mitigate GHSA-qwcr-r2fm-qrc7 (backport #7146) [release/4.8.x] (#7155)

.github/workflows/extract-api.yaml

@@ -53,7 +53,7 @@ jobs:
           fi
 
       - name: Publish extracted api
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: extracted-api
           path: common/api

common/changes/@itwin/appui-abstract/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/appui-abstract",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/appui-abstract"
+}

common/changes/@itwin/certa/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/certa",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/certa"
+}

common/changes/@itwin/core-backend/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/core-backend",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/core-backend"
+}

common/changes/@itwin/core-frontend/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/core-frontend",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/core-frontend"
+}

common/changes/@itwin/core-quantity/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/core-quantity",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/core-quantity"
+}

common/changes/@itwin/ecschema-editing/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/ecschema-editing",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/ecschema-editing"
+}

common/changes/@itwin/ecschema-locaters/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/ecschema-locaters",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/ecschema-locaters"
+}

common/changes/@itwin/ecschema-metadata/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/ecschema-metadata",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/ecschema-metadata"
+}

common/changes/@itwin/express-server/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/express-server",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/express-server"
+}

common/changes/@itwin/frontend-tiles/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/frontend-tiles",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/frontend-tiles"
+}

common/changes/@itwin/map-layers-auth/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/map-layers-auth",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/map-layers-auth"
+}

common/changes/@itwin/map-layers-formats/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/map-layers-formats",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/map-layers-formats"
+}

common/changes/@itwin/presentation-backend/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/presentation-backend",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/presentation-backend"
+}

common/changes/@itwin/presentation-common/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/presentation-common",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/presentation-common"
+}

common/changes/@itwin/presentation-frontend/mitigate-various-audit-failures_2024-09-11-17-04.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@itwin/presentation-frontend",
+      "comment": "",
+      "type": "none"
+    }
+  ],
+  "packageName": "@itwin/presentation-frontend"
+}

common/config/rush/pnpm-config.json

@@ -21,7 +21,7 @@
     "pnpm": {
       "auditConfig": {
         "ignoreCves": [
-          "CVE-2024-39338" // https://github.com/advisories/GHSA-8hc4-vh64-cxmj @itwin/object-storage-core@2.2.4 > axios@1.7.3
+          "CVE-2024-45296" // https://github.com/advisories/GHSA-9wv6-86v2-598j sinon>nise>path-to-regexp
         ]
       }
     }