Yarn Audit: new advisories on main (2b100ab0d5) · Issue #42065 · MetaMask/metamask-extension · GitHub
Skip to content

Yarn Audit: new advisories on main (2b100ab0d5) #42065

@github-actions

Description

@github-actions

2 new advisories detected on push to main (2 release-blocking).

CI run: https://github.com/MetaMask/metamask-extension/actions/runs/24799641903

Release-blocking (production, moderate+)

  • uuid (moderate) — uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided
    GHSA-w5hq-g745-h8pq
  • fast-xml-parser (moderate) — fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters
    GHSA-gh4j-gqv2-49f6
Native audit tree
├─ fast-xml-parser
│  ├─ ID: 1116957
│  ├─ Issue: fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters
│  ├─ URL: https://github.com/advisories/GHSA-gh4j-gqv2-49f6
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: <5.7.0
│  │ 
│  ├─ Tree Versions
│  │  └─ 5.5.7
│  │ 
│  └─ Dependents
│     └─ @metamask/snaps-utils@npm:12.2.0
│
├─ uuid
│  ├─ ID: 1116970
│  ├─ Issue: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided
│  ├─ URL: https://github.com/advisories/GHSA-w5hq-g745-h8pq
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: <14.0.0
│  │ 
│  ├─ Tree Versions
│  │  ├─ 3.2.1
│  │  ├─ 3.4.0
│  │  ├─ 8.3.2
│  │  └─ 9.0.1
│  │ 
│  └─ Dependents
│     ├─ @metamask/account-api@npm:1.0.0
│     ├─ istanbul-lib-processinfo@npm:2.0.2
│     ├─ metamask-crx@workspace:.
│     └─ socketcluster-client@npm:14.3.2
│

Metadata

Metadata

Assignees

No one assigned

    Labels

    release-13.30.0Issue or pull request that will be included in release 13.30.0

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions