Version 7.8.2

Author: seitenbau-govdata

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 7.9.0 2025-12-08
+
+- Fixed CVE-2025-55182 with update to Next.js 15.5.7 and React to 19.1.2
+
 ## 7.8.0 2025-10-07
 
 - Changed umbrella brand header text

src/owasp/suppressions.xml

@@ -1,15 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-  <suppress until="2025-08-01Z">
+  <suppress until="2026-02-01Z">
     <notes>Chart.js - uses third-party dependencies with vulnerabilities - requires update to new major version</notes>
     <packageUrl regex="true">^pkg:javascript/moment\.js@.*$</packageUrl>
     <cve>CVE-2022-24785</cve>
     <cve>CVE-2022-31129</cve>
     <cve>CVE-2023-22467</cve>
   </suppress>
-  <suppress until="2025-08-01Z">
-    <notes>yasgui - uses third-party dependencies with vulnerabilities and is not actively developed anymore - see GOVDATADE-1551</notes>
-    <packageUrl regex="true">^pkg:npm/dompurify@.*$</packageUrl>
-    <cve>CVE-2025-48050</cve>
+   <suppress until="2026-02-01Z">
+    <notes>nodemailer - requires update to new major version</notes>
+    <packageUrl regex="true">^pkg:npm/nodemailer@.*$</packageUrl>
+    <cve>CVE-2025-13033</cve>
+  </suppress>
+   <suppress until="2026-02-01Z">
+    <notes>glob - requires updates to @vitest/coverage and propably to @vitest</notes>
+    <packageUrl regex="true">^pkg:npm/glob@.*$</packageUrl>
+    <vulnerabilityName>GHSA-5j98-mcp5-4vw2</vulnerabilityName>
+  </suppress>
+   <suppress until="2026-02-01Z">
+    <notes>jose - requires updates to openid-client</notes>
+    <packageUrl regex="true">^pkg:npm/jose@.*$</packageUrl>
+    <cve>CVE-2025-45767</cve>
   </suppress>
 </suppressions>