Skip to content

CVE-2026-54285: Remediate @opentelemetry/core CVE-2026-54285 in ccd-api-gateway#758

Open
hmcts-github-ccd[bot] wants to merge 4 commits into
masterfrom
cve-2026-54285-bc189e21-c06b-4ac4-9d6f-1be2026ede78
Open

CVE-2026-54285: Remediate @opentelemetry/core CVE-2026-54285 in ccd-api-gateway#758
hmcts-github-ccd[bot] wants to merge 4 commits into
masterfrom
cve-2026-54285-bc189e21-c06b-4ac4-9d6f-1be2026ede78

Conversation

@hmcts-github-ccd

Copy link
Copy Markdown
Contributor

Summary:
Applied descriptor-level Yarn 4 resolutions for @opentelemetry/core to 2.8.0 after the package-level descriptor was rejected by Yarn 4.16.0. Active Node was v22.22.3 from .nvmrc; Corepack could not fetch Yarn due environment network limits, so all Yarn actions used the repo vendored Yarn 4.16.0. yarn install --immutable passed with the existing chai/sinon-chai peer warning. Refreshed production audit no longer reports CVE-2026-54285/GHSA-8988-4f7v-96qf. yarn lint passed with the existing vendored-Yarn eslint warning, and yarn test:unit passed with 94 tests. No compile/build script or Dockerfile-derived build check is configured.

Resolved CVEs: CVE-2026-54285

Plan ID: bc189e21-c06b-4ac4-9d6f-1be2026ede78

Approved by: james

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants