| Uncontrolled recursion (ENG-23039) | Resolved an uncontrolled recursion security vulnerability. |
| Dynamically-determined object attribute modification (ENG-23037) | Resolved a security vulnerability related to improperly controlled modification of dynamically-determined object attributes. |
| Prototype pollution (ENG-23035) | Resolved a prototype pollution security vulnerability. |
| HTTP response splitting (ENG-23026) | Updated axios to resolve an HTTP response splitting security vulnerability. |
| Unintended proxy behavior in axios (ENG-22842) | Updated axios to resolve a security vulnerability related to unintended proxy behavior. |
| HTTP response splitting in axios (ENG-22896) | Updated axios to resolve an HTTP response splitting security vulnerability. |
| Arbitrary code injection in lodash (ENG-22846) | Updated lodash to resolve an arbitrary code injection security vulnerability. |
| Sensitive information exposure (ENG-22731) | Updated follow-redirect package to resolve a security vulnerability related to improper removal of sensitive information before storage or transfer. |
| Unintended proxy behavior (ENG-22603) | Updated itential-utils to resolve a security vulnerability related to unintended proxy behavior. |
| Arbitrary code injection (ENG-22377, ENG-22338, ENG-22336) | Updated lodash and rodeo to resolve arbitrary code injection security vulnerabilities. |
| Infinite loop in brace-expansion (ENG-22239, ENG-22179, ENG-22120) | Updated brace-expansion to resolve infinite loop security vulnerabilities. |