[deps]: Update Node.js to ~22.14.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
node (source)	engines	minor	~22.13.0 -> ~22.14.0

---

Release Notes

nodejs/node (node)

v22.14.0: 2025-02-11, Version 22.14.0 'Jod' (LTS), @​aduh95

Compare Source

Notable Changes

• [82a9000e9e] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
• [b7fe54fc88] - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) #​56489
• [3ac92ef607] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #​56359
• [1614e8e7bc] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #​56610
• [6d6cffa9cc] - (SEMVER-MINOR) module: add findPackageJSON util (Jacob Smith) #​55412
• [d35333ae18] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #​56400
• [07ff3ddcb5] - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) #​56385
• [94d3fe1b62] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #​56441
• [5afffb4415] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #​56469
• [697a851fb3] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #​56595
• [047537b48c] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #​56459
• [926cf84e95] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #​56434
• [c658a8afdf] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #​56394

Commits

• [bad1ad8650] - assert: make myers_diff function more performant (Giovanni Bucci) #​56303
• [e222e36f3b] - assert: make partialDeepStrictEqual work with urls and File prototypes (Giovanni Bucci) #​56231
• [e232789fe2] - assert: show diff when doing partial comparisons (Giovanni Bucci) #​56211
• [c99de1fdcf] - assert: make partialDeepStrictEqual throw when comparing [0] with [-0] (Giovanni) #​56237
• [2386fd5840] - benchmark: add validateStream to styleText bench (Rafael Gonzaga) #​56556
• [b197dfa7ec] - build: fix GN build for ngtcp2 (Cheng) #​56300
• [2a3cdd34ff] - build: test macos-13 on GitHub actions (Michaël Zasso) #​56307
• [12f716be0a] - build: build v8 with -fvisibility=hidden on macOS (Joyee Cheung) #​56275
• [c5ca15bd34] - child_process: fix parsing messages with splitted length field (Maksim Gorkov) #​56106
• [8346b8fc2c] - crypto: add missing return value check (Michael Dawson) #​56615
• [82a9000e9e] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
• [890eef20a1] - crypto: fix checkPrime crash with large buffers (Santiago Gimeno) #​56559
• [5edb7b5e87] - crypto: fix warning of ignoring return value (Cheng) #​56527
• [b89f123a0b] - crypto: make generatePrime/checkPrime interruptible (James M Snell) #​56460
• [63c1859e01] - deps: update corepack to 0.31.0 (Node.js GitHub Bot) #​56795
• [a48430d4d3] - deps: move inspector_protocol to deps (Chengzhong Wu) #​56649
• [74cccc824f] - deps: macro ENODATA is deprecated in libc++ (Cheng) #​56698
• [fa869ea0f2] - deps: fixup some minor coverity warnings (James M Snell) #​56612
• [1a4fa2b015] - deps: update amaro to 0.3.0 (Node.js GitHub Bot) #​56568
• [b47076fd82] - deps: update amaro to 0.2.2 (Node.js GitHub Bot) #​56568
• [46bd4b8731] - deps: update simdutf to 6.0.3 (Node.js GitHub Bot) #​56567
• [8ead9c693b] - deps: update simdutf to 5.7.2 (Node.js GitHub Bot) #​56388
• [18d4b502af] - deps: update amaro to 0.2.1 (Node.js GitHub Bot) #​56390
• [d938d7cc86] - deps: update googletest to 7d76a23 (Node.js GitHub Bot) #​56387
• [9761e7dccb] - deps: update googletest to e54519b (Node.js GitHub Bot) #​56370
• [8319dc6bc5] - deps: update ngtcp2 to 1.10.0 (Node.js GitHub Bot) #​56334
• [6eacd19d6a] - deps: update simdutf to 5.7.0 (Node.js GitHub Bot) #​56332
• [28bec2dda3] - diagnostics_channel: capture console messages (Stephen Belanger) #​56292
• [d519d33502] - doc: update macOS and Xcode versions for releases (Michaël Zasso) #​56337
• [fcfe650507] - doc: add note for features using InternalWorker with permission model (Antoine du Hamel) #​56706
