Skip to content

Bump @sentry/profiling-node from 1.2.6 to 10.38.0 #6619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dependabot wants to merge 1 commit into from

Bump @sentry/profiling-node from 1.2.6 to 10.38.0

9ae39a4
Select commit
Loading
Failed to load commit list.
Closed

Bump @sentry/profiling-node from 1.2.6 to 10.38.0 #6619

Bump @sentry/profiling-node from 1.2.6 to 10.38.0
9ae39a4
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy failed Feb 2, 2026 in 2s

13 new alerts including 8 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 8 high
  • 3 medium
  • 2 low

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 1315 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

fast-xml-parser: fast-xml-parser has RangeError DoS Numeric Entities Bug High

Package: fast-xml-parser
Installed Version: 5.2.5
Vulnerability CVE-2026-25128
Severity: HIGH
Fixed Version: 5.3.4
Link: CVE-2026-25128

Check failure on line 9415 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

glob CLI: Command injection via -c/--cmd executes matches with shell:true High

Package: glob
Installed Version: 10.4.5
Vulnerability CVE-2025-64756
Severity: HIGH
Fixed Version: 11.1.0, 10.5.0
Link: CVE-2025-64756

Check failure on line 14434 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

qs: qs: Denial of Service via improper input validation in array parsing Low

Package: qs
Installed Version: 6.14.0
Vulnerability CVE-2025-15284
Severity: MEDIUM
Fixed Version: 6.14.1
Link: CVE-2025-15284

Check failure on line 14661 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

fast-xml-parser: fast-xml-parser has RangeError DoS Numeric Entities Bug High

Package: fast-xml-parser
Installed Version: 4.4.1
Vulnerability CVE-2026-25128
Severity: HIGH
Fixed Version: 5.3.4
Link: CVE-2026-25128

Check failure on line 22379 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

qs: qs: Denial of Service via improper input validation in array parsing Low

Package: qs
Installed Version: 6.13.0
Vulnerability CVE-2025-15284
Severity: MEDIUM
Fixed Version: 6.14.1
Link: CVE-2025-15284

Check failure on line 25120 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-23745
Severity: HIGH
Fixed Version: 7.5.3
Link: CVE-2026-23745

Check failure on line 25120 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-23950
Severity: HIGH
Fixed Version: 7.5.4
Link: CVE-2026-23950

Check failure on line 25120 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-24842
Severity: HIGH
Fixed Version: 7.5.7
Link: CVE-2026-24842

Check warning on line 1792 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups Medium

Package: @babel/helpers
Installed Version: 7.26.9
Vulnerability CVE-2025-27789
Severity: MEDIUM
Fixed Version: 7.26.10, 8.0.0-alpha.17
Link: CVE-2025-27789

Check warning on line 13626 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

eslint: eslint: Denial of Service via stack overflow when serializing objects with circular references Medium

Package: eslint
Installed Version: 8.57.0
Vulnerability CVE-2025-50537
Severity: MEDIUM
Fixed Version: 9.26.0
Link: CVE-2025-50537

Check warning on line 18506 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

micromatch: vulnerable to Regular Expression Denial of Service Medium

Package: micromatch
Installed Version: 4.0.5
Vulnerability CVE-2024-4067
Severity: MEDIUM
Fixed Version: 4.0.8
Link: CVE-2024-4067

Check notice on line 12951 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

jsdiff: denial of service vulnerability in parsePatch and applyPatch Low

Package: diff
Installed Version: 5.2.0
Vulnerability CVE-2026-24001
Severity: LOW
Fixed Version: 8.0.3, 5.2.2, 4.0.4, 3.5.1
Link: CVE-2026-24001

Check notice on line 24294 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

jsdiff: denial of service vulnerability in parsePatch and applyPatch Low

Package: diff
Installed Version: 8.0.2
Vulnerability CVE-2026-24001
Severity: LOW
Fixed Version: 8.0.3, 5.2.2, 4.0.4, 3.5.1
Link: CVE-2026-24001