chore(deps): bump vulnerable transitive dependencies via resolutions

brendan-kellam · claude · brendan-kellam · commit c4882800db8d · 2026-04-02T17:31:24.000-07:00
Add yarn resolutions to upgrade path-to-regexp (^8.4.0), picomatch v4
(^4.0.4), and fast-xml-parser (^5.5.6) to patched versions.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/package.json b/package.json
@@ -37,6 +37,9 @@
         "node-gyp/glob": "^10.5.0",
         "sucrase/glob": "^10.5.0",
         "rimraf@npm:5.0.10/glob": "^10.5.0",
-        "@opentelemetry/resources": "2.5.1"
+        "@opentelemetry/resources": "2.5.1",
+        "path-to-regexp": "^8.4.0",
+        "picomatch@^4": "^4.0.4",
+        "fast-xml-parser": "^5.5.6"
     }
 }
diff --git a/yarn.lock b/yarn.lock
@@ -3838,7 +3838,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@modelcontextprotocol/sdk@npm:^1.25.0, @modelcontextprotocol/sdk@npm:^1.26.0, @modelcontextprotocol/sdk@npm:^1.27.1":
+"@modelcontextprotocol/sdk@npm:^1.25.0, @modelcontextprotocol/sdk@npm:^1.26.0":
   version: 1.27.1
   resolution: "@modelcontextprotocol/sdk@npm:1.27.1"
   dependencies:
@@ -3871,6 +3871,39 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@modelcontextprotocol/sdk@npm:^1.27.1":
+  version: 1.29.0
+  resolution: "@modelcontextprotocol/sdk@npm:1.29.0"
+  dependencies:
+    "@hono/node-server": "npm:^1.19.9"
+    ajv: "npm:^8.17.1"
+    ajv-formats: "npm:^3.0.1"
+    content-type: "npm:^1.0.5"
+    cors: "npm:^2.8.5"
+    cross-spawn: "npm:^7.0.5"
+    eventsource: "npm:^3.0.2"
+    eventsource-parser: "npm:^3.0.0"
+    express: "npm:^5.2.1"
+    express-rate-limit: "npm:^8.2.1"
+    hono: "npm:^4.11.4"
+    jose: "npm:^6.1.3"
+    json-schema-typed: "npm:^8.0.2"
+    pkce-challenge: "npm:^5.0.0"
+    raw-body: "npm:^3.0.0"
+    zod: "npm:^3.25 || ^4.0"
+    zod-to-json-schema: "npm:^3.25.1"
+  peerDependencies:
+    "@cfworker/json-schema": ^4.1.1
+    zod: ^3.25 || ^4.0
+  peerDependenciesMeta:
+    "@cfworker/json-schema":
+      optional: true
+    zod:
+      optional: false
+  checksum: 10c0/7c4bc339205b1652330cd4e6b121cc859079655f2b9c0506bbb15563ba0d07924bda3d949705530532db7f4d2cb86d633dc8f92bc32803d97c7bece2ac63e29f
+  languageName: node
+  linkType: hard
+
 "@msgpack/msgpack@npm:^2.5.1":
   version: 2.8.0
   resolution: "@msgpack/msgpack@npm:2.8.0"
@@ -7350,17 +7383,35 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@react-grab/cli@npm:0.1.29":
+  version: 0.1.29
+  resolution: "@react-grab/cli@npm:0.1.29"
+  dependencies:
+    "@antfu/ni": "npm:^0.23.0"
+    commander: "npm:^14.0.0"
+    ignore: "npm:^7.0.5"
+    jsonc-parser: "npm:^3.3.1"
+    ora: "npm:^8.2.0"
+    picocolors: "npm:^1.1.1"
+    prompts: "npm:^2.4.2"
+    smol-toml: "npm:^1.6.0"
+  bin:
+    react-grab: dist/cli.js
+  checksum: 10c0/b67c6ea6f14f722cf066629ed01b0fe9a0dd893c0c7a9c525b8b2c39503dc6d3defa339ddcb0fec8a3ea79e92ea933a70c2fa82580d2da3e7eba382ef9710cb2
+  languageName: node
+  linkType: hard
+
 "@react-grab/mcp@npm:^0.1.23":
-  version: 0.1.23
-  resolution: "@react-grab/mcp@npm:0.1.23"
+  version: 0.1.29
+  resolution: "@react-grab/mcp@npm:0.1.29"
   dependencies:
     "@modelcontextprotocol/sdk": "npm:^1.25.0"
     fkill: "npm:^9.0.0"
-    react-grab: "npm:0.1.23"
+    react-grab: "npm:0.1.29"
     zod: "npm:^3.25.0"
   bin:
     react-grab-mcp: dist/cli.cjs
-  checksum: 10c0/0c0eac7081138b2b55a1171607371c8918139d8f249908bc3e57ae9cc1e92c5d5e9ca8b14c7bb20da4ad5be2ab7c2029179b5248f7d10e88edc229acbdf809ae
+  checksum: 10c0/ce852f1eac43a7b932ad494f8b76f2cd9ec654fe64e8c9ea950ee1739af9fb636c20792623322ca772fac2858b735cd17f49cf4aa59b9311b4a75843fd9657b6
   languageName: node
   linkType: hard
 
