Keeping up with @datadog/datadog-ci's releases is especially important now that @datadog/datadog-ci is pinning all its dependencies. I would like to be able to upgrade @datadog/datadog-ci to get newer versions that remove the dependency on axios and upgrade to fast-xml-parser to >=5.5.7 to fix CVE-2026-26278.
I think the best solution would be for serverless-plugin-datadog to unpin its dependency on @datadog/datadog-ci. You own that package, and you already trust simple-git to be unpinned.
Keeping up with
@datadog/datadog-ci's releases is especially important now that@datadog/datadog-ciis pinning all its dependencies. I would like to be able to upgrade@datadog/datadog-cito get newer versions that remove the dependency onaxiosand upgrade tofast-xml-parserto >=5.5.7 to fix CVE-2026-26278.I think the best solution would be for
serverless-plugin-datadogto unpin its dependency on@datadog/datadog-ci. You own that package, and you already trustsimple-gitto be unpinned.