• [efbba182b5] - doc: add entry to changelog about SQLite Session Extension (Bart Louwers) #​56318
• [31bf9c7dd9] - doc: move anatoli to emeritus (Michael Dawson) #​56592
• [6096e38c7c] - doc: fix styles of the expandable TOC (Antoine du Hamel) #​56755
• [d423638281] - doc: add "Skip to content" button (Antoine du Hamel) #​56750
• [edeb157d75] - doc: improve accessibility of expandable lists (Antoine du Hamel) #​56749
• [1a79e87687] - doc: add note regarding commit message trailers (Dario Piotrowicz) #​56736
• [927c7e47e4] - doc: fix typo in example code for util.styleText (Robin Mehner) #​56720
• [fade522538] - doc: fix inconsistencies in WeakSet and WeakMap comparison details (Shreyans Pathak) #​56683
• [55533bf147] - doc: add RafaelGSS as latest sec release stewards (Rafael Gonzaga) #​56682
• [8e978bdee1] - doc: clarify cjs/esm diff in queueMicrotask() vs process.nextTick() (Dario Piotrowicz) #​56659
• [ae360c30dc] - doc: WeakSet and WeakMap comparison details (Shreyans Pathak) #​56648
• [acd2a2fda5] - doc: mention prepare --security (Rafael Gonzaga) #​56617
• [d3c0a2831d] - doc: tweak info on reposts in ambassador program (Michael Dawson) #​56589
• [3299505b49] - doc: add type stripping to ambassadors program (Marco Ippolito) #​56598
• [b1a6ffa4e4] - doc: improve internal documentation on built-in snapshot (Joyee Cheung) #​56505
• [1641a28930] - doc: document CLI way to open the nodejs/bluesky PR (Antoine du Hamel) #​56506
• [2042628fda] - doc: add section about using npx with permission model (Rafael Gonzaga) #​56539
• [ace19a0263] - doc: update gcc-version for ubuntu-lts (Kunal Kumar) #​56553
• [4aa57b50f8] - doc: fix parentheses in options (Tobias Nießen) #​56563
• [b40b01b4d3] - doc: include CVE to EOL lines as sec release process (Rafael Gonzaga) #​56520
• [6701360113] - doc: add esm examples to node:trace_events (Alfredo González) #​56514
• [d3207cca3e] - doc: add message for Ambassadors to promote (Michael Dawson) #​56235
• [97ece4ae06] - doc: allow request for TSC reviews via the GitHub UI (Antoine du Hamel) #​56493
• [03f25055ab] - doc: add example for piping ReadableStream (Gabriel Schulhof) #​56415
• [516d07482c] - doc: expand description of parseArg's default (Kevin Gibbons) #​54431
• [a6491effcb] - doc: use <ul> instead of <ol> in SECURITY.md (Antoine du Hamel) #​56346
• [e4ec134b21] - doc: clarify that WASM is trusted (Matteo Collina) #​56345
• [0f7aed8a59] - doc: fix the crc32 documentation (Kevin Toshihiro Uehara) #​55898
• [721104a296] - doc: fix links in module.md (Antoine du Hamel) #​56283
• [928540d792] - doc: fix typos (Nathan Baulch) #​55066
• [e69d35f03b] - doc: add history info for Permission Model (Antoine du Hamel) #​56707
• [c6fd867ab5] - esm: fix jsdoc type refs to ModuleJobBase in esm/loader (Jacob Smith) #​56499
• [9cf9046bd7] - Revert "events: add hasEventListener util for validate" (origranot) #​56282
• [b7fe54fc88] - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) #​56489
• [6ca27c2a59] - http2: omit server name when HTTP2 host is IP address (islandryu) #​56530
• [9f1fa199bf] - inspector: roll inspector_protocol (Chengzhong Wu) #​56649
• [0dae4bb3ab] - inspector: add undici http tracking support (Chengzhong Wu) #​56488
• [2c6124cec4] - inspector: report loadingFinished until the response data is consumed (Chengzhong Wu) #​56372
• [96ec862ce2] - lib: refactor execution.js (Marco Ippolito) #​56358
• [3ac92ef607] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #​56359
• [d5bf3db0cf] - lib: allow skipping source maps in node_modules (Chengzhong Wu) #​56639
• [d33eaf2bcb] - lib: ensure FORCE_COLOR forces color output in non-TTY environments (Pietro Marchini) #​55404
• [dc003218a8] - lib: optimize prepareStackTrace on builtin frames (Chengzhong Wu) #​56299
• [df06524863] - lib: suppress source map lookup exceptions (Chengzhong Wu) #​56299
• [35335a5a66] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​56580
• [1faabdb150] - meta: add codeowners of security release document (Rafael Gonzaga) #​56521
• [b4ece22ef5] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​56342
• [9ec67e7ce0] - meta: move MoLow to TSC regular member (Moshe Atlow) #​56276
• [bae4b2e20a] - module: use more defensive code when handling SWC errors (Antoine du Hamel) #​56646
• [1614e8e7bc] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #​56610
• [174d88eab1] - module: support eval with ts syntax detection (Marco Ippolito) #​56285
• [299d6fa829] - module: fix jsdoc for format parameter in cjs/loader (pacexy) #​56501
• [0307e4dd59] - module: unify TypeScript and .mjs handling in CommonJS (Joyee Cheung) #​55590
• [1f4f9be93d] - module: fix async resolution error within the sync findPackageJSON (Jacob Smith) #​56382
• [bbedffa0f0] - module: simplify findPackageJSON implementation (Antoine du Hamel) #​55543
• [6d6cffa9cc] - (SEMVER-MINOR) module: add findPackageJSON util (Jacob Smith) #​55412
• [cd7ce18233] - module: fix bad require.resolve with option paths for . and .. (Dario Piotrowicz) #​56735
• [152df4da21] - module: rethrow amaro error message (Marco Ippolito) #​56568
• [acba5dc87e] - module: use buffer.toString base64 (Chengzhong Wu) #​56315
• [01e69be8ff] - node-api: define version 10 (Gabriel Schulhof) #​55676
• [724524528e] - node-api: remove deprecated attribute from napi_module_register (Vladimir Morozov) #​56162
• [c78e11064f] - process: remove support for undocumented symbol (Antoine du Hamel) #​56552
• [3f69b18a23] - process: fix symbol key and mark experimental new node:process methods (Antoine du Hamel) #​56517
• [d35333ae18] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #​56400
• [fa49f0f7d5] - punycode: limit deprecation warning (Colin Ihrig) #​56632
• [d77c7073b7] - sqlite: disable memstatus APIs at build time (Colin Ihrig) #​56541
• [07ff3ddcb5] - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) #​56385
• [b6c2e91365] - sqlite: enable SQL math functions (Colin Ihrig) #​56447
• [3462263e8b] - sqlite: pass conflict type to conflict resolution handler (Bart Louwers) #​56352
• [89ba3af743] - src: add nullptr handling from X509_STORE_new() (Burkov Egor) #​56700
• [89a7c82e0c] - src: add default value for RSACipherConfig mode field (Burkov Egor) #​56701
• [7bae51e62e] - src: fix build with GCC 15 (tjuhaszrh) #​56740
• [432a4b8bd6] - src: fix to generate path from wchar_t via wstring (yamachu) #​56696
• [8c9eaf82f0] - src: initialize FSReqWrapSync in path that uses it (Michaël Zasso) #​56613
• [bcdb42d40b] - src: handle duplicate paths granted (Rafael Gonzaga) #​56591
• [d6a7acc207] - src: update ECKeyPointer in ncrypto (James M Snell) #​56526
• [01922f8b1f] - src: update ECPointPointer in ncrypto (James M Snell) #​56526
• [2a3a36eceb] - src: update ECGroupPointer in ncrypto (James M Snell) #​56526
• [67c10cdacb] - src: update ECDASSigPointer implementation in ncrypto (James M Snell) #​56526
• [17f931c68b] - src: cleaning up more crypto internals for ncrypto (James M Snell) #​56526
• [94d3fe1b62] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #​56441
• [6594ee8dff] - src: fix undefined script name in error source (Chengzhong Wu) #​56502
• [b46bad3e91] - src: refactor --trace-env to reuse option selection and handling (Joyee Cheung) #​56293
• [76921b822b] - src: minor cleanups on OneByteString usage (James M Snell) #​56482
• [3f0d1dd4fe] - src: move more crypto impl detail to ncrypto dep (James M Snell) #​56421
• [04f623b283] - src: fixup more ToLocalChecked uses in node_file (James M Snell) #​56484
• [5aa436f5a1] - src: make some minor ToLocalChecked cleanups (James M Snell) #​56483
• [6eec5e7ec2] - src: lock the thread properly in snapshot builder (Joyee Cheung) #​56327
