request #47557 Temporarily ignore GHSA-h8r8-wccr-v5f2

Infos

Artifact ID#47557

Submitted byJoris MASSON (jmasson)

Last Modified On2026-03-31 16:05

Submitted on2026-03-31 10:37

Rank49282

Details

Summary *

Temporarily ignore GHSA-h8r8-wccr-v5f2

Original Submission

See Advisory: https://github.com/advisories/GHSA-h8r8-wccr-v5f2

It's an issue affecting DOMPurify versions before 3.3.2. All uses in Tuleap production code are set to version 3.3.2 (since request #47162), except for one use in slides for documentation. Tuleap itself is not affected by this issue.

For the remaining use in slides, the version cannot be upgraded, as DOMPurify is bundled within monaco-editor, so we choose to temporarily ignore it.

CategoryDev tools

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toJoris MASSON (jmasson)

StatusClosed

Close date2026-03-31

Attachments

AttachmentsEmpty

References

Cross references

Show items referenced by request #47557

Referenced by request #47557

Artifact

request #47162 Bump DOMPurify to 3.3.2

Other

gerrit #37283

Follow-ups

Tracker Workflow Manager (forge__tracker_workflow_manager)

2026-03-31 16:05

Closed by @jmasson2 with git #tuleap/tuleap/641e11cdad42b99ed9016dd5a6934f820d569cbf.

Status changed from Under review to Closed
Close date set to 2026-03-31

Joris MASSON (jmasson)

2026-03-31 14:46

See gerrit #37283

Status changed from Under implementation to Under review

Joris MASSON (jmasson)

2026-03-31 10:42

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes

Public

Referenced by request #47557

Artifact

Other

Follow-ups