Skip to content

CVE-2026-55603: Remediate CVE-2026-55603 in http-proxy-middleware for ccd-api-gateway#754

Open
hmcts-github-ccd[bot] wants to merge 2 commits into
masterfrom
cve-2026-55603-82c566f4-faf0-4320-a71c-68f361b0ee48
Open

CVE-2026-55603: Remediate CVE-2026-55603 in http-proxy-middleware for ccd-api-gateway#754
hmcts-github-ccd[bot] wants to merge 2 commits into
masterfrom
cve-2026-55603-82c566f4-faf0-4320-a71c-68f361b0ee48

Conversation

@hmcts-github-ccd

Copy link
Copy Markdown
Contributor

Summary:
Remediated CVE-2026-55603 by running Yarn 4.16.0 upgrade for http-proxy-middleware to 3.0.7. Expected Node source was .nvmrc=22.22.3; active verification Node was v22.22.3. Regenerated yarn-audit-known-issues with the required production recursive audit; CVE-2026-55603 / GHSA-gcq2-9pq2-cxqm / http-proxy-middleware is absent, though unrelated existing audit findings remain. Verification: yarn install --immutable passed; yarn lint passed with one existing warning; yarn test:unit passed with 94 tests; yarn test remains environment-limited by the offline Corepack/Yarn shim. No package.json compile/build script or Dockerfile-derived compile/build check is configured.

Resolved CVEs: CVE-2026-55603

Plan ID: 82c566f4-faf0-4320-a71c-68f361b0ee48

Approved by: james

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant