[wp-trac] [WordPress Trac] #64833: Bundled Themes: Update svgo transitive dependency (was: Bundled Themes: Update svgo transitive dependency in Twenty Twenty-Five to fix CVE-2026-29074 (Billion Laughs DoS))
WordPress Trac
noreply at wordpress.org
Mon Mar 9 20:05:04 UTC 2026
#64833: Bundled Themes: Update svgo transitive dependency
---------------------------+------------------------------
Reporter: aakashverma1 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Bundled Theme | Version: 6.9
Severity: normal | Resolution:
Keywords: | Focuses:
---------------------------+------------------------------
Comment (by sabernhardt):
When creating a new Trac ticket, the page warned:
> "Do not report potential security vulnerabilities here."
The `npm` dependencies for all themes will have an audit as part of
#64230, so this probably does not need its own ticket.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64833#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list