Dependencies audit fix (!996) · Merge requests · GitLab.org / cells / HTTP Router

What does this MR do and why?

This MR fixes audit 2 vulnerabilities.

glob  10.2.0 - 10.4.5
Severity: high
glob CLI: Command injection via -c/--cmd executes matches with shell:true - https://github.com/advisories/GHSA-5j98-mcp5-4vw2
fix available via `npm audit fix`
node_modules/glob

js-yaml  4.0.0 - 4.1.0
Severity: moderate
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
fix available via `npm audit fix`
node_modules/js-yaml

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

How to set up and validate locally

Checkout the branch
Run npm audit
Verify there are no vulnerabilities 🎉

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Dec 09, 2025 by Bojan Marjanovic

Dependencies audit fix

What does this MR do and why?

References

How to set up and validate locally

MR acceptance checklist

Merge request reports