@@ -11093,6 +11144,17 @@ __metadata:
   languageName: node
   linkType: hard
 
+"bippy@npm:^0.5.32":
+  version: 0.5.32
+  resolution: "bippy@npm:0.5.32"
+  dependencies:
+    "@types/react-reconciler": "npm:^0.28.9"
+  peerDependencies:
+    react: ">=17.0.1"
+  checksum: 10c0/019a6800ad54da471ff915a4b5815baa8981ebde1695aca79387fa67cd298d875631b3b83123c05dd2977077bfe0af651b1df59683a78dd428fccd8f80f38894
+  languageName: node
+  linkType: hard
+
 "body-parser@npm:1.20.3":
   version: 1.20.3
   resolution: "body-parser@npm:1.20.3"
@@ -12765,6 +12827,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"element-source@npm:^0.0.3":
+  version: 0.0.3
+  resolution: "element-source@npm:0.0.3"
+  dependencies:
+    bippy: "npm:^0.5.32"
+  checksum: 10c0/82ff07d9e9a5de3c8a881d6b9a359b3e1e7c9be74657a1dfe9dc8ed2418599b3877534e1a1afc078a3de59a6a7286251a56e2c06d31d951b57642ab8277bdd32
+  languageName: node
+  linkType: hard
+
 "embla-carousel-auto-scroll@npm:^8.3.0":
   version: 8.5.2
   resolution: "embla-carousel-auto-scroll@npm:8.5.2"
@@ -14201,14 +14272,25 @@ __metadata:
   languageName: node
   linkType: hard
 
-"fast-xml-parser@npm:5.3.6":
-  version: 5.3.6
-  resolution: "fast-xml-parser@npm:5.3.6"
+"fast-xml-builder@npm:^1.1.4":
+  version: 1.1.4
+  resolution: "fast-xml-builder@npm:1.1.4"
   dependencies:
-    strnum: "npm:^2.1.2"
+    path-expression-matcher: "npm:^1.1.3"
+  checksum: 10c0/d5dfc0660f7f886b9f42747e6aa1d5e16c090c804b322652f65a5d7ffb93aa00153c3e1276cd053629f9f4c4f625131dc6886677394f7048e827e63b97b18927
+  languageName: node
+  linkType: hard
+
+"fast-xml-parser@npm:^5.5.6":
+  version: 5.5.9
+  resolution: "fast-xml-parser@npm:5.5.9"
+  dependencies:
+    fast-xml-builder: "npm:^1.1.4"
+    path-expression-matcher: "npm:^1.2.0"
+    strnum: "npm:^2.2.2"
   bin:
     fxparser: src/cli/cli.js
-  checksum: 10c0/0150cc0566f327a76115de8b11628d717fb179010ed9bb77c52e579a7e6055a0f92f42f83678a6f1ec5b74411faec09713cb1f9b94bc687068ad86884a9199fa
+  checksum: 10c0/b7f40f586c01a916a75be15b11ec0e83a38483885395bdeca51da8992a75e3d4d9b6c2690f362b975bfcb5118909ee4b0393e18ec9c9151345d5e13152370969
   languageName: node
   linkType: hard
 
@@ -18505,6 +18587,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"path-expression-matcher@npm:^1.1.3, path-expression-matcher@npm:^1.2.0":
+  version: 1.2.0
+  resolution: "path-expression-matcher@npm:1.2.0"
+  checksum: 10c0/86c661dfb265ed5dd1ddd9188f0dfbecf4ec4dc3ea6cabab081d3a2ba285054d9767a641a233bd6fd694fd89f7d0ef94913032feddf5365252700b02db4bf4e1
+  languageName: node
+  linkType: hard
+
 "path-key@npm:^2.0.1":
   version: 2.0.1
   resolution: "path-key@npm:2.0.1"
@@ -18563,17 +18652,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"path-to-regexp@npm:0.1.12":
-  version: 0.1.12
-  resolution: "path-to-regexp@npm:0.1.12"
-  checksum: 10c0/1c6ff10ca169b773f3bba943bbc6a07182e332464704572962d277b900aeee81ac6aa5d060ff9e01149636c30b1f63af6e69dd7786ba6e0ddb39d4dee1f0645b
-  languageName: node
-  linkType: hard
-
-"path-to-regexp@npm:^8.0.0":
-  version: 8.2.0
-  resolution: "path-to-regexp@npm:8.2.0"
-  checksum: 10c0/ef7d0a887b603c0a142fad16ccebdcdc42910f0b14830517c724466ad676107476bba2fe9fffd28fd4c141391ccd42ea426f32bb44c2c82ecaefe10c37b90f5a
+"path-to-regexp@npm:^8.4.0":
+  version: 8.4.2
+  resolution: "path-to-regexp@npm:8.4.2"
+  checksum: 10c0/05b115c49b47ad252ce05faa32930f643f23769c68b8bcfe78ad833545140c48bbffb3266986d6c8d5db13a64cf12e07e0d72d9882cab830efeefa553533ebaf
   languageName: node
   linkType: hard
 
@@ -18694,9 +18776,9 @@ __metadata:
   linkType: hard
 
 "picomatch@npm:^4.0.2, picomatch@npm:^4.0.3":
-  version: 4.0.3
-  resolution: "picomatch@npm:4.0.3"
-  checksum: 10c0/9582c951e95eebee5434f59e426cddd228a7b97a0161a375aed4be244bd3fe8e3a31b846808ea14ef2c8a2527a6eeab7b3946a67d5979e81694654f939473ae2
+  version: 4.0.4
+  resolution: "picomatch@npm:4.0.4"
+  checksum: 10c0/e2c6023372cc7b5764719a5ffb9da0f8e781212fa7ca4bd0562db929df8e117460f00dff3cb7509dacfc06b86de924b247f504d0ce1806a37fac4633081466b0
   languageName: node
   linkType: hard
 
@@ -19386,7 +19468,27 @@ __metadata:
   languageName: node
   linkType: hard
 
-"react-grab@npm:0.1.23, react-grab@npm:^0.1.23":
+"react-grab@npm:0.1.29":
+  version: 0.1.29
+  resolution: "react-grab@npm:0.1.29"
+  dependencies:
+    "@medv/finder": "npm:^4.0.2"
+    "@react-grab/cli": "npm:0.1.29"
+    bippy: "npm:^0.5.32"
+    element-source: "npm:^0.0.3"
+    solid-js: "npm:^1.9.10"
+  peerDependencies:
+    react: ">=17.0.0"
+  peerDependenciesMeta:
+    react:
+      optional: true
+  bin:
+    react-grab: bin/cli.js
+  checksum: 10c0/7afd3959f3395c357dbaa5a09a4ce7b7b64455c2b5ed9aac97c84a07e0370af68a31b32b3a43d1724714065cb3f4e1a0f48a9bdb25757fbf86e8ac8baf08c6d7
+  languageName: node
+  linkType: hard
+
+"react-grab@npm:^0.1.23":
   version: 0.1.23
   resolution: "react-grab@npm:0.1.23"
   dependencies:
@@ -21339,10 +21441,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"strnum@npm:^2.1.2":
-  version: 2.1.2
-  resolution: "strnum@npm:2.1.2"
-  checksum: 10c0/4e04753b793540d79cd13b2c3e59e298440477bae2b853ab78d548138385193b37d766d95b63b7046475d68d44fb1fca692f0a3f72b03f4168af076c7b246df9
+"strnum@npm:^2.2.2":
+  version: 2.2.2
+  resolution: "strnum@npm:2.2.2"
+  checksum: 10c0/89c456de32b9495ae34cd6e3b59cb9ef3406b66d1429bbc931afd70be87485dcd355200c42fd638a132adb3121762542346813098ab0c43e44aac303bf17965d
   languageName: node
   linkType: hard
 

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,9 @@`
`37`	`37`	`"node-gyp/glob": "^10.5.0",`
`38`	`38`	`"sucrase/glob": "^10.5.0",`
`39`	`39`	`"rimraf@npm:5.0.10/glob": "^10.5.0",`
`40`		`- "@opentelemetry/resources": "2.5.1"`
	`40`	`+ "@opentelemetry/resources": "2.5.1",`
	`41`	`+ "path-to-regexp": "^8.4.0",`
	`42`	`+ "picomatch@^4": "^4.0.4",`
	`43`	`+ "fast-xml-parser": "^5.5.6"`
`41`	`44`	`}`
`42`	`45`	`}`