Skip to content

FOUR-25651: Embedded Malicious Code in eslint-config-prettier#1849

Merged
nolanpro merged 1 commit into
developfrom
bugfix/FOUR-25651
Aug 4, 2025
Merged

FOUR-25651: Embedded Malicious Code in eslint-config-prettier#1849
nolanpro merged 1 commit into
developfrom
bugfix/FOUR-25651

Conversation

@henryjonathanquispe

@henryjonathanquispe henryjonathanquispe commented Aug 4, 2025

Copy link
Copy Markdown
Contributor

Issue & Reproduction Steps

Per CVE-2025-54313, a malicious actor compromised the credentials of one of the maintainers via a phishing attack. This allowed the attacker to publish tampered versions of the package to npm.

Per a scan of our GitHub repositories, the following packages will need to be upgraded to version 8.10.2, 9.1.2, 10.1.8 or higher.

Related Tickets & Packages

Code Review Checklist

  • I have pulled this code locally and tested it on my instance, along with any associated packages.
  • This code adheres to ProcessMaker Coding Guidelines.
  • This code includes a unit test or an E2E test that tests its functionality, or is covered by an existing test.
  • This solution fixes the bug reported in the original ticket.
  • This solution does not alter the expected output of a component in a way that would break existing Processes.
  • This solution does not implement any breaking changes that would invalidate documentation or cause existing Processes to fail.
  • This solution has been tested with enterprise packages that rely on its functionality and does not introduce bugs in those packages.
  • This code does not duplicate functionality that already exists in the framework or in ProcessMaker.
  • This ticket conforms to the PRD associated with this part of ProcessMaker.

@cypress

cypress Bot commented Aug 4, 2025
edited
Loading

Copy link
Copy Markdown

screen-builder    Run #1963

Run Properties:  status check passed Passed #1963  •  git commit 120f039ecf: FOUR-25651: Embedded Malicious Code in eslint-config-prettier
Project screen-builder
Branch Review bugfix/FOUR-25651
Run status status check passed Passed #1963
Run duration 38m 34s
Commit git commit 120f039ecf: FOUR-25651: Embedded Malicious Code in eslint-config-prettier
Committer henryjonathanquispe
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 0
Tests that did not run due to a developer annotating a test with .skip  Pending 19
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 374
View all changes introduced in this branch ↗︎

@processmaker-sonarqube

processmaker-sonarqube Bot commented Aug 4, 2025

Copy link
Copy Markdown

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@nolanpro nolanpro merged commit 94757c8 into develop Aug 4, 2025
22 of 23 checks passed
@nolanpro nolanpro deleted the bugfix/FOUR-25651 branch August 4, 2025 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pmPaulis pmPaulis pmPaulis approved these changes

Assignees

No one assigned

Labels

4.15.5 Beta4

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@henryjonathanquispe @pmPaulis @nolanpro