Commit 8dd313a
committed
chore(deps): npm audit fix — clear 8 Dependabot alerts on validator lockfile
All eight open Dependabot alerts against
newrelic/open-install-library point at transitive npm dependencies in
validator/package-lock.json. `npm audit fix` resolves every one of
them without needing --force, so no top-level dep needed a semver bump
and validator/package.json is untouched.
Packages moved to a patched version:
- js-yaml -> >= 3.15.0 (medium)
- brace-expansion -> >= 1.1.13 (medium)
- fast-uri -> >= 3.1.2 (high)
- minimatch -> >= 3.1.4 (high)
- ajv -> >= 8.18.0 (medium)
Verified:
- npm audit -> 0 vulnerabilities remaining (was 5 local / 8 GitHub-side)
- npm run check -> every recipe validates cleanly against schema-v1.json1 parent 39f4ad6 commit 8dd313a
1 file changed
Lines changed: 31 additions & 30 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments