Skip to content

CVE-2026-53550: Remediate js-yaml CVE-2026-53550 in ccd-api-gateway#757

Open
hmcts-github-ccd[bot] wants to merge 1 commit into
masterfrom
cve-2026-53550-d9921881-6eee-46b2-8bd5-710fb0819f6f
Open

CVE-2026-53550: Remediate js-yaml CVE-2026-53550 in ccd-api-gateway#757
hmcts-github-ccd[bot] wants to merge 1 commit into
masterfrom
cve-2026-53550-d9921881-6eee-46b2-8bd5-710fb0819f6f

Conversation

@hmcts-github-ccd

Copy link
Copy Markdown
Contributor

Summary:
Remediated CVE-2026-53550 by upgrading root js-yaml to 4.2.0 and updating the stale CVE fallback resolution from 3.14.2 to 4.2.0. Active Node was v22.22.3 from .nvmrc; Yarn 4.16.0 was used. yarn why now resolves all js-yaml paths to 4.2.0, and the regenerated production audit snapshot no longer contains CVE-2026-53550, GHSA-h67p-54hq-rp68, js-yaml, or 3.14.2; audit still exits nonzero for unrelated existing advisories. Verification: yarn install --immutable passed, yarn lint passed with one existing warning, yarn test:unit passed with 94 passing, smoke/functional/a11y placeholder scripts exited 0. No compile/build script or Dockerfile-derived build command is configured. Top-level yarn test remains environment-limited by nested Corepack/Yarn network fetch, matching the plan's pre-existing note.

Resolved CVEs: CVE-2026-53550

Plan ID: d9921881-6eee-46b2-8bd5-710fb0819f6f

Approved by: dinesh

@dinesh1patel dinesh1patel left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant