Skip to content

chore: Update dependencies (vulnbash)#158

Open
devinpitcher wants to merge 1 commit into
mainfrom
devin/06-24-chore_update_dependencies_vulnbash_
Open

chore: Update dependencies (vulnbash)#158
devinpitcher wants to merge 1 commit into
mainfrom
devin/06-24-chore_update_dependencies_vulnbash_

Conversation

@devinpitcher

@devinpitcher devinpitcher commented Jun 24, 2026

Copy link
Copy Markdown
Member

Pull request details

Description of the change

Adds an npm overrides entry for js-yaml@^4.2.0 to resolve 18 moderate audit findings from a nested vulnerable copy (<=4.1.1) pulled in through Jest’s coverage toolchain (babel-plugin-istanbul@istanbuljs/load-nyc-config).

Type of change

  • Refactor (code change wth no functionality change)
  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Copy link
Copy Markdown
Member Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@devinpitcher devinpitcher marked this pull request as ready for review June 24, 2026 18:35

@senorbacon senorbacon left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't get why the diff on package-lock.json is so huge for such a small change to package.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants