com/lydell/resolve-url#deprecated","Severity":"moderate","Vulnerable Versions":"0.2.1","Tree Versions":["0.2.1"],"Dependents":["source-map-resolve@npm:0.5.3"]}} +{"value":"rimraf","children":{"ID":"rimraf (deprecation)","Issue":"Rimraf versions prior to v4 are no longer supported","Severity":"moderate","Vulnerable Versions":"2.7.1","Tree Versions":["2.7.1"],"Dependents":["cacache@npm:12.0.4"]}} +{"value":"send","children":{"ID":1100526,"Issue":"send vulnerable to template injection that can lead to XSS","URL":"https://github.com/advisories/GHSA-m6fv-jmcg-4jfg","Severity":"low","Vulnerable Versions":"<0.19.0","Tree Versions":["0.18.0"],"Dependents":["express@npm:4.18.2"]}} +{"value":"serve-static","children":{"ID":1100528,"Issue":"serve-static vulnerable to template injection that can lead to XSS","URL":"https://github.com/advisories/GHSA-cm22-4g7w-348p","Severity":"low","Vulnerable Versions":"<1.16.0","Tree Versions":["1.15.0"],"Dependents":["express@npm:4.18.2"]}} +{"value":"source-map-resolve","children":{"ID":"source-map-resolve (deprecation)","Issue":"See https://github.com/lydell/source-map-resolve#deprecated","Severity":"moderate","Vulnerable Versions":"0.5.3","Tree Versions":["0.5.3"],"Dependents":["snapdragon@npm:0.8.2"]}} +{"value":"source-map-url","children":{"ID":"source-map-url (deprecation)","Issue":"See https://github.com/lydell/source-map-url#deprecated","Severity":"moderate","Vulnerable Versions":"0.4.1","Tree Versions":["0.4.1"],"Dependents":["source-map-resolve@npm:0.5.3"]}} +{"value":"tough-cookie","children":{"ID":1097682,"Issue":"tough-cookie Prototype Pollution vulnerability","URL":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3","Severity":"moderate","Vulnerable Versions":"<4.1.3","Tree Versions":["2.5.0"],"Dependents":["request@npm:2.88.2"]}} +{"value":"urix","children":{"ID":"urix (deprecation)","Issue":"Please see https://github.com/lydell/urix#deprecated","Severity":"moderate","Vulnerable Versions":"0.1.0","Tree Versions":["0.1.0"],"Dependents":["source-map-resolve@npm:0.5.3"]}} +{"value":"uuid","children":{"ID":"uuid (deprecation)","Issue":"Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.","Severity":"moderate","Vulnerable Versions":"3.4.0","Tree Versions":["3.4.0"],"Dependents":["request@npm:2.88.2"]}}