Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #46799 ajv: 8.12.0, 8.13.0, 8.17.1 -> 8.18.0
    Infos
    #46799
    Joris MASSON (jmasson)
    2026-02-18 14:31
    2026-02-18 11:14
    48525
    Details
    ajv: 8.12.0, 8.13.0, 8.17.1 -> 8.18.0

    Fixes CVE-2025-69873. This issue does not affect Tuleap itself, it is a Regular Expression Denial of Service that impacts developer tools.

    One dependency remains in an eslint transitive dependency, but we choose to mark it ignored for now. There is an issue upstream but seeing as there seems to be breaking changes, we cannot "just" use a pnpm override to upgrade the dependency.

    Release https://github.com/ajv-validator/ajv/releases/tag/v8.18.0
    See the advisory here: https://github.com/advisories/GHSA-2g4f-4pwh-qvx6

    Dev tools
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Joris MASSON (jmasson)
    Closed
    2026-02-18
    Attachments
    Empty
    References
    Referenced by request #46799

    Artifact

    rel #46724 17.4

    Other

    gerrit #36920
    Display settings

    Follow-ups

    User avatar
    Joris MASSON (jmasson)2026-02-18 12:27
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Joris MASSON (jmasson)2026-02-18 12:22
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Joris MASSON (jmasson)2026-02-18 12:21
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes