[VANTA] [VULNERABILITY] <HIGH> CVE-2026-26996, CVE-2026-27903, CVE-2026-27904 and others, fix before 2026-03-27 #10
Description
Important
CLOSE THE ISSUE ONLY IF YOU PLAN TO DEPLOY THE FIX BEFORE THE DEADLINE IN THE TITLE.
DO NOT MANUALLY MODIFY THE ISSUE TITLE OR TEXT BODY.
npm-minimatch >= 9.0.0, < 9.0.6 CODE_REPOSITORY/commercelayer-cli-plugin-provisioning CVE-2026-26996 HIGH remediate by: 2026-03-27T08:50:05.811Z
npm-minimatch >= 9.0.0, < 9.0.7 CODE_REPOSITORY/commercelayer-cli-plugin-provisioning CVE-2026-27903 HIGH remediate by: 2026-03-30T22:15:05.999Z
npm-minimatch >= 9.0.0, < 9.0.7 CODE_REPOSITORY/commercelayer-cli-plugin-provisioning CVE-2026-27904 HIGH remediate by: 2026-03-30T22:15:05.999Z
npm-serialize-javascript <= 7.0.2 CODE_REPOSITORY/commercelayer-cli-plugin-provisioning GHSA-5c6j-r48x-rmvq HIGH remediate by: 2026-04-01T14:19:30.006Z