Skip to content

build(dev-deps): bump js-yaml and @babel/core to patch security advis…#2066

Merged
madhavilosetty-intel merged 2 commits into
mainfrom
fix/root-security-bumps
Jun 30, 2026
Merged

build(dev-deps): bump js-yaml and @babel/core to patch security advis…#2066
madhavilosetty-intel merged 2 commits into
mainfrom
fix/root-security-bumps

Conversation

@madhavilosetty-intel

Copy link
Copy Markdown
Contributor

…ories

PR Checklist

  • Unit Tests have been added for new changes
  • API tests have been updated if applicable
  • All commented code has been removed
  • If you've added a dependency, you've ensured license is compatible with Apache 2.0 and clearly outlined the added dependency.

What are you changing?

Anything the reviewer should know when reviewing this PR?

If the there are associated PRs in other repositories, please link them here (i.e. device-management-toolkit/repo#365 )

…ories

Updates transitive dev dependencies to their patched versions to resolve
open Dependabot alerts (all dev-scope, lockfile only):

- js-yaml 4.1.1 -> 4.3.0 (alert #101, GHSA-h67p-54hq-rp68)
- js-yaml 3.14.2 -> 3.15.0 nested under @istanbuljs/load-nyc-config (alert #102)
- @babel/core 7.29.0 -> 7.29.7 and babel family (alert #99, GHSA-4x5r-pxfx-6jf8)

All patched versions satisfy existing semver ranges; package.json unchanged.
npm audit reports 0 vulnerabilities; build, 126 tests, and lint all pass.
@madhavilosetty-intel madhavilosetty-intel enabled auto-merge (squash) June 30, 2026 20:50
@madhavilosetty-intel madhavilosetty-intel merged commit f33c38b into main Jun 30, 2026
5 checks passed
@madhavilosetty-intel madhavilosetty-intel deleted the fix/root-security-bumps branch June 30, 2026 20:59
@RosieAMT

RosieAMT commented Jul 1, 2026

Copy link
Copy Markdown

🎉 This PR is included in version 5.0.6 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants