fix(deps): vuln minor upgrades — 14 packages (minor: 6 · patch: 8) #794
Conversation
This comment has been minimized.
This comment has been minimized.
Auto-rebase failedLockfile regeneration failed during rebase onto Error detailschild workflow execution error (type: engraver.Engraver_AllManagersWorkflow, workflowID: 019f6219-ae40-7d6f-b337-e3edc0528ae0_71, runID: 019f6219-c8bb-70b2-9678-7d3067b87f75, initiatedEventID: 71, startedEventID: 72): custom action(s) failed and produced no changes: [registry.ddbuild.io/images/engraver-custom-action:update-yarn-lockfile] Auto-Rebase · Add |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2057666048
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "resolutions": { | ||
| "fast-xml-parser": "^4.5.7", | ||
| "uuid": "^8.3.2", | ||
| "js-yaml": "^3.14.2" |
There was a problem hiding this comment.
Keep js-yaml 4.x consumers out of the 3.x override
Yarn Classic resolutions are global overrides, and its docs note they warn when a resolution is incompatible with the original range; this unqualified js-yaml override now collapses @datadog/wasm-js-rewriter@5.0.1's js-yaml "^4.1.0" dependency to js-yaml@3.15.0 in yarn.lock (js-yaml@^3.13.1, js-yaml@^3.14.2, js-yaml@^4.1.0). Before this change that edge resolved to 4.2.0, so any use of the rewriter/source-map code now runs against an unsupported major; please use a scoped resolution or keep a separate 4.x lock entry instead of forcing all consumers to 3.x.
Useful? React with 👍 / 👎.
Summary: Critical-severity security update — 14 packages upgraded (MINOR changes included)
Manifests changed:
.(yarn)✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.
Updates
Security Details
🚨 Critical & High Severity (17 fixed)
_.templateimports key namesℹ️ Other Vulnerabilities (25)
_.unsetand_.omit_.unsetand_.omitfunctionsReview Checklist
Standard review:
Update Mode: all_vulns
🤖 Generated by DataDog Automated Dependency Management System