Skip to content

chore: bump the npm-docusaurus-dependencies group across 1 directory with 2 updates#1145

Merged
neilime merged 1 commit into
mainfrom
dependabot/npm_and_yarn/application/npm-docusaurus-dependencies-073a1f481f
Jun 13, 2026
Merged

chore: bump the npm-docusaurus-dependencies group across 1 directory with 2 updates#1145
neilime merged 1 commit into
mainfrom
dependabot/npm_and_yarn/application/npm-docusaurus-dependencies-073a1f481f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 5, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-docusaurus-dependencies group with 2 updates in the /application directory: react and react-dom.

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 5, 2026
@github-actions

github-actions Bot commented Jun 5, 2026

Copy link
Copy Markdown

Hi, thank you for creating your PR, we will check it out very soon

@dependabot dependabot Bot changed the title chore(deps): Bump the npm-docusaurus-dependencies group across 1 directory with 2 updates Bump the npm-docusaurus-dependencies group across 1 directory with 2 updates Jun 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/application/npm-docusaurus-dependencies-073a1f481f branch from 2d62613 to c85a940 Compare June 12, 2026 07:34
@neilime neilime changed the title Bump the npm-docusaurus-dependencies group across 1 directory with 2 updates chore: bump the npm-docusaurus-dependencies group across 1 directory with 2 updates Jun 12, 2026
@dependabot dependabot Bot changed the title chore: bump the npm-docusaurus-dependencies group across 1 directory with 2 updates Bump the npm-docusaurus-dependencies group across 1 directory with 2 updates Jun 13, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/application/npm-docusaurus-dependencies-073a1f481f branch from c85a940 to 5e4166e Compare June 13, 2026 07:22
@github-actions

Copy link
Copy Markdown

Super-linter summary

Language Validation result
BIOME_FORMAT Fail ❌
BIOME_LINT Pass ✅
CHECKOV Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Fail ❌

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

BIOME_FORMAT
Checked 75 files in 211ms. No fixes applied.
Found 1 error.application/src/pages/index.tsx format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Formatter would have printed the following content:

