Feeling Lucky
[#47323] - [6.1] NPM update indirect development dependency "immutable" to fix a high severity security vulnerability
- Pending
- Medium
- Build: 6.1-dev
- # 47323
- Diff
- richard67:6.1-dev-npm-audit-fix-2026-03-07
User tests: Successful: Unsuccessful:
Pull Request resolves # .
- I read the Generative AI policy and my contribution is either not created with the help of AI or is compatible with the policy and GNU/GPL 2 or later.
Summary of Changes
This pull request (PR) fixes one high severity security vulnerability in the indirect NPM development dependency "immutable" reported by npm audit by using npm audit fix.
Testing Instructions
It needs a development environment with a git clone, composer and npm.
- If not done before, run
composer installandnpm ci. - Run
npm audit. - Check the result.
Actual result BEFORE applying this Pull Request
# npm audit report
immutable 5.0.0 - 5.1.4
Severity: high
Immutable is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-wf6x-7x77-mvgw
fix available via `npm audit fix`
node_modules/immutable
1 high severity vulnerability
To address all issues, run:
npm audit fix
Expected result AFTER applying this Pull Request
found 0 vulnerabilities
Link to documentations
Please select:
-
Documentation link for guide.joomla.org:
-
No documentation changes for guide.joomla.org needed
-
Pull Request link for manual.joomla.org:
-
No documentation changes for manual.joomla.org needed
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | NPM Change |
| Title |
|
||||||
I have tested this item ✅ successfully on 16bb090
Before PR:
after PR:
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47323.