diff --git a/cypress/component/fineAccountEnquiry/accountEnquiry/AccountEnquiryAddNotes.cy.ts b/cypress/component/fineAccountEnquiry/accountEnquiry/AccountEnquiryAddNotes.cy.ts index 3a399984e0..7b57e7bae4 100644 --- a/cypress/component/fineAccountEnquiry/accountEnquiry/AccountEnquiryAddNotes.cy.ts +++ b/cypress/component/fineAccountEnquiry/accountEnquiry/AccountEnquiryAddNotes.cy.ts @@ -160,7 +160,7 @@ describe('FinesAccNoteAddFormComponent', () => { 'activity_note.record_id', mockFinesAccountStore.account_id, ); - expect(interception.request.body).to.have.nested.property('activity_note.record_type', 'DEFENDANT_ACCOUNTS'); + expect(interception.request.body).to.have.nested.property('activity_note.record_type', 'defendant_accounts'); }); }, ); diff --git a/cypress/e2e/functional/opal/actions/consolidation/consolidation.actions.ts b/cypress/e2e/functional/opal/actions/consolidation/consolidation.actions.ts index 4d72407939..c2e201aef5 100644 --- a/cypress/e2e/functional/opal/actions/consolidation/consolidation.actions.ts +++ b/cypress/e2e/functional/opal/actions/consolidation/consolidation.actions.ts @@ -143,8 +143,9 @@ export class ConsolidationActions { /** * Selects a business unit when the selector is present. * If a single business unit is auto-selected, verifies the informational message instead. + * @param businessUnit - Optional business unit name to select from the autocomplete. If not provided, the first option will be selected. */ - public selectBusinessUnitIfRequired(): void { + public selectBusinessUnitIfRequired(businessUnit?: string): void { // Wait for the select business unit form and its business unit branch to finish rendering // before deciding whether we are in the single-BU or autocomplete path. cy.get(SelectBusinessUnitLocators.heading, { timeout: 10_000 }).should('contain.text', 'Consolidate accounts'); @@ -168,7 +169,20 @@ export class ConsolidationActions { }); return; } - + if (businessUnit) { + log('select', `Selecting business unit "${businessUnit}" from autocomplete`); + cy.get(SelectBusinessUnitLocators.businessUnitInput, { timeout: 10_000 }).should('be.visible').click(); + cy.get(SelectBusinessUnitLocators.businessUnitAutoComplete, { timeout: 10_000 }) + .should('be.visible') + .contains('li', businessUnit) + .should('be.visible') + .then(($item) => { + const businessUnitName = $item.text().trim(); + this.setSelectedBusinessUnitAlias(businessUnitName); + cy.wrap($item).click(); + }); + return; + } log('select', 'Selecting first available business unit from autocomplete'); cy.get(SelectBusinessUnitLocators.businessUnitInput, { timeout: 10_000 }).should('be.visible').click(); cy.get(SelectBusinessUnitLocators.businessUnitAutoComplete, { timeout: 10_000 }) diff --git a/cypress/e2e/functional/opal/actions/search/search.filter-by-bu-fines.actions.ts b/cypress/e2e/functional/opal/actions/search/search.filter-by-bu-fines.actions.ts index 9b0abcf24d..2edb505823 100644 --- a/cypress/e2e/functional/opal/actions/search/search.filter-by-bu-fines.actions.ts +++ b/cypress/e2e/functional/opal/actions/search/search.filter-by-bu-fines.actions.ts @@ -178,6 +178,7 @@ export class SearchFilterByBUFinesActions { const name = rawName.trim(); cy.contains('td.govuk-table__cell label.govuk-checkboxes__label', name) + .scrollIntoView() .should('be.visible') .invoke('attr', 'for') .then((id) => { diff --git a/cypress/e2e/functional/opal/features/consolidation/FineAccountConsolidation.feature b/cypress/e2e/functional/opal/features/consolidation/FineAccountConsolidation.feature index c6b09ff2ef..1365d045f9 100644 --- a/cypress/e2e/functional/opal/features/consolidation/FineAccountConsolidation.feature +++ b/cypress/e2e/functional/opal/features/consolidation/FineAccountConsolidation.feature @@ -90,7 +90,7 @@ Feature: Fines Account Consolidation | account.payment_card_request | false | | account.defendant.dob | 2002-05-15 | When I open Consolidate accounts - When I continue to the consolidation account search as an "Individual" defendant + When I continue to the consolidation account search as an "Individual" defendant selecting business unit "Camberwell Green" Then I am on the consolidation Search tab for Individuals And I enter the following consolidation search details: | last name | ResultLink{uniq} | @@ -133,7 +133,7 @@ Feature: Fines Account Consolidation | account.payment_card_request | false | | account.defendant.dob | 2002-05-15 | When I open Consolidate accounts - And I continue to the consolidation account search as an "Individual" defendant + And I continue to the consolidation account search as an "Individual" defendant selecting business unit "Camberwell Green" Then I am on the consolidation Search tab for Individuals And I enter the following consolidation search details: | last name | ConsolidationZero | @@ -208,7 +208,7 @@ Feature: Fines Account Consolidation | account.prosecutor_case_reference | CONS-RESULT-COMP-{uniq} | | account.account_type | Fine | When I open Consolidate accounts - When I continue to the consolidation account search as an "Company" defendant + When I continue to the consolidation account search as an "Company" defendant selecting business unit "Camberwell Green" Then I am on the consolidation Search tab for Companies And I enter the following consolidation search details: | company name | Consolidation Result Co {uniq} | @@ -247,7 +247,7 @@ Feature: Fines Account Consolidation | account.collection_order_made_today | false | | account.payment_card_request | false | When I open Consolidate accounts - And I continue to the consolidation account search as an "Company" defendant + And I continue to the consolidation account search as an "Company" defendant selecting business unit "Camberwell Green" Then I am on the consolidation Search tab for Companies And I enter the following consolidation search details: | company name | Consolidation Zero Balance Co {uniq} | diff --git a/cypress/e2e/functional/opal/features/consolidation/FinesAccountConsolidationAccessibility.feature b/cypress/e2e/functional/opal/features/consolidation/FinesAccountConsolidationAccessibility.feature index e4beab898d..0b20859882 100644 --- a/cypress/e2e/functional/opal/features/consolidation/FinesAccountConsolidationAccessibility.feature +++ b/cypress/e2e/functional/opal/features/consolidation/FinesAccountConsolidationAccessibility.feature @@ -22,7 +22,7 @@ Feature: Accessibility Tests for Fines Consolidation | account.defendant.dob | 2002-05-15 | When I open Consolidate accounts Then I check the page for accessibility - And I continue to the consolidation account search as an "Individual" defendant + And I continue to the consolidation account search as an "Individual" defendant selecting business unit "Camberwell Green" Then I am on the consolidation Search tab for Individuals And I check the page for accessibility And I enter the following consolidation search details: @@ -63,7 +63,7 @@ Feature: Accessibility Tests for Fines Consolidation | account.payment_card_request | false | When I open Consolidate accounts Then I check the page for accessibility - And I continue to the consolidation account search as an "Company" defendant + And I continue to the consolidation account search as an "Company" defendant selecting business unit "Camberwell Green" Then I am on the consolidation Search tab for Companies And I check the page for accessibility And I enter the following consolidation search details: diff --git a/cypress/e2e/functional/opal/features/manualAccountCreation/checkAndValidate/checkAndValidate.feature b/cypress/e2e/functional/opal/features/manualAccountCreation/checkAndValidate/checkAndValidate.feature index 3692474536..6fa4a1c638 100644 --- a/cypress/e2e/functional/opal/features/manualAccountCreation/checkAndValidate/checkAndValidate.feature +++ b/cypress/e2e/functional/opal/features/manualAccountCreation/checkAndValidate/checkAndValidate.feature @@ -35,7 +35,7 @@ Feature: Navigate and edit sections from task list And I complete manual account creation with the following fields and defaults for account header "TEST Rejected-PO-640-company-{uniq}": | Section | Field | Value | - | Court details | Sending area or Local Justice Area (LJA) | Avon | + | Court details | Sending area or Local Justice Area (LJA) | Avon & Somerset | | Court details | Prosecutor Case Reference (PCR) | abcd1234a | | Court details | Enforcement court | ATCM Test (828) | | Company details | Company name | TEST COMPANY LTD {uniq} | @@ -107,7 +107,7 @@ Feature: Navigate and edit sections from task list When I complete manual account creation with the following fields and defaults for account header "Mr Rejected-PO-640-AdultOrYouthOnly TEST{uniq}": | Section | Field | Value | - | Court details | Sending area or Local Justice Area (LJA) | Avon | + | Court details | Sending area or Local Justice Area (LJA) | Avon & Somerset | | Court details | Prosecutor Case Reference (PCR) | abcd1234a | | Court details | Enforcement court | ATCM Test (828) | | Personal details | Title | Mr | @@ -208,7 +208,7 @@ Feature: Navigate and edit sections from task list When I complete manual account creation with the following fields and defaults for account header "Miss Rejected-PO-640-pgToPay TEST{uniq}": | Section | Field | Value | - | Court details | Sending area or Local Justice Area (LJA) | Avon | + | Court details | Sending area or Local Justice Area (LJA) | Avon & Somerset | | Court details | Prosecutor Case Reference (PCR) | abcd1234a | | Court details | Enforcement court | Court 777 Camberwell CH09 (777) | | Personal details | Title | Miss | diff --git a/cypress/e2e/functional/opal/features/manualAccountCreation/populateAndSubmit/PopulateAndSubmit.feature b/cypress/e2e/functional/opal/features/manualAccountCreation/populateAndSubmit/PopulateAndSubmit.feature index 64aed9a576..107dca6510 100644 --- a/cypress/e2e/functional/opal/features/manualAccountCreation/populateAndSubmit/PopulateAndSubmit.feature +++ b/cypress/e2e/functional/opal/features/manualAccountCreation/populateAndSubmit/PopulateAndSubmit.feature @@ -119,11 +119,11 @@ Feature: Manual account creation - Create Draft Account When I start a fine manual account for business unit "West London" with defendant type "Company" and originator type "New" And I view the "Court details" task And I complete manual court details: - | Sending area or Local Justice Area (LJA) | Avon | + | Sending area or Local Justice Area (LJA) | Avon & Somerset | | Prosecutor Case Reference (PCR) | abcd1234a | | Enforcement court | Aram Court (100) | Then the manual court details fields are: - | Sending area or Local Justice Area (LJA) | Avon | + | Sending area or Local Justice Area (LJA) | Avon & Somerset | | Prosecutor Case Reference (PCR) | ABCD1234A | | Enforcement court | Aram Court (100) | And returning to account details the "Court details" task the status is "Provided" @@ -505,7 +505,7 @@ Feature: Manual account creation - Create Draft Account And I see the following text on the page "Search using the code or name of the sending police force that sent the caution" When I complete manual court details: - | Sending police force | Avon | + | Sending police force | Avon & Somerset | | Prosecutor Case Reference (PCR) | 1234 | | Enforcement court | West London VPFPO | And I return to account details @@ -545,7 +545,7 @@ Feature: Manual account creation - Create Draft Account When I create a "" manual "Fine" account for business unit "West London" with defendant type "Company" And I complete manual account creation with the following fields and defaults: | Section | Field | Value | Imposition | - | Court | Sending area or Local Justice Area (LJA) | Avon | | + | Court | Sending area or Local Justice Area (LJA) | Avon & Somerset | | | Court | Prosecutor Case Reference | 1234 | | | Court | Enforcement court | West London VPFPO | | | Offence | Offence code | HY35014 | 1 | diff --git a/cypress/e2e/functional/opal/features/manualAccountCreation/populateAndSubmit/pages/CourtDetails.feature b/cypress/e2e/functional/opal/features/manualAccountCreation/populateAndSubmit/pages/CourtDetails.feature index 97a2f07ba9..826af7d5e5 100644 --- a/cypress/e2e/functional/opal/features/manualAccountCreation/populateAndSubmit/pages/CourtDetails.feature +++ b/cypress/e2e/functional/opal/features/manualAccountCreation/populateAndSubmit/pages/CourtDetails.feature @@ -13,7 +13,7 @@ Feature: Manual account creation - Court Details @JIRA-KEY:POT-3184 Scenario: (AC.8, AC.9) Entered data persists in the session [@PO-272, @PO-344, @PO-345, @PO-389, @PO-527, @PO-529] When I complete manual court details: - | Sending area or Local Justice Area (LJA) | Avon | + | Sending area or Local Justice Area (LJA) | Avon & Somerset | | Prosecutor Case Reference (PCR) | 1234 | | Enforcement court | West London VPFPO (101) | And I return to account details @@ -34,7 +34,7 @@ Feature: Manual account creation - Court Details @JIRA-KEY:POT-3185 Scenario: (AC.10) Unsaved court details are cleared when user confirms cancel [@PO-272, @PO-344, @PO-345, @PO-389, @PO-527, @PO-529] When I complete manual court details: - | Sending area or Local Justice Area (LJA) | Avon | + | Sending area or Local Justice Area (LJA) | Avon & Somerset | | Prosecutor Case Reference (PCR) | 1234 | | Enforcement court | West London VPFPO | And I cancel manual court details choosing "Ok" and return to account details @@ -48,7 +48,7 @@ Feature: Manual account creation - Court Details @JIRA-KEY:POT-3186 Scenario: (AC.11) Confirming cancel restores last saved court details [@PO-272, @PO-344, @PO-345, @PO-389, @PO-527, @PO-529] When I complete manual court details: - | Sending area or Local Justice Area (LJA) | Avon | + | Sending area or Local Justice Area (LJA) | Avon & Somerset | | Prosecutor Case Reference (PCR) | 1234 | | Enforcement court | West London VPFPO | And I return to account details @@ -87,7 +87,7 @@ Feature: Manual account creation - Court Details @JIRA-KEY:POT-3190 Scenario: (AC.6) Grey navigation links routes correctly [@PO-272, @PO-389] When I complete manual court details: - | Sending area or Local Justice Area (LJA) | Avon | + | Sending area or Local Justice Area (LJA) | Avon & Somerset | | Prosecutor Case Reference (PCR) | 1234 | | Enforcement court | West London VPFPO | And I continue to personal details from court details diff --git a/cypress/e2e/functional/opal/flows/account-search.filter-by-bu.flow.ts b/cypress/e2e/functional/opal/flows/account-search.filter-by-bu.flow.ts index f8daf07316..2acab99515 100644 --- a/cypress/e2e/functional/opal/flows/account-search.filter-by-bu.flow.ts +++ b/cypress/e2e/functional/opal/flows/account-search.filter-by-bu.flow.ts @@ -279,8 +279,10 @@ export class SearchFilterByBUFlow { .trim(); log('debug', `Normalised filter summary text: "${normalised}"`); - - expect(normalised).to.equal(expectedSummary); + normalised.split(',').forEach((part) => { + log('debug', `Summary part: "${part.trim()}"`); + expect(expectedSummary).to.include(part.trim()); + }); }); } diff --git a/cypress/e2e/functional/opal/flows/consolidation.flow.ts b/cypress/e2e/functional/opal/flows/consolidation.flow.ts index 6411bec796..39836ba3f1 100644 --- a/cypress/e2e/functional/opal/flows/consolidation.flow.ts +++ b/cypress/e2e/functional/opal/flows/consolidation.flow.ts @@ -25,10 +25,11 @@ export class ConsolidationFlow { /** * Completes select-business-unit inputs and continues to account search. * @param defendantType - "Individual" or "Company" + * @param businessUnit - Optional business unit name to select from the autocomplete. If not provided, the first option will be selected. */ - public continueToConsolidationAccountSearch(defendantType: ConsolidationDefendantType): void { + public continueToConsolidationAccountSearch(defendantType: ConsolidationDefendantType, businessUnit?: string): void { log('flow', 'Continuing from select business unit to consolidation account search', { defendantType }); - this.consolidation.selectBusinessUnitIfRequired(); + this.consolidation.selectBusinessUnitIfRequired(businessUnit); this.consolidation.selectDefendantType(defendantType); this.consolidation.continueFromSelectBusinessUnit(); this.consolidation.waitForAccountSearchScreen(defendantType); diff --git a/cypress/support/step_definitions/consolidation/consolidation.steps.ts b/cypress/support/step_definitions/consolidation/consolidation.steps.ts index 4b3cca9b27..0269c6487f 100644 --- a/cypress/support/step_definitions/consolidation/consolidation.steps.ts +++ b/cypress/support/step_definitions/consolidation/consolidation.steps.ts @@ -19,6 +19,14 @@ When( }, ); +When( + 'I continue to the consolidation account search as an {string} defendant selecting business unit {string}', + (defendantType: ConsolidationDefendantType, businessUnit: string) => { + log('step', 'Continuing to consolidation account search with business unit', { defendantType, businessUnit }); + consolidationFlow().continueToConsolidationAccountSearch(defendantType, businessUnit); + }, +); + When('I click Search on consolidation account search', () => { log('step', 'Clicking Search on consolidation account search'); consolidationFlow().clickConsolidationSearch(); diff --git a/src/app/flows/fines/fines-acc/services/fines-acc-payload.service.spec.ts b/src/app/flows/fines/fines-acc/services/fines-acc-payload.service.spec.ts index 74a28b2b30..9e45debaf7 100644 --- a/src/app/flows/fines/fines-acc/services/fines-acc-payload.service.spec.ts +++ b/src/app/flows/fines/fines-acc/services/fines-acc-payload.service.spec.ts @@ -86,7 +86,7 @@ describe('FinesAccPayloadService', () => { expect(result).toEqual({ activity_note: { - record_type: 'DEFENDANT_ACCOUNTS', + record_type: 'defendant_accounts', record_id: 77, note_type: 'AA', note_text: 'Test note content', diff --git a/src/app/flows/fines/fines-acc/services/fines-acc-payload.service.ts b/src/app/flows/fines/fines-acc/services/fines-acc-payload.service.ts index 06959f87ef..3d06e37931 100644 --- a/src/app/flows/fines/fines-acc/services/fines-acc-payload.service.ts +++ b/src/app/flows/fines/fines-acc/services/fines-acc-payload.service.ts @@ -50,7 +50,7 @@ export class FinesAccPayloadService { public buildAddNotePayload(form: IFinesAccAddNoteForm): IOpalFinesAddNotePayload { return { activity_note: { - record_type: 'DEFENDANT_ACCOUNTS', + record_type: 'defendant_accounts', record_id: this.finesAccStore.account_id()!, note_text: form.formData.facc_add_notes!, note_type: 'AA', diff --git a/src/app/flows/fines/services/opal-fines-service/mocks/opal-fines-add-note-payload.mock.ts b/src/app/flows/fines/services/opal-fines-service/mocks/opal-fines-add-note-payload.mock.ts index 6daf99e4a0..b8a067c40a 100644 --- a/src/app/flows/fines/services/opal-fines-service/mocks/opal-fines-add-note-payload.mock.ts +++ b/src/app/flows/fines/services/opal-fines-service/mocks/opal-fines-add-note-payload.mock.ts @@ -5,7 +5,7 @@ import { IOpalFinesAddNotePayload } from '../interfaces/opal-fines-add-note.inte */ export const OPAL_FINES_ADD_NOTE_PAYLOAD_MOCK: IOpalFinesAddNotePayload = { activity_note: { - record_type: 'defendant_account', + record_type: 'defendant_accounts', record_id: 12345, note_type: 'General', note_text: 'This is a test note for the defendant account.', diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues index 485768801c..e69de29bb2 100644 --- a/yarn-audit-known-issues +++ b/yarn-audit-known-issues @@ -1,26 +0,0 @@ -{"value":"@angular/ssr","children":{"ID":1113509,"Issue":"Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline","URL":"https://github.com/advisories/GHSA-x288-3778-4hhx","Severity":"critical","Vulnerable Versions":">=21.0.0-next.0 <21.1.5","Tree Versions":["21.1.4"],"Dependents":["opal-frontend@workspace:."]