    101 101 │   function ProjectsSection() {
    102 102 │     const projects = [
    103     │ - → ··{
    104     │ - → ····name:·'compose-action',
    105     │ - → ····icon:·'⚡',
    106     │ - → ····url:·'https://github.com/hoverkraft-tech/compose-action',
    107     │ - → ····stars:·210,
    108     │ - → ····language:·'TypeScript',
    109     │ - → ····description:·'This·action·runs·your·docker-compose·file·and·clean·up·before·action·finished',
    110     │ - → ····tags:·[
    111     │ - → ······'continuous-integration',
    112     │ - → ······'docker-compose',
    113     │ - → ······'github-actions'
    114     │ - → ····],
    115     │ - → ····accent:·'primary'
    116     │ - → ··},
    117     │ - → ··{
    118     │ - → ····name:·'ci-dokumentor',
    119     │ - → ····icon:·'⚡',
    120     │ - → ····url:·'https://github.com/hoverkraft-tech/ci-dokumentor',
    121     │ - → ····stars:·5,
    122     │ - → ····language:·'TypeScript',
    123     │ - → ····description:·'Automated·documentation·generator·for·CI/CD·components',
    124     │ - → ····tags:·[
    125     │ - → ······'documentation',
    126     │ - → ······'github-actions',
    127     │ - → ······'open-source'
    128     │ - → ····],
    129     │ - → ····accent:·'neutral'
    130     │ - → ··},
    131     │ - → ··{
    132     │ - → ····name:·'ci-github-container',
    133     │ - → ····icon:·'⚡',
    134     │ - → ····url:·'https://github.com/hoverkraft-tech/ci-github-container',
    135     │ - → ····stars:·5,
    136     │ - → ····language:·'Go·Template',
    137     │ - → ····description:·'Opinionated·GitHub·Actions·and·workflows·for·continuous·integration·in·container·(OCI)·context',
    138     │ - → ····tags:·[
    139     │ - → ······'build',
    140     │ - → ······'containers',
    141     │ - → ······'continuous-integration'
    142     │ - → ····],
    143     │ - → ····accent:·'primary'
    144     │ - → ··}
        103 │ + → → {
        104 │ + → → → name:·"compose-action",
        105 │ + → → → icon:·"⚡",
        106 │ + → → → url:·"https://github.com/hoverkraft-tech/compose-action",
        107 │ + → → → stars:·210,
        108 │ + → → → language:·"TypeScript",
        109 │ + → → → description:
        110 │ + → → → → "This·action·runs·your·docker-compose·file·and·clean·up·before·action·finished",
        111 │ + → → → tags:·["continuous-integration",·"docker-compose",·"github-actions"],
        112 │ + → → → accent:·"primary",
        113 │ + → → },
        114 │ + → → {
        115 │ + → → → name:·"ci-dokumentor",
        116 │ + → → → icon:·"⚡",
        117 │ + → → → url:·"https://github.com/hoverkraft-tech/ci-dokumentor",
        118 │ + → → → stars:·5,
        119 │ + → → → language:·"TypeScript",
        120 │ + → → → description:·"Automated·documentation·generator·for·CI/CD·components",
        121 │ + → → → tags:·["documentation",·"github-actions",·"open-source"],
        122 │ + → → → accent:·"neutral",
        123 │ + → → },
        124 │ + → → {
        125 │ + → → → name:·"ci-github-container",
        126 │ + → → → icon:·"⚡",
        127 │ + → → → url:·"https://github.com/hoverkraft-tech/ci-github-container",
        128 │ + → → → stars:·5,
        129 │ + → → → language:·"Go·Template",
        130 │ + → → → description:
        131 │ + → → → → "Opinionated·GitHub·Actions·and·workflows·for·continuous·integration·in·container·(OCI)·context",
        132 │ + → → → tags:·["build",·"containers",·"continuous-integration"],
        133 │ + → → → accent:·"primary",
        134 │ + → → },
    145 135 │     ];
    146 136 │


format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Some errors were emitted while running checks.

TRIVY

Report Summary

┌───────────────────────────────┬────────────┬─────────────────┬───────────────────┬─────────┐
│            Target             │    Type    │ Vulnerabilities │ Misconfigurations │ Secrets │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ application/package-lock.json │    npm     │        5        │         -         │    -    │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ Dockerfile                    │ dockerfile │        -        │         0         │    -    │
└───────────────────────────────┴────────────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


application/package-lock.json (npm)
===================================
Total: 5 (UNKNOWN: 0, LOW: 0, MEDIUM: 3, HIGH: 1, CRITICAL: 1)

┌──────────────────────┬─────────────────────┬──────────┬────────┬───────────────────┬────────────────────────┬────────────────────────────────────────────────────────────┐
│       Library        │    Vulnerability    │ Severity │ Status │ Installed Version │     Fixed Version      │                           Title                            │
├──────────────────────┼─────────────────────┼──────────┼────────┼───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ joi                  │ CVE-2026-48038      │ MEDIUM   │ fixed  │ 17.13.3           │ 18.2.1, 17.13.4        │ joi has an uncaught RangeError on deeply nested input      │
│                      │                     │          │        │                   │                        │ through recursive `link()`...                              │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-48038                 │
├──────────────────────┼─────────────────────┼──────────┤        ├───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ serialize-javascript │ GHSA-5c6j-r48x-rmvq │ HIGH     │        │ 6.0.2             │ 7.0.3                  │ Serialize JavaScript is Vulnerable to RCE via RegExp.flags │
│                      │                     │          │        │                   │                        │ and Date.prototype.toISOString()                           │
│                      │                     │          │        │                   │                        │ https://github.com/advisories/GHSA-5c6j-r48x-rmvq          │
│                      ├─────────────────────┼──────────┤        │                   ├────────────────────────┼────────────────────────────────────────────────────────────┤
│                      │ CVE-2026-34043      │ MEDIUM   │        │                   │ 7.0.5                  │ serialize-javascript: serialize-javascript: Denial of      │
│                      │                     │          │        │                   │                        │ Service via specially crafted array-like object            │
│                      │                     │          │        │                   │                        │ serialization                                              │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-34043                 │
├──────────────────────┼─────────────────────┼──────────┤        ├───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ shell-quote          │ CVE-2026-9277       │ CRITICAL │        │ 1.8.3             │ 1.8.4                  │ shell-quote: shell-quote: Arbitrary code execution via     │
│                      │                     │          │        │                   │                        │ command injection due to unescaped line...                 │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-9277                  │
├──────────────────────┼─────────────────────┼──────────┤        ├───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ uuid                 │ CVE-2026-41907      │ MEDIUM   │        │ 8.3.2             │ 11.1.1, 12.0.1, 13.0.1 │ uuid: uuid: Out-of-bounds write vulnerability impacts data │
│                      │                     │          │        │                   │                        │ integrity and confidentiality                              │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-41907                 │
└──────────────────────┴─────────────────────┴──────────┴────────┴───────────────────┴────────────────────────┴────────────────────────────────────────────────────────────┘

@github-actions

github-actions Bot commented Jun 13, 2026

Copy link
Copy Markdown

Code Coverage Report

Coverage Results

Coverage

Metric Covered Total Percentage
Lines 12 12 100.00%
Branches 3 3 100.00%
Functions 8 8 100.00%

Overall: 100.00% 🟢
🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/application/npm-docusaurus-dependencies-073a1f481f branch from 5e4166e to 43aff59 Compare June 13, 2026 09:36
@github-actions

Copy link
Copy Markdown

Super-linter summary

Language Validation result
BIOME_FORMAT Fail ❌
BIOME_LINT Pass ✅
CHECKOV Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Fail ❌

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

BIOME_FORMAT
Checked 75 files in 369ms. No fixes applied.
Found 1 error.application/src/pages/index.tsx format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Formatter would have printed the following content:

    101 101 │   function ProjectsSection() {
    102 102 │     const projects = [
    103     │ - → ··{
    104     │ - → ····name:·'compose-action',
    105     │ - → ····icon:·'⚡',
    106     │ - → ····url:·'https://github.com/hoverkraft-tech/compose-action',
    107     │ - → ····stars:·210,
    108     │ - → ····language:·'TypeScript',
    109     │ - → ····description:·'This·action·runs·your·docker-compose·file·and·clean·up·before·action·finished',
    110     │ - → ····tags:·[
    111     │ - → ······'continuous-integration',
    112     │ - → ······'docker-compose',
    113     │ - → ······'github-actions'
    114     │ - → ····],
    115     │ - → ····accent:·'primary'
    116     │ - → ··},
    117     │ - → ··{
    118     │ - → ····name:·'ci-dokumentor',
    119     │ - → ····icon:·'⚡',
    120     │ - → ····url:·'https://github.com/hoverkraft-tech/ci-dokumentor',
    121     │ - → ····stars:·5,
    122     │ - → ····language:·'TypeScript',
    123     │ - → ····description:·'Automated·documentation·generator·for·CI/CD·components',
    124     │ - → ····tags:·[
    125     │ - → ······'documentation',
    126     │ - → ······'github-actions',
    127     │ - → ······'open-source'
    128     │ - → ····],
    129     │ - → ····accent:·'neutral'
    130     │ - → ··},
    131     │ - → ··{
    132     │ - → ····name:·'ci-github-container',
    133     │ - → ····icon:·'⚡',
    134     │ - → ····url:·'https://github.com/hoverkraft-tech/ci-github-container',
    135     │ - → ····stars:·5,
    136     │ - → ····language:·'Go·Template',
    137     │ - → ····description:·'Opinionated·GitHub·Actions·and·workflows·for·continuous·integration·in·container·(OCI)·context',
    138     │ - → ····tags:·[
    139     │ - → ······'build',
    140     │ - → ······'containers',
    141     │ - → ······'continuous-integration'
    142     │ - → ····],
    143     │ - → ····accent:·'primary'
    144     │ - → ··}
        103 │ + → → {
        104 │ + → → → name:·"compose-action",
        105 │ + → → → icon:·"⚡",
        106 │ + → → → url:·"https://github.com/hoverkraft-tech/compose-action",
        107 │ + → → → stars:·210,
        108 │ + → → → language:·"TypeScript",
        109 │ + → → → description:
        110 │ + → → → → "This·action·runs·your·docker-compose·file·and·clean·up·before·action·finished",
        111 │ + → → → tags:·["continuous-integration",·"docker-compose",·"github-actions"],
        112 │ + → → → accent:·"primary",
        113 │ + → → },
        114 │ + → → {
        115 │ + → → → name:·"ci-dokumentor",
        116 │ + → → → icon:·"⚡",
        117 │ + → → → url:·"https://github.com/hoverkraft-tech/ci-dokumentor",
        118 │ + → → → stars:·5,
        119 │ + → → → language:·"TypeScript",
        120 │ + → → → description:·"Automated·documentation·generator·for·CI/CD·components",
        121 │ + → → → tags:·["documentation",·"github-actions",·"open-source"],
        122 │ + → → → accent:·"neutral",
        123 │ + → → },
        124 │ + → → {
        125 │ + → → → name:·"ci-github-container",
        126 │ + → → → icon:·"⚡",
        127 │ + → → → url:·"https://github.com/hoverkraft-tech/ci-github-container",
        128 │ + → → → stars:·5,
        129 │ + → → → language:·"Go·Template",
        130 │ + → → → description:
        131 │ + → → → → "Opinionated·GitHub·Actions·and·workflows·for·continuous·integration·in·container·(OCI)·context",
        132 │ + → → → tags:·["build",·"containers",·"continuous-integration"],
        133 │ + → → → accent:·"primary",
        134 │ + → → },
    145 135 │     ];
    146 136 │


format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Some errors were emitted while running checks.

TRIVY

Report Summary

┌───────────────────────────────┬────────────┬─────────────────┬───────────────────┬─────────┐
│            Target             │    Type    │ Vulnerabilities │ Misconfigurations │ Secrets │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ application/package-lock.json │    npm     │        3        │         -         │    -    │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ Dockerfile                    │ dockerfile │        -        │         0         │    -    │
└───────────────────────────────┴────────────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


application/package-lock.json (npm)
===================================
Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 1, CRITICAL: 0)

┌──────────────────────┬─────────────────────┬──────────┬────────┬───────────────────┬────────────────────────┬────────────────────────────────────────────────────────────┐
│       Library        │    Vulnerability    │ Severity │ Status │ Installed Version │     Fixed Version      │                           Title                            │
├──────────────────────┼─────────────────────┼──────────┼────────┼───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ serialize-javascript │ GHSA-5c6j-r48x-rmvq │ HIGH     │ fixed  │ 6.0.2             │ 7.0.3                  │ Serialize JavaScript is Vulnerable to RCE via RegExp.flags │
│                      │                     │          │        │                   │                        │ and Date.prototype.toISOString()                           │
│                      │                     │          │        │                   │                        │ https://github.com/advisories/GHSA-5c6j-r48x-rmvq          │
│                      ├─────────────────────┼──────────┤        │                   ├────────────────────────┼────────────────────────────────────────────────────────────┤
│                      │ CVE-2026-34043      │ MEDIUM   │        │                   │ 7.0.5                  │ serialize-javascript: serialize-javascript: Denial of      │
│                      │                     │          │        │                   │                        │ Service via specially crafted array-like object            │
│                      │                     │          │        │                   │                        │ serialization                                              │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-34043                 │
├──────────────────────┼─────────────────────┤          │        ├───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ uuid                 │ CVE-2026-41907      │          │        │ 8.3.2             │ 11.1.1, 12.0.1, 13.0.1 │ uuid: uuid: Out-of-bounds write vulnerability impacts data │
│                      │                     │          │        │                   │                        │ integrity and confidentiality                              │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-41907                 │
└──────────────────────┴─────────────────────┴──────────┴────────┴───────────────────┴────────────────────────┴────────────────────────────────────────────────────────────┘

@neilime neilime force-pushed the dependabot/npm_and_yarn/application/npm-docusaurus-dependencies-073a1f481f branch from 43aff59 to 842eccb Compare June 13, 2026 10:27
@neilime neilime changed the title Bump the npm-docusaurus-dependencies group across 1 directory with 2 updates chore: bump the npm-docusaurus-dependencies group across 1 directory with 2 updates Jun 13, 2026
…ctory with 2 updates

Bumps the npm-docusaurus-dependencies group with 2 updates in the /application directory: [react](https://github.com/facebook/react/tree/HEAD/packages/react) and [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom).

Updates `react` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

---
updated-dependencies:
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-docusaurus-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-docusaurus-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>
@neilime neilime force-pushed the dependabot/npm_and_yarn/application/npm-docusaurus-dependencies-073a1f481f branch from 842eccb to 6912889 Compare June 13, 2026 10:29
@github-actions

Copy link
Copy Markdown

Super-linter summary

Language Validation result
BIOME_FORMAT Pass ✅
BIOME_LINT Pass ✅
CHECKOV Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Fail ❌

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

TRIVY

Report Summary

┌───────────────────────────────┬────────────┬─────────────────┬───────────────────┬─────────┐
│            Target             │    Type    │ Vulnerabilities │ Misconfigurations │ Secrets │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ application/package-lock.json │    npm     │        3        │         -         │    -    │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ Dockerfile                    │ dockerfile │        -        │         0         │    -    │
└───────────────────────────────┴────────────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


application/package-lock.json (npm)
===================================
Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 1, CRITICAL: 0)

┌──────────────────────┬─────────────────────┬──────────┬────────┬───────────────────┬────────────────────────┬────────────────────────────────────────────────────────────┐
│       Library        │    Vulnerability    │ Severity │ Status │ Installed Version │     Fixed Version      │                           Title                            │
├──────────────────────┼─────────────────────┼──────────┼────────┼───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ serialize-javascript │ GHSA-5c6j-r48x-rmvq │ HIGH     │ fixed  │ 6.0.2             │ 7.0.3                  │ Serialize JavaScript is Vulnerable to RCE via RegExp.flags │
│                      │                     │          │        │                   │                        │ and Date.prototype.toISOString()                           │
│                      │                     │          │        │                   │                        │ https://github.com/advisories/GHSA-5c6j-r48x-rmvq          │
│                      ├─────────────────────┼──────────┤        │                   ├────────────────────────┼────────────────────────────────────────────────────────────┤
│                      │ CVE-2026-34043      │ MEDIUM   │        │                   │ 7.0.5                  │ serialize-javascript: serialize-javascript: Denial of      │
│                      │                     │          │        │                   │                        │ Service via specially crafted array-like object            │
│                      │                     │          │        │                   │                        │ serialization                                              │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-34043                 │
├──────────────────────┼─────────────────────┤          │        ├───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ uuid                 │ CVE-2026-41907      │          │        │ 8.3.2             │ 11.1.1, 12.0.1, 13.0.1 │ uuid: uuid: Out-of-bounds write vulnerability impacts data │
│                      │                     │          │        │                   │                        │ integrity and confidentiality                              │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-41907                 │
└──────────────────────┴─────────────────────┴──────────┴────────┴───────────────────┴────────────────────────┴────────────────────────────────────────────────────────────┘

@neilime neilime merged commit b0d24d7 into main Jun 13, 2026
49 of 51 checks passed
@neilime neilime deleted the dependabot/npm_and_yarn/application/npm-docusaurus-dependencies-073a1f481f branch June 13, 2026 10:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant