From fc568abb84c5e56d1ef6abf563b80ca98ad3dc40 Mon Sep 17 00:00:00 2001 From: Charly Gomez Date: Mon, 9 Feb 2026 17:28:09 +0100 Subject: [PATCH] fix(deps): Bump webpack from 5.97.0 to 5.104.0 in ember-classic e2e test Addresses CVE-2025-68157 (GHSA-38r7-794h-5758), an allowedUris bypass via HTTP redirects in webpack's HttpUriPlugin that could enable SSRF at build time. Co-Authored-By: Claude --- .../e2e-tests/test-applications/ember-classic/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-packages/e2e-tests/test-applications/ember-classic/package.json b/dev-packages/e2e-tests/test-applications/ember-classic/package.json index 5a0b49c0972c..a271c14524bc 100644 --- a/dev-packages/e2e-tests/test-applications/ember-classic/package.json +++ b/dev-packages/e2e-tests/test-applications/ember-classic/package.json @@ -69,7 +69,7 @@ "loader.js": "~4.7.0", "ts-node": "10.9.1", "typescript": "~5.4.5", - "webpack": "~5.97.0" + "webpack": "~5.104.0" }, "engines": { "node": ">=18"