• [5614993968] - src: drain platform tasks before creating startup snapshot (Chengzhong Wu) #​56403
• [48493e9fd5] - src: use LocalVector in more places (James M Snell) #​56457
• [7e5ea0681e] - src: use v8::LocalVector consistently with other minor cleanups (James M Snell) #​56417
• [ad3d857f2b] - src: use starts_with in fs_permission.cc (ishabi) #​55811
• [5afffb4415] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #​56469
• [7d1676e72e] - stream: fix typo in ReadableStreamBYOBReader.readIntoRequests (Mattias Buelens) #​56560
• [e658ea6b26] - stream: validate undefined sizeAlgorithm in WritableStream (Jason Zhang) #​56067
• [e4f133c20c] - test: add ts eval snapshots (Marco Ippolito) #​56358
• [f041742400] - test: remove empty lines from snapshots (Marco Ippolito) #​56358
• [801cde91f6] - test: reduce number of written chunks (Luigi Pinca) #​56757
• [6fdf1879ab] - test: fix invalid common.mustSucceed() usage (Luigi Pinca) #​56756
• [d2bfbfa364] - test: use strict mode in global setters test (Rich Trott) #​56742
• [5c030da42f] - test: cleanup and simplify test-crypto-aes-wrap (James M Snell) #​56748
• [f1442d6eaf] - test: do not use common.isMainThread (Luigi Pinca) #​56768
• [49405bd9e7] - test: make some requires lazy in common/index (James M Snell) #​56715
• [52ef376788] - test: add test that uses multibyte for path and resolves modules (yamachu) #​56696
• [b811dea85a] - test: replace more uses of global with globalThis (James M Snell) #​56712
• [eb97076199] - test: make common/index slightly less node.js specific (James M Snell) #​56712
• [1795202d19] - test: rely less on duplicative common test harness utilities (James M Snell) #​56712
• [5be29a274e] - test: simplify common/index.js (James M Snell) #​56712
• [92e99780f0] - test: move hasMultiLocalhost to common/net (James M Snell) #​56716
• [1c3204a4cc] - test: move crypto related common utilities in common/crypto (James M Snell) #​56714
• [fe79d63be0] - test: add missing test for env file (Jonas) #​56642
• [e08af61537] - test: enforce strict mode in test-zlib-const (Rich Trott) #​56689
• [c96792d7f8] - test: fix localization data for ICU 74.2 (Antoine du Hamel) #​56661
• [48b72f1195] - test: use --permission instead of --experimental-permission (Rafael Gonzaga) #​56685
• [de81d90fce] - test: test-stream-compose.js doesn't need internals (Meghan Denny) #​56619
• [f5b8499ad0] - test: add maxCount and gcOptions to gcUntil() (Joyee Cheung) #​56522
• [d9e5a81041] - test: add line break at end of file (Rafael Gonzaga) #​56588
• [59be346fbf] - test: mark test-worker-prof as flaky on smartos (Joyee Cheung) #​56583
• [12a2cae9e5] - test: update test-child-process-bad-stdio to use node:test (Colin Ihrig) #​56562
• [2dc4a30e19] - test: disable openssl 3.4.0 incompatible tests (Jelle van der Waa) #​56160
• [1950fbf51d] - test: make test-crypto-hash compatible with OpenSSL > 3.4.0 (Jelle van der Waa) #​56160
• [a533420a91] - test: clarify fork inherit permission flags (Rafael Gonzaga) #​56523
• [697e799dc1] - test: add error only reporter for node:test (Carlos Espa) #​56438
• [4844fa212d] - test: mark test-http-server-request-timeouts-mixed as flaky (Joyee Cheung) #​56503
• [843c2389b9] - test: update error code in tls-psk-circuit for for OpenSSL 3.4 (sebastianas) #​56420
• [ccb2ddbd83] - test: update compiled sqlite tests to match other tests (Colin Ihrig) #​56446
• [b40f50324d] - test: add initial test426 coverage (Chengzhong Wu) #​56436
• [059f81e4fd] - test: update test-set-http-max-http-headers to use node:test (Colin Ihrig) #​56439
• [ec2940b418] - test: update test-child-process-windows-hide to use node:test (Colin Ihrig) #​56437
• [0362924880] - test: use unusual chars in the path to ensure our tests are robust (Antoine du Hamel) #​48409
• [b6c3869910] - test: improve abort signal dropping test (Edy Silva) #​56339
• [cc648ef923] - test: enable ts test on win arm64 (Marco Ippolito) #​56349
• [68819b4997] - test: deflake test-watch-file-shared-dependency (Luigi Pinca) #​56344
• [ca6ed2190c] - test: skip test-sqlite-extensions when SQLite is not built by us (Antoine du Hamel) #​56341
• [8ffeb8b58c] - test: increase spin for eventloop test on s390 (Michael Dawson) #​56228
• [6ae9950f08] - test: migrate message eval tests from Python to JS (Yiyun Lei) #​50482
• [4352bf69e9] - test: check typescript loader (Marco Ippolito) #​54657
• [406e7db9c3] - test: remove async-hooks/test-writewrap flaky designation (Luigi Pinca) #​56048
• [fa56ab2bba] - test: deflake test-esm-loader-hooks-inspect-brk (Luigi Pinca) #​56050
• [8e149aac99] - test: add test case for listeners (origranot) #​56282
• [a3f5ef22cd] - test: make test-permission-sqlite-load-extension more robust (Antoine du Hamel) #​56295
• [8cbb7cc838] - test_runner: print failing assertion only once with spec reporter (Pietro Marchini) #​56662
• [1f426bad9a] - test_runner: remove unused errors (Pietro Marchini) #​56607
• [697a851fb3] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #​56595
• [047537b48c] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #​56459
• [19b4aa4b14] - test_runner: run single test file benchmark (Pietro Marchini) #​56479
• [926cf84e95] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #​56434
• [fb4661a4cf] - test_runner: finish marking snapshot testing as stable (Colin Ihrig) #​56425
• [900c6c3940] - tls: fix error stack conversion in cryptoErrorListToException() (Joyee Cheung) #​56554
• [e9f185b658] - tools: update doc to new version (Node.js GitHub Bot) #​56259
• [7644c7e619] - tools: update inspector_protocol roller (Chengzhong Wu) #​56649
• [362272b0a4] - tools: do not throw on missing create-release-proposal.sh (Antoine du Hamel) #​56704
• [df8b835953] - tools: fix tools-deps-update (Daniel Lemire) #​56684
• [feba5d3274] - tools: do not throw on missing create-release-proposal.sh (Antoine du Hamel) #​56695
• [9827f7d395] - tools: fix permissions in lint-release-proposal workflow (Antoine du Hamel) #​56614
• [14c562c0dc] - tools: remove github reporter (Carlos Espa) #​56468
• [ed1785d0ae] - tools: edit create-release-proposal workflow (Antoine du Hamel) #​56540
• [294e4c42f5] - tools: validate commit list as part of lint-release-commit (Antoine du Hamel) #​56291
• [98d3474267] - tools: fix loong64 build failed (Xiao-Tao) #​56466
• [3e729ceec8] - tools: disable unneeded rule ignoring in Python linting (Rich Trott) #​56429
• [d5c05328e2] - tools: use a configurable value for number of open dependabot PRs (Antoine du Hamel) #​56427
• [1705cbe002] - tools: bump the eslint group in /tools/eslint with 4 updates (dependabot[bot]) #​56426
• [53b29b0469] - tools: fix require-common-first lint rule from subfolder (Antoine du Hamel) #​56325
• [105c4ed4fb] - tools: add release line label when opening release proposal (Antoine du Hamel) #​56317
• [30f61f4aa5] - url: use resolved path to convert UNC paths to URL (Antoine du Hamel) #​56302
• [a0aef4dfb6] - util: inspect: do not crash on an Error stack that contains a Symbol (Jordan Harband) #​56573
• [a8a060341f] - util: inspect: do not crash on an Error with a regex name (Jordan Harband) #​56574
• [ea66bf3553] - util: rename CallSite.column to columnNumber (Chengzhong Wu) #​56584
• [9cdc3b373c] - util: do not crash on inspecting function with Symbol name (Jordan Harband) #​56572
• [0bfbb68569] - util: expose CallSite.scriptId (Chengzhong Wu) #​56551
• [5dd7116e09] - watch: reload env file for --env-file-if-exists (Jonas) #​56643
• [c658a8afdf] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #​56394
• [2e5d038f48] - worker: refactor stdio to improve performance (Matteo Collina) #​56630
• [f959805d01] - worker: flush stdout and stderr on exit (Matteo Collina) #​56428

---

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Checkmarx One – Scan Summary & Details – bc363c36-ced8-459c-9b75-9bc881aeb67b

New Issues (5)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Cx7c1ed3d7-0e49	Npm-image-size-1.2.0	details Recommended version: 1.2.1 Description: Image-size is vulnerable to a Denial of Service (DoS) vulnerability when processing specially crafted images. The issue occurs because of an infine... Attack Vector: NETWORK Attack Complexity: LOW ID: m%2Fx%2FMmFzzqG09LmQ7p6HGN41PbQTYKfJwtIqcw3lFpM%3D Vulnerable Package
	CVE-2024-53382	Npm-prismjs-1.29.0	details Recommended version: 1.30.0 Description: Prism (aka PrismJS) allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), bec... Attack Vector: NETWORK Attack Complexity: HIGH ID: vDGWLCE4KKltrC3IpnBLrFUWrE3pVpyRDh57o4XV2jc%3D Vulnerable Package
	CVE-2025-27789	Npm-@babel/runtime-corejs3-7.26.0	details Recommended version: 7.26.10 Description: Babel is a compiler for writing next-generation JavaScript. In affected versions of Babel, to compile regular expressions named capturing groups, B... Attack Vector: LOCAL Attack Complexity: LOW ID: PCtbB1jXXuGP9g96p2hACsrRNiElTq0H%2BUr4KvIk11Q%3D Vulnerable Package
	CVE-2025-27789	Npm-@babel/helpers-7.26.0	details Recommended version: 7.26.10 Description: Babel is a compiler for writing next-generation JavaScript. In affected versions of Babel, to compile regular expressions named capturing groups, B... Attack Vector: LOCAL Attack Complexity: LOW ID: yvdXqpFNaiSiKWfJ8Y5oy2pQSRXTSdoNVLZI1Zdl%2Bds%3D Vulnerable Package
	CVE-2025-32014	Npm-estree-util-value-to-estree-3.2.1	details Description: A vulnerability in estree-util-value-to-estree versions prior to 3.3.3 allows an attacker to generate an "ESTree" object that specifies a prototype... Attack Vector: NETWORK Attack Complexity: LOW ID: OnrtDR3H0Bslexs3t62fEW1xfZPu5HbtsMXYLe0jbCM%3D Vulnerable Package