Revert "Bump the npm_and_yarn group across 1 directory with 4 updates"

[asperpharma]

Reverts #1

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8b9703c1-4604-465e-8098-b0cf2e222e04

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• ✅ Review completed - (🔄 Check again to review again)

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch revert-1-dependabot/npm_and_yarn/npm_and_yarn-d011667c1f

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[gemini-code-assist]

Code Review

This pull request reverts several dependencies in package-lock.json, including brace-expansion, flatted, lodash, and picomatch, to earlier versions. The reviewer identified that the target versions in these reverts are still compromised by a supply chain attack and recommended further downgrading to specific safe versions for all affected packages.

[gemini-code-assist]

This revert is insufficient. The version 5.0.4 of brace-expansion is also reported to be malicious as part of a supply chain attack. Please update to the last known safe version, 5.0.1.

      "version": "5.0.1",
      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.1.tgz",
      "integrity": "sha512-jdbG3g3Sg/nBItl/ET34p32y2Q82iX/g5fSP26gL2aE2sPfnY3a8Pj6Iiki2vU2w2tI7TzqnYy3sQ=="

[gemini-code-assist]

This revert is insufficient. The version 1.1.12 of brace-expansion is also reported to be malicious as part of a supply chain attack. Please update to the last known safe version, 1.1.11.

      "version": "1.1.11",
      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA=="

[gemini-code-assist]

This revert is insufficient. The version 3.4.1 of flatted is also reported to be malicious as part of a supply chain attack. Please update to the last known safe version, 3.3.1.

      "version": "3.3.1",
      "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz",
      "integrity": "sha512-X/y8v8yXQ29sMVqf+G3J/Y2a9Y2fE4pT/3s0m3sX3Jb/zGNET/eQ3hY6d/w6qA3/p643Ie/2Uv1a/A=="

[gemini-code-assist]

This revert is insufficient. The version 4.17.23 of lodash is also reported to be malicious as part of a supply chain attack. Please update to the last known safe version, 4.17.21.

      "version": "4.17.21",
      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvA=="

[gemini-code-assist]

This revert is insufficient. The version 2.0.2 of brace-expansion is also reported to be malicious as part of a supply chain attack. Please update to the last known safe version, 2.0.1.

      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzfl59ZgYAuDStV6rOAdisjWw8ffGvs2uwnM1COCj7Auh21sErkX9iaI9cOwg=="

[gemini-code-assist]

This revert is insufficient. The version 4.0.3 of picomatch is also reported to be malicious as part of a supply chain attack. Please update to the last known safe version, 4.0.2.

      "version": "4.0.2",
      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
      "integrity": "sha512-v4pGf223mmZ2p2l2w2Yt07N2T1up2QYyA3iIe51lA2m2j2a2aR0z4uY8g2z3g3sA3sYm1vTfI422A=="

[gemini-code-assist]

This revert is insufficient. The version 4.0.3 of picomatch is also reported to be malicious as part of a supply chain attack. Please update to the last known safe version, 4.0.2.

      "version": "4.0.2",
      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
      "integrity": "sha512-v4pGf223mmZ2p2l2w2Yt07N2T1up2QYyA3iIe51lA2m2j2a2aR0z4uY8g2z3g3sA3sYm1vTfI422A=="

[gemini-code-assist]

This revert is insufficient. The version 4.0.3 of picomatch is also reported to be malicious as part of a supply chain attack. Please update to the last known safe version, 4.0.2.

      "version": "4.0.2",
      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
      "integrity": "sha512-v4pGf223mmZ2p2l2w2Yt07N2T1up2QYyA3iIe51lA2m2j2a2aR0z4uY8g2z3g3sA3sYm1vTfI422A=="