Problem/Motivation
One of our drupal site's repositories in github, that uses dependabot alerts, raised two critical security warnings in /docroot/core/yarn.lock file.
- Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS. Patched version: 5.14.2
- jQuery UI Cross-site Scripting when refreshing a checkboxradio with an HTML-like initial text label. Patched version: 1.13.2
Proposed resolution
Please, update these dependencies versions and compile the assets to remove this issue.
Thank you,