Skip to content

Commit dfe454e

Browse files
evan-masseauclaude
evan-masseau
and
claude
authored
fix: batch dependabot security updates for transitive deps (#335)
fix: batch security updates for transitive dependencies Consolidates 6 dependabot security PRs into a single lockfile update: - handlebars 4.7.8→4.7.9 (8 security advisories) - picomatch 2.3.1→2.3.2 (CVE-2026-33671, CVE-2026-33672) - fast-xml-parser 4.5.3→4.5.5 (prototype pollution, entity expansion) - flatted 3.3.3→3.4.2 (CWE-1321) - tar 7.5.7→7.5.11 (symlink escape via drive-relative paths) - basic-ftp 5.1.0→5.2.0 (skip invalid filenames) All are transitive dependencies (lockfile-only, no source changes). Closes #331, closes #330, closes #328, closes #325, closes #322, closes #316 Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 1fba13a commit dfe454e

1 file changed

Lines changed: 20 additions & 20 deletions

File tree

yarn.lock

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -3797,9 +3797,9 @@ __metadata:
37973797
linkType: hard
37983798

37993799
"basic-ftp@npm:^5.0.2":
3800-
version: 5.1.0
3801-
resolution: "basic-ftp@npm:5.1.0"
3802-
checksum: 883670e2bb7bc89e542f2f4aa649dab142b4ac852195dea3e08f892e4ac2d0772bde1f689fd8cf6e7113535bb0b61d9ed6351334f5e5b56a17cac64a9b58d351
3800+
version: 5.2.0
3801+
resolution: "basic-ftp@npm:5.2.0"
3802+
checksum: c49c6ab8df3d80de85f38fb33f54839f4d4bd22ec31e7762fb18c7a9a3ac6ee196b841dd6278a1a8745c39fdf12c6eddcf0b8c92681fa01c92ea8a1951e83780
38033803
languageName: node
38043804
linkType: hard
38053805

@@ -5902,13 +5902,13 @@ __metadata:
59025902
linkType: hard
59035903

59045904
"fast-xml-parser@npm:^4.4.1":
5905-
version: 4.5.3
5906-
resolution: "fast-xml-parser@npm:4.5.3"
5905+
version: 4.5.5
5906+
resolution: "fast-xml-parser@npm:4.5.5"
59075907
dependencies:
5908-
strnum: ^1.1.1
5908+
strnum: ^1.0.5
59095909
bin:
59105910
fxparser: src/cli/cli.js
5911-
checksum: cd6a184941ec6c23f9e6b514421a3f396cfdff5f4a8c7c27bd0eff896edb4a2b55c27da16f09b789663613dfc4933602b9b71ac3e9d1d2ddcc0492fc46c8fa52
5911+
checksum: bfbe4986fd7e00cd577039cb200cc6d34102f3baf839ba98cad4cc4ff777264d9d0630bc128e78c1a9f0de3ec72a278a479fe1cf4345719e23ea86b49a0192fc
59125912
languageName: node
59135913
linkType: hard
59145914

@@ -6039,9 +6039,9 @@ __metadata:
60396039
linkType: hard
60406040

60416041
"flatted@npm:^3.2.9":
6042-
version: 3.3.3
6043-
resolution: "flatted@npm:3.3.3"
6044-
checksum: 8c96c02fbeadcf4e8ffd0fa24983241e27698b0781295622591fc13585e2f226609d95e422bcf2ef044146ffacb6b68b1f20871454eddf75ab3caa6ee5f4a1fe
6042+
version: 3.4.2
6043+
resolution: "flatted@npm:3.4.2"
6044+
checksum: 1b2536fccbbf75d67a823dea67819f764c19266ad5e4aca6b47f6bf84d3b5e1c15eb5862f7dec1fb87129b60741524933192051286de52baddbc97129896380d
60456045
languageName: node
60466046
linkType: hard
60476047

@@ -6499,8 +6499,8 @@ __metadata:
64996499
linkType: hard
65006500

65016501
"handlebars@npm:^4.7.7":
6502-
version: 4.7.8
6503-
resolution: "handlebars@npm:4.7.8"
6502+
version: 4.7.9
6503+
resolution: "handlebars@npm:4.7.9"
65046504
dependencies:
65056505
minimist: ^1.2.5
65066506
neo-async: ^2.6.2
@@ -6512,7 +6512,7 @@ __metadata:
65126512
optional: true
65136513
bin:
65146514
handlebars: bin/handlebars
6515-
checksum: 00e68bb5c183fd7b8b63322e6234b5ac8fbb960d712cb3f25587d559c2951d9642df83c04a1172c918c41bcfc81bfbd7a7718bbce93b893e0135fc99edea93ff
6515+
checksum: ac39070fc1c3c76a654e4b526383eaf1601976eaa474547b263915b4806977f083600e586ca923709baeed7c82a42640bcc9cc04c37a7efd3fb444f49b8347d6
65166516
languageName: node
65176517
linkType: hard
65186518

@@ -10170,9 +10170,9 @@ __metadata:
1017010170
linkType: hard
1017110171

1017210172
"picomatch@npm:^2.0.4, picomatch@npm:^2.2.3, picomatch@npm:^2.3.1":
10173-
version: 2.3.1
10174-
resolution: "picomatch@npm:2.3.1"
10175-
checksum: 050c865ce81119c4822c45d3c84f1ced46f93a0126febae20737bd05ca20589c564d6e9226977df859ed5e03dc73f02584a2b0faad36e896936238238b0446cf
10173+
version: 2.3.2
10174+
resolution: "picomatch@npm:2.3.2"
10175+
checksum: 0a3f5b9ff28faf022e1429b66e47c122e19e7b31cbd098095d29e949684e7ff1d9b83a2133d931326a53ec6ec11c7c59b1850c27fde2f26ca1d5f35861e9701a
1017610176
languageName: node
1017710177
linkType: hard
1017810178

@@ -11804,7 +11804,7 @@ __metadata:
1180411804
languageName: node
1180511805
linkType: hard
1180611806

11807-
"strnum@npm:^1.1.1":
11807+
"strnum@npm:^1.0.5":
1180811808
version: 1.1.2
1180911809
resolution: "strnum@npm:1.1.2"
1181011810
checksum: a85219eda13e97151c95e343a9e5960eacfb0a0ff98104b4c9cb7a212e3008bddf0c9714c9c37c2e508be78e741a04afc80027c2dc18509d1b5ffd4c37191fc2
@@ -11872,15 +11872,15 @@ __metadata:
1187211872
linkType: hard
1187311873

1187411874
"tar@npm:^7.5.2":
11875-
version: 7.5.7
11876-
resolution: "tar@npm:7.5.7"
11875+
version: 7.5.11
11876+
resolution: "tar@npm:7.5.11"
1187711877
dependencies:
1187811878
"@isaacs/fs-minipass": ^4.0.0
1187911879
chownr: ^3.0.0
1188011880
minipass: ^7.1.2
1188111881
minizlib: ^3.1.0
1188211882
yallist: ^5.0.0
11883-
checksum: 82fa04804b6cae4c0b46b84e97a08c39e1c17bb959350baa32d139bcf5e1fc7ebc3ceb72465dd3e2e311992386ecc13599a257d5672158490ceb9464146d5573
11883+
checksum: 7f6785a85dd571b88985e493ec86f692962cbfa7b4017961fddfd2241e0ff3bcd89ed347f4c02b5433aa22b30cca5566e8711543df054fda8fd12425f505378f
1188411884
languageName: node
1188511885
linkType: hard
1188611886

0 commit comments

Comments
 (0)