request #47551 brace-expansion: 1.1.12 -> 1.1.13, 2.0.2 -> 2.0.3, 5.0.3 -> 5.0.5

Infos

Artifact ID#47551

Submitted byJoris MASSON (jmasson)

Last Modified On2026-03-27 17:45

Submitted on2026-03-27 15:43

Rank49274

Details

Summary *

brace-expansion: 1.1.12 -> 1.1.13, 2.0.2 -> 2.0.3, 5.0.3 -> 5.0.5

Original Submission

Fixes CVE-2026-33750, see the advisory: https://github.com/advisories/GHSA-f886-m6hf-6m8v

It is only used in dev tools (jest, eslint, gettext extraction tool chain, vue3-gettext extractor that is never used) and the impact is overuse of memory and denial of service. Tuleap itself is not affected.

CategoryDev tools

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toJoris MASSON (jmasson)

StatusClosed

Close date2026-03-27

Attachments

AttachmentsEmpty

References

Cross references

Show items referenced by request #47551

Referenced by request #47551

Artifact

rel #47138 17.6

Other

gerrit #37239

Follow-ups

Thomas Gerbet (tgerbet)

2026-03-27 17:45

Connected artifacts
- Added Fixed in: rel #47138

Tracker Workflow Manager (forge__tracker_workflow_manager)

2026-03-27 17:45

Closed by @jmasson with git #tuleap/stable/f33935b481775d823797283af07f3ed45d07dfb9.

Status changed from Under review to Closed
Close date set to 2026-03-27

Joris MASSON (jmasson)

2026-03-27 17:00

See gerrit #37239

Status changed from Under implementation to Under review

Public

Referenced by request #47551

Artifact

Other

Follow-ups