Skip to content

fix: update yarn resolutions to patch open Dependabot alerts #968

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jonathannorris merged 1 commit into from
Mar 31, 2026
+46 −57
Merged

fix: update yarn resolutions to patch open Dependabot alerts #968

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 14 additions & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,20 @@
"packageManager": "yarn@4.9.2",
"resolutions": {
"send@0.18.0": "^0.19.0",
"serialize-javascript": "7.0.3",
"serialize-javascript": "7.0.5",
"ajv@^8.0.0": "8.18.0",
"fast-xml-parser": "^5.5.7"
"fast-xml-parser": "^5.5.7",
"path-to-regexp": "0.1.13",
Copy link

Copilot AI Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The resolutions entry for path-to-regexp is currently global (no range selector), which forces all consumers onto 0.1.13. In this lockfile, react-router@5.3.4 requests path-to-regexp@^1.7.0 and serve-handler@6.1.7 requests path-to-regexp@3.3.0; pinning both to 0.1.x is very likely to be a breaking change at runtime. Please scope this resolution to only the vulnerable 0.1.12 line (e.g., match ~0.1.12) so that 1.x/3.x consumers keep their compatible major versions.

Suggested change
"path-to-regexp": "0.1.13",
"path-to-regexp@~0.1.12": "0.1.13",

Copilot uses AI. Check for mistakes.
"brace-expansion@^1.1.7": "1.1.13",
"brace-expansion@^2.0.1": "2.0.3",
"brace-expansion@^2.0.2": "2.0.3",
"yaml@^1.10.0": "1.10.3",
"yaml@^2.3.4": "2.8.3",
"yaml@^2.7.0": "2.8.3",
"picomatch@^2.0.4": "2.3.2",
"picomatch@^2.2.1": "2.3.2",
"picomatch@^2.2.3": "2.3.2",
"picomatch@^2.3.1": "2.3.2",
"picomatch@^4.0.2": "4.0.4"
}
}
87 changes: 32 additions & 55 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5274,22 +5274,22 @@ __metadata:
languageName: node
linkType: hard

"brace-expansion@npm:^1.1.7":
version: 1.1.12
resolution: "brace-expansion@npm:1.1.12"
"brace-expansion@npm:1.1.13":
version: 1.1.13
resolution: "brace-expansion@npm:1.1.13"
dependencies:
balanced-match: "npm:^1.0.0"
concat-map: "npm:0.0.1"
checksum: 10/12cb6d6310629e3048cadb003e1aca4d8c9bb5c67c3c321bafdd7e7a50155de081f78ea3e0ed92ecc75a9015e784f301efc8132383132f4f7904ad1ac529c562
checksum: 10/b5f4329fdbe9d2e25fa250c8f866ebd054ba946179426e99b86dcccddabdb1d481f0e40ee5430032e62a7d0a6c2837605ace6783d015aa1d65d85ca72154d936
languageName: node
linkType: hard

"brace-expansion@npm:^2.0.1, brace-expansion@npm:^2.0.2":
version: 2.0.2
resolution: "brace-expansion@npm:2.0.2"
"brace-expansion@npm:2.0.3":
version: 2.0.3
resolution: "brace-expansion@npm:2.0.3"
dependencies:
balanced-match: "npm:^1.0.0"
checksum: 10/01dff195e3646bc4b0d27b63d9bab84d2ebc06121ff5013ad6e5356daa5a9d6b60fa26cf73c74797f2dc3fbec112af13578d51f75228c1112b26c790a87b0488
checksum: 10/e9dd66caaf0784126e1654f1bc19adb28f3ef86f39f2226f833f7700ec727c141f6cd85eaa47bacf3426beda01c9fbc3a2f28174cf59330dc9b58ffaf9e09d96
languageName: node
linkType: hard

Expand Down Expand Up @@ -8664,13 +8664,6 @@ __metadata:
languageName: node
linkType: hard

"isarray@npm:0.0.1":
version: 0.0.1
resolution: "isarray@npm:0.0.1"
checksum: 10/49191f1425681df4a18c2f0f93db3adb85573bcdd6a4482539d98eac9e705d8961317b01175627e860516a2fc45f8f9302db26e5a380a97a520e272e2a40a8d4
languageName: node
linkType: hard

"isarray@npm:~1.0.0":
version: 1.0.0
resolution: "isarray@npm:1.0.0"
Expand Down Expand Up @@ -10889,26 +10882,10 @@ __metadata:
languageName: node
linkType: hard

"path-to-regexp@npm:3.3.0":
version: 3.3.0
resolution: "path-to-regexp@npm:3.3.0"
checksum: 10/8d256383af8db66233ee9027cfcbf8f5a68155efbb4f55e784279d3ab206dcaee554ddb72ff0dae97dd2882af9f7fa802634bb7cffa2e796927977e31b829259
languageName: node
linkType: hard

"path-to-regexp@npm:^1.7.0":
version: 1.9.0
resolution: "path-to-regexp@npm:1.9.0"
dependencies:
isarray: "npm:0.0.1"
checksum: 10/67f0f4823f7aab356523d93a83f9f8222bdd119fa0b27a8f8b587e8e6c9825294bb4ccd16ae619def111ff3fe5d15ff8f658cdd3b0d58b9c882de6fd15bc1b76
languageName: node
linkType: hard

"path-to-regexp@npm:~0.1.12":
version: 0.1.12
resolution: "path-to-regexp@npm:0.1.12"
checksum: 10/2e30f6a0144679c1f95c98e166b96e6acd1e72be9417830fefc8de7ac1992147eb9a4c7acaa59119fb1b3c34eec393b2129ef27e24b2054a3906fc4fb0d1398e
"path-to-regexp@npm:0.1.13":
version: 0.1.13
resolution: "path-to-regexp@npm:0.1.13"
checksum: 10/f1e4bdedc4fd41a3b8dd76e8b2e1183105348c6b205badc072581ca63dc6aa7976a8a67feaffcf0e505f51ac12cb1a2de7f3fef3e9085b6849e76232d73ddcba
languageName: node
linkType: hard

Expand All @@ -10933,17 +10910,17 @@ __metadata:
languageName: node
linkType: hard

"picomatch@npm:^2.0.4, picomatch@npm:^2.2.1, picomatch@npm:^2.2.3, picomatch@npm:^2.3.1":
version: 2.3.1
resolution: "picomatch@npm:2.3.1"
checksum: 10/60c2595003b05e4535394d1da94850f5372c9427ca4413b71210f437f7b2ca091dbd611c45e8b37d10036fa8eade25c1b8951654f9d3973bfa66a2ff4d3b08bc
"picomatch@npm:2.3.2":
version: 2.3.2
resolution: "picomatch@npm:2.3.2"
checksum: 10/b788ef8148a2415b9dec12f0bb350ae6a5830f8f1950e472abc2f5225494debf7d1b75eb031df0ceaea9e8ec3e7bad599e8dbf3c60d61b42be429ba41bff4426
languageName: node
linkType: hard

"picomatch@npm:^4.0.2":
version: 4.0.3
resolution: "picomatch@npm:4.0.3"
checksum: 10/57b99055f40b16798f2802916d9c17e9744e620a0db136554af01d19598b96e45e2f00014c91d1b8b13874b80caa8c295b3d589a3f72373ec4aaf54baa5962d5
"picomatch@npm:4.0.4":
version: 4.0.4
resolution: "picomatch@npm:4.0.4"
checksum: 10/f6ef80a3590827ce20378ae110ac78209cc4f74d39236370f1780f957b7ee41c12acde0e4651b90f39983506fd2f5e449994716f516db2e9752924aff8de93ce
languageName: node
linkType: hard

Expand Down Expand Up @@ -13279,10 +13256,10 @@ __metadata:
languageName: node
linkType: hard

"serialize-javascript@npm:7.0.3":
version: 7.0.3
resolution: "serialize-javascript@npm:7.0.3"
checksum: 10/ce45e28663ee1fa6f32c408c0a563c4a96e872cdc83dc3064c73126f2412048c6c984bfc1160c40188fcfa06cf5e075f5cc2e3261b0384dc8fdef34675c5adef
"serialize-javascript@npm:7.0.5":
version: 7.0.5
resolution: "serialize-javascript@npm:7.0.5"
checksum: 10/6237c76ef6df3d1ad61dd4a393b71ca758c7654f4d1cf77529e513134c0f0660302e03b7ec88a8f3a3daa79e1f93d6de8218ecbc45e073d7cc6b66284a1d3e83
languageName: node
linkType: hard

Expand Down Expand Up @@ -15102,19 +15079,19 @@ __metadata:
languageName: node
linkType: hard

"yaml@npm:^1.10.0":
version: 1.10.2
resolution: "yaml@npm:1.10.2"
checksum: 10/e088b37b4d4885b70b50c9fa1b7e54bd2e27f5c87205f9deaffd1fb293ab263d9c964feadb9817a7b129a5bf30a06582cb08750f810568ecc14f3cdbabb79cb3
"yaml@npm:1.10.3":
version: 1.10.3
resolution: "yaml@npm:1.10.3"
checksum: 10/e2ef2feb92c708138f016c69777a0f1e45f6d3c5e7cbcda30807a98a37eda2e008bd4fa57352b043c65245a4c799d0c99d1f9b3425de40e70929e26d2ea38215
languageName: node
linkType: hard

"yaml@npm:^2.3.4, yaml@npm:^2.7.0":
version: 2.8.1
resolution: "yaml@npm:2.8.1"
"yaml@npm:2.8.3":
version: 2.8.3
resolution: "yaml@npm:2.8.3"
bin:
yaml: bin.mjs
checksum: 10/eae07b3947d405012672ec17ce27348aea7d1fa0534143355d24a43a58f5e05652157ea2182c4fe0604f0540be71f99f1173f9d61018379404507790dff17665
checksum: 10/ecad41d39d34fae5cc17ea2d4b7f7f55faacd45cbce8983ba22d48d1ed1a92ed242ea49ea813a79ac39a69f75f9c5a03e7b5395fd954d55476f25e21a47c141d
languageName: node
linkType: hard

Expand Down
Loading