}} -{"value":"@angular/ssr","children":{"ID":1113513,"Issue":"Angular SSR has an Open Redirect via X-Forwarded-Prefix","URL":"https://github.com/advisories/GHSA-xh43-g2fq-wjrj","Severity":"moderate","Vulnerable Versions":">=21.0.0-next.0 <21.1.5","Tree Versions":["21.1.4"],"Dependents":["opal-frontend@workspace:."]}} -{"value":"@angular/ssr","children":{"ID":1115534,"Issue":"Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR","URL":"https://github.com/advisories/GHSA-vfx2-hv2g-xj5f","Severity":"moderate","Vulnerable Versions":">=21.0.0-next.0 <21.2.3","Tree Versions":["21.1.4"],"Dependents":["opal-frontend@workspace:."]}} -{"value":"ajv","children":{"ID":1113715,"Issue":"ajv has ReDoS when using `$data` option","URL":"https://github.com/advisories/GHSA-2g4f-4pwh-qvx6","Severity":"moderate","Vulnerable Versions":">=7.0.0-alpha.0 <8.18.0","Tree Versions":["8.17.1"],"Dependents":["schema-utils@npm:4.3.3"]}} -{"value":"minimatch","children":{"ID":1113459,"Issue":"minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern","URL":"https://github.com/advisories/GHSA-3ppc-4f35-3m26","Severity":"high","Vulnerable Versions":"<3.1.3","Tree Versions":["3.1.2"],"Dependents":["find-cypress-specs@npm:1.47.2"]}} -{"value":"minimatch","children":{"ID":1113465,"Issue":"minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern","URL":"https://github.com/advisories/GHSA-3ppc-4f35-3m26","Severity":"high","Vulnerable Versions":">=9.0.0 <9.0.6","Tree Versions":["9.0.5"],"Dependents":["mocha@npm:11.7.5"]}} -{"value":"minimatch","children":{"ID":1113538,"Issue":"minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments","URL":"https://github.com/advisories/GHSA-7r86-cg39-jmmj","Severity":"high","Vulnerable Versions":"<3.1.3","Tree Versions":["3.1.2"],"Dependents":["find-cypress-specs@npm:1.47.2"]}} -{"value":"minimatch","children":{"ID":1113544,"Issue":"minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments","URL":"https://github.com/advisories/GHSA-7r86-cg39-jmmj","Severity":"high","Vulnerable Versions":">=9.0.0 <9.0.7","Tree Versions":["9.0.5"],"Dependents":["mocha@npm:11.7.5"]}} -{"value":"minimatch","children":{"ID":1113545,"Issue":"minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments","URL":"https://github.com/advisories/GHSA-7r86-cg39-jmmj","Severity":"high","Vulnerable Versions":">=10.0.0 <10.2.3","Tree Versions":["10.2.2"],"Dependents":["glob@npm:13.0.6"]}} -{"value":"minimatch","children":{"ID":1113546,"Issue":"minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions","URL":"https://github.com/advisories/GHSA-23c5-xmqv-rm74","Severity":"high","Vulnerable Versions":"<3.1.4","Tree Versions":["3.1.2"],"Dependents":["find-cypress-specs@npm:1.47.2"]}} -{"value":"minimatch","children":{"ID":1113552,"Issue":"minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions","URL":"https://github.com/advisories/GHSA-23c5-xmqv-rm74","Severity":"high","Vulnerable Versions":">=9.0.0 <9.0.7","Tree Versions":["9.0.5"],"Dependents":["mocha@npm:11.7.5"]}} -{"value":"minimatch","children":{"ID":1113553,"Issue":"minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions","URL":"https://github.com/advisories/GHSA-23c5-xmqv-rm74","Severity":"high","Vulnerable Versions":">=10.0.0 <10.2.3","Tree Versions":["10.2.2"],"Dependents":["glob@npm:13.0.6"]}} -{"value":"path-to-regexp","children":{"ID":1115573,"Issue":"path-to-regexp vulnerable to Denial of Service via sequential optional