Skip to content

Bump @sentry/profiling-node from 1.2.6 to 10.53.1 #7243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dependabot wants to merge 1 commit into from

Bump @sentry/profiling-node from 1.2.6 to 10.53.1

ff5d16f
Select commit
Loading
Failed to load commit list.
Closed

Bump @sentry/profiling-node from 1.2.6 to 10.53.1 #7243

Bump @sentry/profiling-node from 1.2.6 to 10.53.1
ff5d16f
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy failed May 18, 2026 in 3s

9 new alerts including 5 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 5 high
  • 3 medium
  • 1 low

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 9930 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

glob: glob: Command Injection Vulnerability via Malicious Filenames High

Package: glob
Installed Version: 10.4.5
Vulnerability CVE-2025-64756
Severity: HIGH
Fixed Version: 11.1.0, 10.5.0
Link: CVE-2025-64756

Check failure on line 13874 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

minimatch: minimatch: Denial of Service via specially crafted glob patterns High

Package: minimatch
Installed Version: 9.0.1
Vulnerability CVE-2026-26996
Severity: HIGH
Fixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Link: CVE-2026-26996

Check failure on line 13874 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 9.0.1
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 13874 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 9.0.1
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Check failure on line 24164 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() High

Package: serialize-javascript
Installed Version: 6.0.2
Vulnerability GHSA-5c6j-r48x-rmvq
Severity: HIGH
Fixed Version: 7.0.3
Link: GHSA-5c6j-r48x-rmvq

Check warning on line 1292 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups Medium

Package: @babel/helpers
Installed Version: 7.26.9
Vulnerability CVE-2025-27789
Severity: MEDIUM
Fixed Version: 7.26.10, 8.0.0-alpha.17
Link: CVE-2025-27789

Check warning on line 19124 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

micromatch: vulnerable to Regular Expression Denial of Service Medium

Package: micromatch
Installed Version: 4.0.5
Vulnerability CVE-2024-4067
Severity: MEDIUM
Fixed Version: 4.0.8
Link: CVE-2024-4067

Check warning on line 24164 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization Medium

Package: serialize-javascript
Installed Version: 6.0.2
Vulnerability CVE-2026-34043
Severity: MEDIUM
Fixed Version: 7.0.5
Link: CVE-2026-34043

Check notice on line 19520 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

jsdiff: denial of service vulnerability in parsePatch and applyPatch Low

Package: diff
Installed Version: 7.0.0
Vulnerability CVE-2026-24001
Severity: LOW
Fixed Version: 8.0.3, 5.2.2, 4.0.4, 3.5.1
Link: CVE-2026-24001