Bump @sentry/profiling-node from 1.2.6 to 10.39.0 #6719

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

dependabot wants to merge 1 commit into main from dependabot/npm_and_yarn/sentry/profiling-node-10.39.0

Closed

Bump @sentry/profiling-node from 1.2.6 to 10.39.0 #6719

Bump @sentry/profiling-node from 1.2.6 to 10.39.0

GitHub Advanced Security / Trivy failed Apr 10, 2026 in 2h 48m 52s

42 new alerts including 1 critical severity security vulnerability

New alerts in code changed by this pull request

Security Alerts:

1 critical
29 high
4 medium
8 low

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 13261 in package-lock.json

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 9.0.1
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Check failure on line 15587 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service via specially crafted glob patterns High

Package: minimatch
Installed Version: 5.1.6
Vulnerability CVE-2026-26996
Severity: HIGH
Fixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Link: CVE-2026-26996

Check failure on line 15587 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 5.1.6
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 15587 in package-lock.json

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 5.1.6
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Check failure on line 15710 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service via specially crafted glob patterns High

Package: minimatch
Installed Version: 3.0.8
Vulnerability CVE-2026-26996
Severity: HIGH
Fixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Link: CVE-2026-26996

Check failure on line 15710 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 3.0.8
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 15710 in package-lock.json

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 3.0.8
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Check failure on line 18669 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service via specially crafted glob patterns High

Package: minimatch
Installed Version: 3.1.2
Vulnerability CVE-2026-26996
Severity: HIGH
Fixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Link: CVE-2026-26996

Check failure on line 18669 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 3.1.2
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 18669 in package-lock.json

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 3.1.2
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Check failure on line 24158 in package-lock.json

Code scanning / Trivy

Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() High

Package: serialize-javascript
Installed Version: 6.0.2
Vulnerability GHSA-5c6j-r48x-rmvq
Severity: HIGH
Fixed Version: 7.0.3
Link: GHSA-5c6j-r48x-rmvq

Check failure on line 25838 in package-lock.json

Code scanning / Trivy

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-23745
Severity: HIGH
Fixed Version: 7.5.3
Link: CVE-2026-23745

Check failure on line 25838 in package-lock.json

Code scanning / Trivy

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-23950
Severity: HIGH
Fixed Version: 7.5.4
Link: CVE-2026-23950

Check failure on line 25838 in package-lock.json

Code scanning / Trivy

node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-24842
Severity: HIGH
Fixed Version: 7.5.7
Link: CVE-2026-24842

Check failure on line 25838 in package-lock.json

Code scanning / Trivy

node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-26960
Severity: HIGH
Fixed Version: 7.5.8
Link: CVE-2026-26960

Check failure on line 25838 in package-lock.json

Code scanning / Trivy

node-tar: hardlink path traversal via drive-relative linkpath High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-29786
Severity: HIGH
Fixed Version: 7.5.10
Link: CVE-2026-29786

Check failure on line 25838 in package-lock.json

Code scanning / Trivy

tar: tar: File overwrite via drive-relative symlink traversal High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-31802
Severity: HIGH
Fixed Version: 7.5.11
Link: CVE-2026-31802

Check failure on line 4549 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service via specially crafted glob patterns High

Package: minimatch
Installed Version: 10.1.1
Vulnerability CVE-2026-26996
Severity: HIGH
Fixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Link: CVE-2026-26996

Check failure on line 13261 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 9.0.1
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 13261 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service via specially crafted glob patterns High

Package: minimatch
Installed Version: 9.0.1
Vulnerability CVE-2026-26996
Severity: HIGH
Fixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Link: CVE-2026-26996

Check failure on line 4549 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 10.1.1
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 11222 in package-lock.json

Code scanning / Trivy

Axios is a promise based HTTP client for the browser and Node.js. Prio ... Critical

Package: axios
Installed Version: 1.13.5
Vulnerability CVE-2025-62718
Severity: CRITICAL
Fixed Version: 1.15.0
Link: CVE-2025-62718

Check failure on line 9430 in package-lock.json

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 9.0.5
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Check failure on line 9430 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 9.0.5
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 4549 in package-lock.json

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 10.1.1
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump @sentry/profiling-node from 1.2.6 to 10.39.0 #6719

Uh oh!

Uh oh!

Bump @sentry/profiling-node from 1.2.6 to 10.39.0 #6719

Uh oh!

42 new alerts including 1 critical severity security vulnerability

New alerts in code changed by this pull request

Annotations

Re-running checks...