Fix vulnerability CVE-2026-27903 @ Npm-minimatch-3.0.5 (AST-138879)

[cx-margarita-levitm]

No description provided.

[github-actions]

Checkmarx One – Scan Summary & Details – 65e15027-a745-4213-97e4-37692e024897

---

New Issues (5)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2026-1526	Npm-undici-6.21.2	details Recommended version: 6.24.0 Description: The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. W... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2		CVE-2026-1528	Npm-undici-6.21.2	details Recommended version: 6.24.0 Description: ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3		CVE-2026-2229	Npm-undici-6.21.2	details Recommended version: 6.24.0 Description: Impact: The undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of theserver_max_window_bitsparameter in... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2026-32141	Npm-flatted-3.3.3	details Recommended version: 3.4.0 Description: flatted is a circular JSON parser. Prior to 3.4.0, flatted's "parse()" function uses a recursive "revive()" phase to resolve circular references in... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5		CVE-2026-32141	Npm-flatted-3.2.9	details Recommended version: 3.4.0 Description: flatted is a circular JSON parser. Prior to 3.4.0, flatted's "parse()" function uses a recursive "revive()" phase to resolve circular references in... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package

---

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR