CEXT-6065 - Fix vulnerabilities

[pablomoreno61]

Description

Multiple vulnerabilities found:

20 vulnerabilities (3 low, 5 moderate, 11 high, 1 critical)

After running npm audit fix:

`added 12 packages, removed 121 packages, changed 62 packages, and audited 868 packages in 19s

142 packages are looking for funding
run npm fund for details

found 0 vulnerabilities`

Related Issue

https://jira.corp.adobe.com/browse/CEXT-6065

Motivation and Context

How Has This Been Tested?

Run test results:

`
=============================== Coverage summary ===============================
Statements : 82.01% ( 1728/2107 )
Branches : 70.32% ( 327/465 )
Functions : 64.88% ( 170/262 )
Lines : 82.19% ( 1727/2101 )

Test Suites: 76 passed, 76 total
Tests: 338 passed, 338 total
Snapshots: 0 total
Time: 8.932 s
`

`
npm run onboard  ✔  10087  11:35:55

commerce-integration-starter-kit@1.0.2 onboard
node --no-warnings -e 'require("./scripts/onboarding/index.js").main()'

Starting the process of on-boarding based on your registration choices
Start process of creating providers: {
product: {
commerce: {
'com.adobe.commerce.observer.catalog_product_delete_commit_after': [Object],
'com.adobe.commerce.observer.catalog_product_save_commit_after': [Object]
},
backoffice: {
'be-observer.catalog_product_create': [Object],
'be-observer.catalog_product_update': [Object],
'be-observer.catalog_product_delete': [Object]
}
},
customer: {
commerce: {
'com.adobe.commerce.observer.customer_save_commit_after': [Object],
'com.adobe.commerce.observer.customer_delete_commit_after': [Object],
'com.adobe.commerce.observer.customer_group_save_commit_after': [Object],
'com.adobe.commerce.observer.customer_group_delete_commit_after': [Object]
},
backoffice: {
'be-observer.customer_create': [Object],
'be-observer.customer_update': [Object],
'be-observer.customer_delete': [Object],
'be-observer.customer_group_create': [Object],
'be-observer.customer_group_update': [Object],
'be-observer.customer_group_delete': [Object]
}
},
order: {
commerce: {
'com.adobe.commerce.observer.sales_order_save_commit_after': [Object]
},
backoffice: {
'be-observer.sales_order_status_update': [Object],
'be-observer.sales_order_shipment_create': [Object],
'be-observer.sales_order_shipment_update': [Object]
}
},
stock: {
commerce: {
'com.adobe.commerce.observer.cataloginventory_stock_item_save_commit_after': [Object]
},
backoffice: { 'be-observer.catalog_stock_update': [Object] }
}
}
Skipping creation of "Commerce Provider - starterkitpablomoren-stage" creation, provider already exists
Skipping creation of "Backoffice Provider - starterkitpablomoren-stage" creation, provider already exists
Defining the provider with key: commerce as: 88819dec-246e-4c06-b13c-d62e5ac49e38
Defining the provider with key: backoffice as: dcd12466-2aa3-454f-8ed6-f2c5310c049a
Process of creating providers done successfully
Skipping, Metadata event code com.adobe.commerce.observer.catalog_product_delete_commit_after already exists!
Skipping, Metadata event code com.adobe.commerce.observer.catalog_product_save_commit_after already exists!
Skipping, Metadata event code com.adobe.commerce.observer.customer_save_commit_after already exists!
Skipping, Metadata event code com.adobe.commerce.observer.customer_delete_commit_after already exists!
Skipping, Metadata event code com.adobe.commerce.observer.customer_group_save_commit_after already exists!
Skipping, Metadata event code com.adobe.commerce.observer.customer_group_delete_commit_after already exists!
Skipping, Metadata event code com.adobe.commerce.observer.sales_order_save_commit_after already exists!
Skipping, Metadata event code com.adobe.commerce.observer.cataloginventory_stock_item_save_commit_after already exists!
Skipping, Metadata event code be-observer.catalog_product_create already exists!
Skipping, Metadata event code be-observer.catalog_product_update already exists!
Skipping, Metadata event code be-observer.catalog_product_delete already exists!
Skipping, Metadata event code be-observer.customer_create already exists!
Skipping, Metadata event code be-observer.customer_update already exists!
Skipping, Metadata event code be-observer.customer_delete already exists!
Skipping, Metadata event code be-observer.customer_group_create already exists!
Skipping, Metadata event code be-observer.customer_group_update already exists!
Skipping, Metadata event code be-observer.customer_group_delete already exists!
Skipping, Metadata event code be-observer.sales_order_status_update already exists!
Skipping, Metadata event code be-observer.sales_order_shipment_create already exists!
Skipping, Metadata event code be-observer.sales_order_shipment_update already exists!
Skipping, Metadata event code be-observer.catalog_stock_update already exists!
Start creating registrations for the provider: Commerce Provider - starterkitpablomoren-stage
Registration created for entity product - commerce
Registration created for entity customer - commerce
Registration created for entity order - commerce
Registration created for entity stock - commerce
Start creating registrations for the provider: Backoffice Provider - starterkitpablomoren-stage
Registration created for entity product - backoffice
Registration created for entity customer - backoffice
Registration created for entity order - backoffice
Registration created for entity stock - backoffice
Create registrations process done correctly!
Created registrations: [
{
id: 3410712,
registration_id: 'fc08dc7a-626d-48d3-9764-72200cb235fc',
name: 'Commerce Product Sync',
enabled: true
},
{
id: 3410714,
registration_id: 'e940e154-f8bf-4c65-8af4-f582423c6556',
name: 'Commerce Customer Sync',
enabled: true
},
{
id: 3410715,
registration_id: '6742b3bc-1810-42c7-8fec-733498c5f066',
name: 'Commerce Order Sync',
enabled: true
},
{
id: 3410716,
registration_id: 'f1c04b74-f544-4829-8382-ba9f68842c0c',
name: 'Commerce Stock Sync',
enabled: true
},
{
id: 3410717,
registration_id: 'dcd66b61-5aa9-4de2-8e31-f869aba31079',
name: 'Backoffice Product Sync',
enabled: true
},
{
id: 3410718,
registration_id: 'b43ebe28-6891-495c-94cf-e4012e3bd429',
name: 'Backoffice Customer Sync',
enabled: true
},
{
id: 3410719,
registration_id: 'd950b2c1-bf62-4b09-97f8-6315b58b1cce',
name: 'Backoffice Order Sync',
enabled: true
},
{
id: 3410720,
registration_id: 'f4c163a6-77d0-4c7d-aa3f-849de2df72dd',
name: 'Backoffice Stock Sync',
enabled: true
}
]
Onboarding completed successfully: [
{
key: 'commerce',
id: '88819dec-246e-4c06-b13c-d62e5ac49e38',
instanceId: 'a0f658a9-7fcd-4224-ab5b-28a428484eff',
label: 'Commerce Provider - starterkitpablomoren-stage'
},
{
key: 'backoffice',
id: 'dcd12466-2aa3-454f-8ed6-f2c5310c049a',
instanceId: '656b76cb-aa6b-4930-b6d3-1feee7500723',
label: 'Backoffice Provider - starterkitpablomoren-stage'
}
]
Starting the process of configuring Adobe I/O Events module in Commerce...
2026-04-08T09:36:20.107Z [auth] info: Commerce client is using IMS OAuth authentication
Process of configuring Adobe I/O Events module in Commerce completed successfully
`

