[Snyk] Security upgrade @teselagen/ove from 0.7.21-beta.4 to 0.7.24

[bijupki]

Snyk has created this PR to fix 2 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• example-demos/oveWebpackDemo/package.json
• example-demos/oveWebpackDemo/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-LODASH-15053838	631
	Prototype Pollution SNYK-JS-LODASHES-15053836	631

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[segrem25830-pki]

Checkmarx One – Scan Summary & Details – 6de2d216-8956-44e0-9347-016e2ea5c04a

New Issues (23)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2023-45133	Npm-@babel/traverse-7.22.10	details Recommended version: 7.23.2 Description: Babel is a compiler for writing JavaScript. In `@babel/traverse` versions prior to 7.23.2 and 8.0.x prior to 8.0.0-alpha.4, using Babel to compile ... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
2		CVE-2024-21536	Npm-http-proxy-middleware-2.0.6	details Recommended version: 2.0.9 Description: The http-proxy-middleware versions through 2.0.7-beta.0 and 3.0.0-beta.0 through 3.0.2 are vulnerable to Denial of Service (DoS) due to an "Unhandl... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3		CVE-2024-29180	Npm-webpack-dev-middleware-5.3.3	details Recommended version: 5.3.4 Description: In webpack-dev-middleware versions prior to 5.3.4, 6.x.x prior to 6.1.2, and 7.0.0 the development middleware for devpack does not validate the sup... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2024-45590	Npm-body-parser-1.20.1	details Recommended version: 1.20.3 Description: The body-parser is Node.js body parsing middleware. The body-parser package versions prior to 1.20.3 and 2.0.x prior to 2.0.0 are vulnerable to Den... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5		CVE-2024-52798	Npm-path-to-regexp-0.1.7	details Recommended version: 0.1.12 Description: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploit... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
6		CVE-2025-12816	Npm-node-forge-1.3.1	details Recommended version: 1.3.2 Description: An interpretation-conflict (CWE-436) vulnerability in node-forge versions through 1.3.1 enables unauthenticated attackers to craft ASN.1 structures... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
7		CVE-2025-66031	Npm-node-forge-1.3.1	details Recommended version: 1.3.2 Description: Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in n... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
8		CVE-2026-23950	Npm-tar-6.2.1	details Recommended version: 7.5.3 Description: node-tar,a Tar for Node.js, has a race condition vulnerability in versions through 7.5.3. This is due to an incomplete handling of Unicode path col... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
9		CVE-2023-26159	Npm-follow-redirects-1.15.2	details Recommended version: 1.15.6 Description: The package follow-redirects versions prior to 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the "url.... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
10		CVE-2023-44270	Npm-postcss-8.4.28	details Recommended version: 8.4.31 Description: An issue was discovered in postcss versions prior to 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An at... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
11		CVE-2024-11831	Npm-serialize-javascript-6.0.1	details Recommended version: 6.0.2 Description: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain i... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
12		CVE-2024-29041	Npm-express-4.18.2	details Recommended version: 4.20.0 Description: Express.js minimalist web framework for node. Express.js versions prior to 4.19.2, and 5.0.x prior to 5.0.0-beta.3 are affected by an open redirect... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
13		CVE-2024-43788	Npm-webpack-5.88.2	details Recommended version: 5.94.0 Description: Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundlin... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
14		CVE-2024-43796	Npm-express-4.18.2	details Recommended version: 4.20.0 Description: Express.js minimalist web framework for node. In express versions prior to 4.20.0 and 5.0.x prior to 5.0.0, passing untrusted user input even after... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
15		CVE-2024-43799	Npm-send-0.18.0	details Recommended version: 0.19.0 Description: Send is a library for streaming files from the file system as an HTTP response. Send passes untrusted user input to "SendStream.redirect()" which e... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
16		CVE-2024-43800	Npm-serve-static-1.15.0	details Recommended version: 1.16.0 Description: serve-static serves static files. serve-static passes untrusted user input even after sanitizing it to "redirect()" and may execute untrusted code.... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
17		CVE-2024-47764	Npm-cookie-0.5.0	details Recommended version: 0.7.0 Description: The NPM package cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cook... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
18		CVE-2025-13465	Npm-lodash-es-4.17.21	details Recommended version: 4.17.23 Description: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unsetand _.omitfunctions. An attacker can pass crafted paths w... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
19		CVE-2025-13465	Npm-lodash-4.17.15	details Description: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unsetand _.omitfunctions. An attacker can pass crafted paths w... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
20		CVE-2025-13465	Npm-lodash-4.17.21	details Description: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unsetand _.omitfunctions. An attacker can pass crafted paths w... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
21		CVE-2025-66030	Npm-node-forge-1.3.1	details Recommended version: 1.3.2 Description: Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-fo... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
22		CVE-2025-7339	Npm-on-headers-1.0.2	details Recommended version: 1.1.0 Description: The on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions prior to 1.1.0 may result in r... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
23		CVE-2025-9910	Npm-jsondiffpatch-0.4.1	details Recommended version: 0.7.2 Description: jsondiffpatch versions prior to 0.7.2 are vulnerable to Cross-site Scripting (XSS) via "HtmlFormatter::nodeBegin". An attacker can inject malicious... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package

Fixed Issues (3)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2026-21884	Npm-react-router-5.3.4
	Client_Dangerous_File_Inclusion	/packages/bio-parsers/umd_demo.html: 3
	Client_Dangerous_File_Inclusion	/packages/ove/public/UMDDemo.html: 13

---

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR