Skip to content

move e2e directory to the observability repo #125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

move e2e directory to the observability repo #125

wants to merge 8 commits into from

Conversation

@Vadman97
Copy link
Contributor

@Vadman97 Vadman97 commented Jul 17, 2025

Summary

How did you test this change?

Are there any deployment considerations?

@semgrep-code-launchdarkly
Copy link

semgrep-code-launchdarkly bot commented Jul 17, 2025

Semgrep found 1 ssc-6e8d64d7-d1a9-4807-b6e7-8a16a1a2085c finding:

Risk: Affected versions of next are vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'). A vulnerability in Next.js can enable an attacker to poison the cache. Under certain conditions, a HTTP 204 response may be cached for static pages, causing all subsequent requests to receive an empty response and effectively leading to a Denial of Service condition.

Manual Review Advice: A vulnerability from this advisory is reachable if you are using ISR with cache revalidation (in next start or standalone mode), and route using SSR, and you are not hosting on Vercel

Fix: Upgrade this library to at least version 15.1.8 at observability-sdk/yarn.lock:19958.

Reference(s): GHSA-67rr-84xm-4c7r, CVE-2025-49826

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Vadman97