Skip to content

move e2e directory to the observability repo#125

Draft
Vadman97 wants to merge 8 commits intomainfrom
vadim/move-e2e
Draft

move e2e directory to the observability repo#125
Vadman97 wants to merge 8 commits intomainfrom
vadim/move-e2e

Conversation

@Vadman97
Copy link
Contributor

@Vadman97 Vadman97 commented Jul 17, 2025

Summary

How did you test this change?

Are there any deployment considerations?

@semgrep-code-launchdarkly
Copy link

semgrep-code-launchdarkly bot commented Jul 17, 2025

Semgrep found 1 ssc-6e8d64d7-d1a9-4807-b6e7-8a16a1a2085c finding:

Risk: Affected versions of next are vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'). A vulnerability in Next.js can enable an attacker to poison the cache. Under certain conditions, a HTTP 204 response may be cached for static pages, causing all subsequent requests to receive an empty response and effectively leading to a Denial of Service condition.

Manual Review Advice: A vulnerability from this advisory is reachable if you are using ISR with cache revalidation (in next start or standalone mode), and route using SSR, and you are not hosting on Vercel

Fix: Upgrade this library to at least version 15.1.8 at observability-sdk/yarn.lock:19958.

Reference(s): GHSA-67rr-84xm-4c7r, CVE-2025-49826

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Vadman97