Fix the vulnerability by upgrade NpmPicomatch version(AST-143876) (#1003)

cx-sumit-morchhale · cx-anurag-dalke · web-flow · commit 987fbe89820d · 2026-04-02T11:12:43.000Z
* upgrade the version

* Upgrade the underscore version

* Removed underscore override version

* added sha commit

---------

Co-authored-by: Anurag Dalke &lt;anurag.dalke@checkmarx.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -5,7 +5,7 @@ jobs:
   integration-tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2   #v4
         with:
           lfs: true
 
@@ -16,7 +16,7 @@ jobs:
           git lfs install
 
       - name: Use Node.js 22.11.0
-        uses: actions/setup-node@v4.0.2
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8     #v4.0.2
         with:
           node-version: 22.11.0
           registry-url: https://npm.pkg.github.com/
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -41,7 +41,8 @@
   "overrides": {
     "bluebird": "3.7.2",
     "debug": "^4.4.0",
-    "flatted": "^3.4.2"
+    "flatted": "^3.4.2",
+    "picomatch": "2.3.2"
   },
   "publishConfig": {
     "registry": "https://npm.pkg.github.com"
