Skip to content

CVE-2026-41907: Remediate uuid CVE-2026-41907 in ccd-case-activity-api#627

Open
hmcts-github-ccd[bot] wants to merge 2 commits into
masterfrom
cve-2026-41907-23ee38f1-50c8-4500-b0a8-f686ad6f896b
Open

CVE-2026-41907: Remediate uuid CVE-2026-41907 in ccd-case-activity-api#627
hmcts-github-ccd[bot] wants to merge 2 commits into
masterfrom
cve-2026-41907-23ee38f1-50c8-4500-b0a8-f686ad6f896b

Conversation

@hmcts-github-ccd

Copy link
Copy Markdown
Contributor

Summary:
Upgraded applicationinsights from 3.15.0 to 3.15.1 using Yarn 4.16.0 on Node v20.20.2 from .nvmrc. The vulnerable production path through applicationinsights -> @azure/functions-old -> @azure/functions@3.5.1 -> uuid@8.3.2 is removed; yarn why uuid now only shows the dev/test nyc path via istanbul-lib-processinfo. Re-ran yarn npm audit --recursive --environment production --json > yarn-audit-known-issues; CVE-2026-41907/GHSA-w5hq-g745-h8pq/uuid are absent, though the audit command exits 1 due unrelated remaining production findings. Verification passed: yarn install --immutable, yarn run lint with 1 warning, yarn run test with 72 passing, yarn run test:smoke, and yarn run test:a11y. No package.json compile/build script or Dockerfile-derived compile/build script is configured, so no compile/build check was available.

Resolved CVEs: CVE-2026-41907

Plan ID: 23ee38f1-50c8-4500-b0a8-f686ad6f896b

Approved by: dinesh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant