Skip to content

fix: reduce dependency CVE overrides and refresh vulnerable transitive deps#2874

Merged
Saadnajmi merged 2 commits intomicrosoft:mainfrom
Saadnajmi:cve
Mar 25, 2026
Merged

fix: reduce dependency CVE overrides and refresh vulnerable transitive deps#2874
Saadnajmi merged 2 commits intomicrosoft:mainfrom
Saadnajmi:cve

Conversation

@Saadnajmi
Copy link
Collaborator

@Saadnajmi Saadnajmi commented Mar 25, 2026

  • update react-native-macos-init to npm-registry-fetch 19.x
  • refresh root and docsite lockfiles to pick patched tar/minimatch paths
  • upgrade api-extractor and serve-handler where it removes override pressure
  • collapse remaining minimatch resolutions to the smallest set Yarn will honor

@Saadnajmi
fix: reduce dependency CVE overrides
419fc2d 
Refresh vulnerable transitive dependencies and minimize remaining Yarn resolutions.
@Saadnajmi Saadnajmi requested a review from a team as a code owner March 25, 2026 21:28
@changeset-bot
Copy link

changeset-bot bot commented Mar 25, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: fcdce6d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@Saadnajmi Saadnajmi enabled auto-merge (squash) March 25, 2026 21:47
@Saadnajmi Saadnajmi merged commit 13835e9 into microsoft:main Mar 25, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vmoroz vmoroz vmoroz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Saadnajmi @vmoroz