Skip to content

Commit 8dd313a

Browse files
chore(deps): npm audit fix — clear 8 Dependabot alerts on validator lockfile
All eight open Dependabot alerts against newrelic/open-install-library point at transitive npm dependencies in validator/package-lock.json. `npm audit fix` resolves every one of them without needing --force, so no top-level dep needed a semver bump and validator/package.json is untouched. Packages moved to a patched version: - js-yaml -> >= 3.15.0 (medium) - brace-expansion -> >= 1.1.13 (medium) - fast-uri -> >= 3.1.2 (high) - minimatch -> >= 3.1.4 (high) - ajv -> >= 8.18.0 (medium) Verified: - npm audit -> 0 vulnerabilities remaining (was 5 local / 8 GitHub-side) - npm run check -> every recipe validates cleanly against schema-v1.json
1 parent 39f4ad6 commit 8dd313a

1 file changed

Lines changed: 31 additions & 30 deletions

File tree

validator/package-lock.json

Lines changed: 31 additions & 30 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)