Merge branch 'fixignore-path-to-regexp-and-node-gettext-vulnerabilities-des-1243'

2 files changed, 12 insertions, 6 deletions

diff --git a/gui/osv-scanner.toml b/gui/osv-scanner.toml
index 8b65956cc3..cfe5d5b78d 100644
--- a/gui/osv-scanner.toml
+++ b/gui/osv-scanner.toml
@@ -23,3 +23,9 @@ reason = "This package is only used to match paths from either us or trusted lib
 id = "CVE-2024-4067" # GHSA-952p-6rrq-rcjv
 ignoreUntil = 2024-11-23
 reason = "This is just a dev dependency, and we don't have untrusted input to micromatch there"
+
+# node-gettext: Prototype Pullution via the addTranslations function
+[[IgnoredVulns]]
+id = "CVE-2024-4067" # GHSA-g974-hxvm-x689
+ignoreUntil = 2024-10-17
+reason = "There is no fix yet, in the meantime we'll have to verify translations thoroughly"
diff --git a/gui/package-lock.json b/gui/package-lock.json
index 5b0a76c2a8..d3fa7f4208 100644
--- a/gui/package-lock.json
+++ b/gui/package-lock.json
@@ -10031,9 +10031,9 @@
       }
     },
     "node_modules/path-to-regexp": {
-      "version": "1.7.0",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.7.0.tgz",
-      "integrity": "sha1-Wf3g9DW62suhA6hOnTvGTpa5k30=",
+      "version": "1.9.0",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.9.0.tgz",
+      "integrity": "sha512-xIp7/apCFJuUHdDLWe8O1HIkb0kQrOMb/0u6FXQjemHn/ii5LrIzU6bdECnsiTF/GjZkMEKg1xdiZwNqDYlZ6g==",
       "dependencies": {
         "isarray": "0.0.1"
       }
@@ -21639,9 +21639,9 @@
       }
     },
     "path-to-regexp": {
-      "version": "1.7.0",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.7.0.tgz",
-      "integrity": "sha1-Wf3g9DW62suhA6hOnTvGTpa5k30=",
+      "version": "1.9.0",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.9.0.tgz",
+      "integrity": "sha512-xIp7/apCFJuUHdDLWe8O1HIkb0kQrOMb/0u6FXQjemHn/ii5LrIzU6bdECnsiTF/GjZkMEKg1xdiZwNqDYlZ6g==",
       "requires": {
         "isarray": "0.0.1"
       }