chore: apply npm audit fix for transitive devDependency vulnerabilities#102
Conversation
Bumps ajv, js-yaml, minimatch, brace-expansion, and flatted to patched versions within the semver ranges already declared by eslint and mocha. No package.json changes — resolutions only. This resolves 5 of the 8 npm audit findings; the remaining 2 (diff, serialize-javascript) are pinned by mocha's own dependency declarations and have no fix available in a current stable mocha release. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (1)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
All tests passing |
Bumps ajv, js-yaml, minimatch, brace-expansion, and flatted to patched versions within the semver ranges already declared by eslint and mocha.
No package.json changes — resolutions only. This resolves 5 of the 8 npm audit findings; the remaining 2 (diff, serialize-javascript) are pinned by mocha's own dependency declarations and have no fix available in a current stable mocha release.