From a6989ef6f4130457902229d65dfee81f94a22b63 Mon Sep 17 00:00:00 2001 From: "hmcts-github-ccd[bot]" <82895213+hmcts-github-ccd[bot]@users.noreply.github.com> Date: Fri, 12 Jun 2026 08:47:48 +0000 Subject: [PATCH] chore(cve): implement CVE-2026-48069 --- yarn-audit-known-issues | 2 -- yarn.lock | 6 +++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues index 1ebe2af5..9183979e 100644 --- a/yarn-audit-known-issues +++ b/yarn-audit-known-issues @@ -1,5 +1,3 @@ -{"value":"@grpc/grpc-js","children":{"ID":1120582,"Issue":"@grpc/grpc-js: A malformed request can cause a server crash","URL":"https://github.com/advisories/GHSA-5375-pq7m-f5r2","Severity":"high","Vulnerable Versions":">=1.14.0 <1.14.4","Tree Versions":["1.14.3"],"Dependents":["@opentelemetry/exporter-logs-otlp-grpc@virtual:86813c6619a0f23c04e420fa41e8d16a9a3dc192f1e564c6be7f1fcee880ad42df91849be108c26a99fb40b51e466a1cfd8f3d873db7ec0095935fc8069acc72#npm:0.217.0"]}} -{"value":"@grpc/grpc-js","children":{"ID":1120588,"Issue":"@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash","URL":"https://github.com/advisories/GHSA-99f4-grh7-6pcq","Severity":"high","Vulnerable Versions":">=1.14.0 <1.14.4","Tree Versions":["1.14.3"],"Dependents":["@opentelemetry/exporter-logs-otlp-grpc@virtual:86813c6619a0f23c04e420fa41e8d16a9a3dc192f1e564c6be7f1fcee880ad42df91849be108c26a99fb40b51e466a1cfd8f3d873db7ec0095935fc8069acc72#npm:0.217.0"]}} {"value":"@protobufjs/utf8","children":{"ID":1118933,"Issue":"protobufjs has overlong UTF-8 decoding","URL":"https://github.com/advisories/GHSA-q6x5-8v7m-xcrf","Severity":"moderate","Vulnerable Versions":"<=1.1.0","Tree Versions":["1.1.0"],"Dependents":["protobufjs@npm:8.0.1"]}} {"value":"@tootallnate/once","children":{"ID":1119438,"Issue":"@tootallnate/once vulnerable to Incorrect Control Flow Scoping","URL":"https://github.com/advisories/GHSA-vpq2-c234-7xj6","Severity":"low","Vulnerable Versions":"<2.0.1","Tree Versions":["2.0.0"],"Dependents":["http-proxy-agent@npm:5.0.0"]}} {"value":"abab","children":{"ID":"abab (deprecation)","Issue":"Use your platform's native atob() and btoa() methods instead","Severity":"moderate","Vulnerable Versions":"2.0.6","Tree Versions":["2.0.6"],"Dependents":["jsdom@virtual:765dd21400b9887d1cda8410e14996ece3abd2d473a1afb27695f43d295da769ea8bf3ebcf77d15b6687aeeeff789a6f299e6aeede434e237808bef39343fe75#npm:20.0.3"]}} diff --git a/yarn.lock b/yarn.lock index 11ec62ea..640b5029 100644 --- a/yarn.lock +++ b/yarn.lock @@ -660,12 +660,12 @@ __metadata: linkType: hard "@grpc/grpc-js@npm:^1.14.3": - version: 1.14.3 - resolution: "@grpc/grpc-js@npm:1.14.3" + version: 1.14.4 + resolution: "@grpc/grpc-js@npm:1.14.4" dependencies: "@grpc/proto-loader": "npm:^0.8.0" "@js-sdsl/ordered-map": "npm:^4.4.2" - checksum: 10/bb9bfe2f749179ae5ac7774d30486dfa2e0b004518c28de158b248e0f6f65f40138f01635c48266fa540670220f850216726e3724e1eb29d078817581c96e4db + checksum: 10/f9cdbd81e7388dc784c57274fcf6f4f4484da8968dd0975b97a14708d3fb117ae4a7bc2848e1bd1cc8b8ed9ee7a80ff131bfe728c85260da90a4e0b170e31ca9 languageName: node linkType: hard