Closes #21571: Bump minimatch and markdown-it to resolve security alerts #234

New Issue

MrUnknownDE · 2026-04-05T16:23:20+02:00

MrUnknownDE commented

2026-04-05 16:23:20 +02:00

Originally created by @jnovinger on 3/4/2026

Fixes: #21571

Add yarn resolutions to force patched versions of two transitive NPM dependencies flagged by dependabot:

minimatch 3.1.2 → 3.1.5 (GHSA-7r86-cg39-jmmj, high severity ReDoS)
markdown-it 14.1.0 → 14.1.1 (CVE-2026-2327, medium severity ReDoS)

*Originally created by @jnovinger on 3/4/2026* ### Fixes: #21571 Add yarn resolutions to force patched versions of two transitive NPM dependencies flagged by dependabot: - minimatch 3.1.2 → 3.1.5 (GHSA-7r86-cg39-jmmj, high severity ReDoS) - markdown-it 14.1.0 → 14.1.1 (CVE-2026-2327, medium severity ReDoS)

MrUnknownDE closed this issue

2026-04-05 16:23:20 +02:00

Sign in to join this conversation.

Branches Tags

main

21455-sql-indexes-audit

21357-register-model-actions

feature

20924-plugin-ui-components

21766-improve-test-coverage-for-sortable-table-columns

21157-export-template-public-models

21025-pre-render-config-contexts

21364-swagger

feature-ip-prefix-link

20911-dropdown-3

fix_module_substitution

21160-filterset

20911-dropdown-2

20044-elevation-stuck-lightmode

7604-filter-modifiers-v3

20660-script-load

19724-graphql

14884-script

19720-macaddress-interface-generic-relation

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/netbox#234