From 170802855f1f9e2acac441ed1d0b97f430b59a99 Mon Sep 17 00:00:00 2001
From: "hmcts-github-ccd[bot]"
 <82895213+hmcts-github-ccd[bot]@users.noreply.github.com>
Date: Wed, 3 Jun 2026 18:02:28 +0000
Subject: [PATCH] chore(cve): implement CVE-2026-42338

---
 yarn-audit-known-issues | 1 -
 yarn.lock               | 6 +++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
index 9183979e..0143b7dd 100644
--- a/yarn-audit-known-issues
+++ b/yarn-audit-known-issues
@@ -7,7 +7,6 @@
 {"value":"govuk_frontend_toolkit","children":{"ID":"govuk_frontend_toolkit (deprecation)","Issue":"GOV.UK Frontend Toolkit is no longer maintained. Use the GOV.UK Design System instead: https://frontend.design-system.service.gov.uk/v4/migrating-from-legacy-products/","Severity":"moderate","Vulnerable Versions":"7.6.0","Tree Versions":["7.6.0"],"Dependents":["govuk-elements-sass@npm:3.1.3"]}}
 {"value":"govuk_template_jinja","children":{"ID":"govuk_template_jinja (deprecation)","Issue":"GOV.UK Template is no longer maintained. Use the GOV.UK Design System instead: https://frontend.design-system.service.gov.uk/v4/migrating-from-legacy-products/","Severity":"moderate","Vulnerable Versions":"0.26.0","Tree Versions":["0.26.0"],"Dependents":["ccd-admin-web@workspace:."]}}
 {"value":"govuk_template_mustache","children":{"ID":"govuk_template_mustache (deprecation)","Issue":"GOV.UK Template is no longer maintained. Use the GOV.UK Design System instead: https://frontend.design-system.service.gov.uk/v4/migrating-from-legacy-products/","Severity":"moderate","Vulnerable Versions":"0.26.0","Tree Versions":["0.26.0"],"Dependents":["ccd-admin-web@workspace:."]}}
-{"value":"ip-address","children":{"ID":1118827,"Issue":"ip-address has XSS in Address6 HTML-emitting methods","URL":"https://github.com/advisories/GHSA-v2v4-37r5-5v8g","Severity":"moderate","Vulnerable Versions":"<=10.1.0","Tree Versions":["10.1.0"],"Dependents":["socks@npm:2.8.7"]}}
 {"value":"lodash.isequal","children":{"ID":"lodash.isequal (deprecation)","Issue":"This package is deprecated. Use require('node:util').isDeepStrictEqual instead.","Severity":"moderate","Vulnerable Versions":"4.5.0","Tree Versions":["4.5.0"],"Dependents":["@fast-csv/format@npm:4.3.5"]}}
 {"value":"multer","children":{"ID":"multer (deprecation)","Issue":"Multer 1.x is impacted by a number of vulnerabilities, which have been patched in 2.x. You should upgrade to the latest 2.x version.","Severity":"moderate","Vulnerable Versions":"1.4.5-lts.2","Tree Versions":["1.4.5-lts.2"],"Dependents":["ccd-admin-web@workspace:."]}}
 {"value":"protobufjs","children":{"ID":1117571,"Issue":"Arbitrary code execution in protobufjs","URL":"https://github.com/advisories/GHSA-xq3m-2v4x-88gg","Severity":"critical","Vulnerable Versions":"<7.5.5","Tree Versions":["7.5.4"],"Dependents":["@grpc/proto-loader@npm:0.8.0"]}}
diff --git a/yarn.lock b/yarn.lock
index b603b9da..bf3ee110 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6454,9 +6454,9 @@ __metadata:
   linkType: hard
 
 "ip-address@npm:^10.0.1":
-  version: 10.1.0
-  resolution: "ip-address@npm:10.1.0"
-  checksum: 10/a6979629d1ad9c1fb424bc25182203fad739b40225aebc55ec6243bbff5035faf7b9ed6efab3a097de6e713acbbfde944baacfa73e11852bb43989c45a68d79e
+  version: 10.2.0
+  resolution: "ip-address@npm:10.2.0"
+  checksum: 10/12fec399e1af5753ac322e47a6d81a50d3a528b3abb17c09525b2a2edcaedcca628c40520706f7037bc4d8e951b0296c47e7b86d0a8e6e2335c8f0ba4afcfac1
   languageName: node
   linkType: hard