Resolve glob and js-yaml security vulnerabilities (#11271) (#11314)

* remove unused packages * patch vulnerable versions of glob and js-yaml SECVULN-33202 Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2026-02-18 18:38:08 -05:00 · 2025-12-12 12:08:46 -05:00 · 2025-12-12 12:08:46 -05:00 · 7bf7bf39fe
commit 7bf7bf39fe
parent fdacc28522
2 changed files with 9 additions and 21 deletions
--- a/ui/package.json
+++ b/ui/package.json
@ -171,17 +171,14 @@
    "body-parser": "1.20.3",
    "braces": "3.0.3",
    "eslint-utils": "1.4.3",
-    "highlight.js": "10.7.3",
    "https-proxy-agent": "2.2.4",
    "ini": "1.3.8",
    "kind-of": "6.0.3",
    "micromatch": "4.0.8",
-    "nth-check": "2.0.1",
    "prismjs": "1.30.0",
    "rollup": "2.79.2",
    "serialize-javascript": "3.1.0",
    "underscore": "1.13.7",
-    "xmlhttprequest-ssl": "1.6.3",
    "@embroider/macros": "1.15.0",
    "@babel/runtime": "7.27.0",
    "@messageformat/runtime": "3.0.2",
@ -221,7 +218,6 @@
    "@hashicorp/vault-client-typescript": "hashicorp/vault-client-typescript",
    "ember-auto-import": "2.10.0",
    "handlebars": "4.7.8",
-    "highlight.js": "10.7.3",
    "posthog-js": "1.236.1",
    "uuid": "9.0.1"
  },
--- a/ui/yarn.lock
+++ b/ui/yarn.lock
@ -11144,8 +11144,8 @@ __metadata:
  linkType: hard

 "glob@npm:^10.2.2, glob@npm:^10.3.7":
-  version: 10.4.5
-  resolution: "glob@npm:10.4.5"
+  version: 10.5.0
+  resolution: "glob@npm:10.5.0"
  dependencies:
    foreground-child: ^3.1.0
    jackspeak: ^3.1.2
@ -11155,7 +11155,7 @@ __metadata:
    path-scurry: ^1.11.1
  bin:
    glob: dist/esm/bin.mjs
-  checksum: 0bc725de5e4862f9f387fd0f2b274baf16850dcd2714502ccf471ee401803997983e2c05590cb65f9675a3c6f2a58e7a53f9e365704108c6ad3cbf1d60934c4a
+  checksum: cda96c074878abca9657bd984d2396945cf0d64283f6feeb40d738fe2da642be0010ad5210a1646244a5fc3511b0cab5a374569b3de5a12b8a63d392f18c6043
  languageName: node
  linkType: hard

@ -11587,13 +11587,6 @@ __metadata:
  languageName: node
  linkType: hard

-"highlight.js@npm:10.7.3":
-  version: 10.7.3
-  resolution: "highlight.js@npm:10.7.3"
-  checksum: defeafcd546b535d710d8efb8e650af9e3b369ef53e28c3dc7893eacfe263200bba4c5fcf43524ae66d5c0c296b1af0870523ceae3e3104d24b7abf6374a4fea
-  languageName: node
-  linkType: hard
-
 "homedir-polyfill@npm:^1.0.1":
  version: 1.0.3
  resolution: "homedir-polyfill@npm:1.0.3"
@ -12619,25 +12612,25 @@ __metadata:
  linkType: hard

 "js-yaml@npm:^3.2.5, js-yaml@npm:^3.2.7":
-  version: 3.14.1
-  resolution: "js-yaml@npm:3.14.1"
+  version: 3.14.2
+  resolution: "js-yaml@npm:3.14.2"
  dependencies:
    argparse: ^1.0.7
    esprima: ^4.0.0
  bin:
    js-yaml: bin/js-yaml.js
-  checksum: bef146085f472d44dee30ec34e5cf36bf89164f5d585435a3d3da89e52622dff0b188a580e4ad091c3341889e14cb88cac6e4deb16dc5b1e9623bb0601fc255c
+  checksum: 626fc207734a3452d6ba84e1c8c226240e6d431426ed94d0ab043c50926d97c509629c08b1d636f5d27815833b7cfd225865631da9fb33cb957374490bf3e90b
  languageName: node
  linkType: hard

 "js-yaml@npm:^4.0.0, js-yaml@npm:^4.1.0":
-  version: 4.1.0
-  resolution: "js-yaml@npm:4.1.0"
+  version: 4.1.1
+  resolution: "js-yaml@npm:4.1.1"
  dependencies:
    argparse: ^2.0.1
  bin:
    js-yaml: bin/js-yaml.js
-  checksum: c7830dfd456c3ef2c6e355cc5a92e6700ceafa1d14bba54497b34a99f0376cecbb3e9ac14d3e5849b426d5a5140709a66237a8c991c675431271c4ce5504151a
+  checksum: ea2339c6930fe048ec31b007b3c90be2714ab3e7defcc2c27ebf30c74fd940358f29070b4345af0019ef151875bf3bc3f8644bea1bab0372652b5044813ac02d
  languageName: node
  linkType: hard

@ -18726,7 +18719,6 @@ __metadata:
    eslint-plugin-qunit: ~8.1.2
    filesize: ~4.2.1
    handlebars: 4.7.8
-    highlight.js: 10.7.3
    jsdoc-babel: ~0.5.0
    jsdoc-to-markdown: ~8.0.3
    jsondiffpatch: 0.7.3