groups","URL":"https://github.com/advisories/GHSA-j3q9-mxjg-w52f","Severity":"high","Vulnerable Versions":">=8.0.0 <8.4.0","Tree Versions":["8.3.0"],"Dependents":["router@npm:2.2.0"]}} -{"value":"path-to-regexp","children":{"ID":1115582,"Issue":"path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards","URL":"https://github.com/advisories/GHSA-27v5-c462-wpq7","Severity":"moderate","Vulnerable Versions":">=8.0.0 <8.4.0","Tree Versions":["8.3.0"],"Dependents":["router@npm:2.2.0"]}} -{"value":"picomatch","children":{"ID":1115549,"Issue":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","URL":"https://github.com/advisories/GHSA-3v7f-55p6-f55p","Severity":"moderate","Vulnerable Versions":"<2.3.2","Tree Versions":["2.3.1"],"Dependents":["micromatch@npm:4.0.8"]}} -{"value":"picomatch","children":{"ID":1115551,"Issue":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","URL":"https://github.com/advisories/GHSA-3v7f-55p6-f55p","Severity":"moderate","Vulnerable Versions":">=4.0.0 <4.0.4","Tree Versions":["4.0.2"],"Dependents":["tinyglobby@npm:0.2.10"]}} -{"value":"picomatch","children":{"ID":1115552,"Issue":"Picomatch has a ReDoS vulnerability via extglob quantifiers","URL":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","Severity":"high","Vulnerable Versions":"<2.3.2","Tree Versions":["2.3.1"],"Dependents":["micromatch@npm:4.0.8"]}} -{"value":"picomatch","children":{"ID":1115554,"Issue":"Picomatch has a ReDoS vulnerability via extglob quantifiers","URL":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","Severity":"high","Vulnerable Versions":">=4.0.0 <4.0.4","Tree Versions":["4.0.2"],"Dependents":["tinyglobby@npm:0.2.10"]}} -{"value":"serialize-javascript","children":{"ID":1113686,"Issue":"Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()","URL":"https://github.com/advisories/GHSA-5c6j-r48x-rmvq","Severity":"high","Vulnerable Versions":"<=7.0.2","Tree Versions":["6.0.2"],"Dependents":["mocha@npm:11.7.5"]}} -{"value":"serialize-javascript","children":{"ID":1115723,"Issue":"Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects","URL":"https://github.com/advisories/GHSA-qj8w-gfj5-8c6v","Severity":"moderate","Vulnerable Versions":"<7.0.5","Tree Versions":["6.0.2"],"Dependents":["mocha@npm:11.7.5"]}} -{"value":"undici","children":{"ID":1114591,"Issue":"Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client","URL":"https://github.com/advisories/GHSA-f269-vfmq-vjvj","Severity":"high","Vulnerable Versions":">=7.0.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}} -{"value":"undici","children":{"ID":1114593,"Issue":"Undici has an HTTP Request/Response Smuggling issue","URL":"https://github.com/advisories/GHSA-2mjp-6q6p-2qxm","Severity":"moderate","Vulnerable Versions":">=7.0.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}} -{"value":"undici","children":{"ID":1114637,"Issue":"Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression","URL":"https://github.com/advisories/GHSA-vrm6-8vpv-qv8q","Severity":"high","Vulnerable Versions":">=7.0.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}} -{"value":"undici","children":{"ID":1114639,"Issue":"Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation","URL":"https://github.com/advisories/GHSA-v9p9-hfj2-hcw8","Severity":"high","Vulnerable Versions":">=7.0.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}} -{"value":"undici","children":{"ID":1114641,"Issue":"Undici has CRLF Injection in undici via `upgrade` option","URL":"https://github.com/advisories/GHSA-4992-7rv2-5pvq","Severity":"moderate","Vulnerable Versions":">=7.0.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}} -{"value":"undici","children":{"ID":1114643,"Issue":"Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS","URL":"https://github.com/advisories/GHSA-phc3-fgpg-7m6h","Severity":"moderate","Vulnerable Versions":">=7.17.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}}