`
npm run commerce-event-subscribe  ✔  10093  11:38:10

commerce-integration-starter-kit@1.0.2 commerce-event-subscribe
node --no-warnings -e 'require("./scripts/commerce-event-subscribe/index.js").main()'

Starting the commerce event subscribe process
2026-04-08T09:40:35.042Z [auth] info: Commerce client is using IMS OAuth authentication
Successfully subscribed to event: observer.catalog_product_delete_commit_after
2026-04-08T09:40:36.561Z [auth] info: Commerce client is using IMS OAuth authentication
Successfully subscribed to event: observer.catalog_product_save_commit_after
2026-04-08T09:40:37.410Z [auth] info: Commerce client is using IMS OAuth authentication
Successfully subscribed to event: observer.customer_save_commit_after
2026-04-08T09:40:38.431Z [auth] info: Commerce client is using IMS OAuth authentication
Successfully subscribed to event: observer.customer_delete_commit_after
2026-04-08T09:40:39.381Z [auth] info: Commerce client is using IMS OAuth authentication
Successfully subscribed to event: observer.customer_group_save_commit_after
2026-04-08T09:40:40.090Z [auth] info: Commerce client is using IMS OAuth authentication
Successfully subscribed to event: observer.customer_group_delete_commit_after
2026-04-08T09:40:40.939Z [auth] info: Commerce client is using IMS OAuth authentication
Successfully subscribed to event: observer.sales_order_save_commit_after
2026-04-08T09:40:41.730Z [auth] info: Commerce client is using IMS OAuth authentication
Successfully subscribed to event: observer.cataloginventory_stock_item_save_commit_after
Finished the commerce event subscribe process with result {
successfulSubscriptions: [
'observer.catalog_product_delete_commit_after',
'observer.catalog_product_save_commit_after',
'observer.customer_save_commit_after',
'observer.customer_delete_commit_after',
'observer.customer_group_save_commit_after',
'observer.customer_group_delete_commit_after',
'observer.sales_order_save_commit_after',
'observer.cataloginventory_stock_item_save_commit_after'
],
failedSubscriptions: []
}
`

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• I have signed the Adobe Open Source CLA.
• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[obarcelonap]

thanks for taking care 👏