Skip to content

Commit 4ac9ca1

Browse files
kkafardependabot[bot]
kkafar
and
dependabot[bot]
authored
chore(deps): aggregate dependabot updates (#3810)
## Description Aggregate PR for dependabot security updates. This PR collects all pending dependabot dependency bumps into a single merge to keep the main branch clean. Includes: - #3806 - #3805 - #3804 - #3803 - #3802 - #3801 - #3792 - #3791 - #3783 - #3780 ## Changes - **picomatch** 2.3.1 → 2.3.2 in /FabricExample, /TVOSExample, /docs (CVE-2026-33671, CVE-2026-33672) - **fast-xml-parser** 4.5.4 → 4.5.5 in /FabricExample, /TVOSExample (prototype pollution, entity expansion fixes) - **yaml** 1.10.2 → 1.10.3 in /docs (stack overflow fix) - **activesupport** 7.0.8.1 → 7.2.3.1 in /FabricExample, 6.1.7.10 → 7.2.3.1 in /TVOSExample (CVE-2026-33176, CVE-2026-33170, CVE-2026-33169) - **flatted** 3.3.3 → 3.4.2 in root, 3.3.1 → 3.4.2 in /TVOSExample (CWE-1321, prototype pollution fix) All changes are limited to lock files (yarn.lock, Gemfile.lock). ## Test plan No functional changes — only lock file updates for security patches. CI should pass as-is. ## Checklist - [x] Ensured that CI passes --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 1d96c3a commit 4ac9ca1

6 files changed

Lines changed: 58 additions & 39 deletions

File tree

FabricExample/Gemfile.lock

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,18 @@ GEM
55
base64
66
nkf
77
rexml
8-
activesupport (7.0.8.1)
9-
concurrent-ruby (~> 1.0, >= 1.0.2)
8+
activesupport (7.2.3.1)
9+
base64
10+
benchmark (>= 0.3)
11+
bigdecimal
12+
concurrent-ruby (~> 1.0, >= 1.3.1)
13+
connection_pool (>= 2.2.5)
14+
drb
1015
i18n (>= 1.6, < 2)
11-
minitest (>= 5.1)
12-
tzinfo (~> 2.0)
16+
logger (>= 1.4.2)
17+
minitest (>= 5.1, < 6)
18+
securerandom (>= 0.3)
19+
tzinfo (~> 2.0, >= 2.0.5)
1320
addressable (2.8.6)
1421
public_suffix (>= 2.0.2, < 6.0)
1522
algoliasearch (1.27.5)
@@ -58,7 +65,9 @@ GEM
5865
netrc (~> 0.11)
5966
cocoapods-try (1.2.0)
6067
colored2 (3.1.2)
61-
concurrent-ruby (1.2.3)
68+
concurrent-ruby (1.3.6)
69+
connection_pool (3.0.2)
70+
drb (2.2.3)
6271
escape (0.0.4)
6372
ethon (0.16.0)
6473
ffi (>= 1.15.0)
@@ -67,11 +76,11 @@ GEM
6776
fuzzy_match (2.0.4)
6877
gh_inspector (1.1.3)
6978
httpclient (2.8.3)
70-
i18n (1.14.1)
79+
i18n (1.14.8)
7180
concurrent-ruby (~> 1.0)
7281
json (2.7.1)
7382
logger (1.7.0)
74-
minitest (5.22.2)
83+
minitest (5.27.0)
7584
molinillo (0.8.0)
7685
mutex_m (0.3.0)
7786
nanaimo (0.3.0)
@@ -82,6 +91,7 @@ GEM
8291
public_suffix (4.0.7)
8392
rexml (3.4.2)
8493
ruby-macho (2.5.1)
94+
securerandom (0.4.1)
8595
typhoeus (1.4.1)
8696
ethon (>= 0.9.0)
8797
tzinfo (2.0.6)

FabricExample/yarn.lock

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5523,13 +5523,13 @@ __metadata:
55235523
linkType: hard
55245524

55255525
"fast-xml-parser@npm:^4.4.1":
5526-
version: 4.5.4
5527-
resolution: "fast-xml-parser@npm:4.5.4"
5526+
version: 4.5.5
5527+
resolution: "fast-xml-parser@npm:4.5.5"
55285528
dependencies:
55295529
strnum: "npm:^1.0.5"
55305530
bin:
55315531
fxparser: src/cli/cli.js
5532-
checksum: 10c0/7989148650fc1fce988798b62467f7dee0fd5a7ad049373e00e65fbc68f689c119975d03da32c427f0a1f5aad01de2efbd783a48dcdaf3ca41817a8b161ad3e8
5532+
checksum: 10c0/e65634f1ddad5c093ab77e54f188d93f2138e18fc91b923575f28ee4aee39439a535ea2f26b83b6c1aebbbcbda2daa7f9295093444c81923bc5bdf76e03f88d7
55335533
languageName: node
55345534
linkType: hard
55355535

@@ -8680,9 +8680,9 @@ __metadata:
86808680
linkType: hard
86818681

86828682
"picomatch@npm:^2.0.4, picomatch@npm:^2.2.3, picomatch@npm:^2.3.1":
8683-
version: 2.3.1
8684-
resolution: "picomatch@npm:2.3.1"
8685-
checksum: 10c0/26c02b8d06f03206fc2ab8d16f19960f2ff9e81a658f831ecb656d8f17d9edc799e8364b1f4a7873e89d9702dff96204be0fa26fe4181f6843f040f819dac4be
8683+
version: 2.3.2
8684+
resolution: "picomatch@npm:2.3.2"
8685+
checksum: 10c0/a554d1709e59be97d1acb9eaedbbc700a5c03dbd4579807baed95100b00420bc729335440ef15004ae2378984e2487a7c1cebd743cfdb72b6fa9ab69223c0d61
86868686
languageName: node
86878687
linkType: hard
86888688

TVOSExample/Gemfile.lock

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,18 +2,25 @@ GEM
22
remote: https://rubygems.org/
33
specs:
44
CFPropertyList (3.0.8)
5-
activesupport (6.1.7.10)
6-
concurrent-ruby (~> 1.0, >= 1.0.2)
5+
activesupport (7.2.3.1)
6+
base64
7+
benchmark (>= 0.3)
8+
bigdecimal
9+
concurrent-ruby (~> 1.0, >= 1.3.1)
10+
connection_pool (>= 2.2.5)
11+
drb
712
i18n (>= 1.6, < 2)
8-
minitest (>= 5.1)
9-
tzinfo (~> 2.0)
10-
zeitwerk (~> 2.3)
13+
logger (>= 1.4.2)
14+
minitest (>= 5.1, < 6)
15+
securerandom (>= 0.3)
16+
tzinfo (~> 2.0, >= 2.0.5)
1117
addressable (2.8.7)
1218
public_suffix (>= 2.0.2, < 7.0)
1319
algoliasearch (1.27.5)
1420
httpclient (~> 2.8, >= 2.8.3)
1521
json (>= 1.5.1)
1622
atomos (0.1.3)
23+
base64 (0.3.0)
1724
benchmark (0.4.0)
1825
bigdecimal (3.1.8)
1926
claide (1.1.0)
@@ -56,6 +63,8 @@ GEM
5663
cocoapods-try (1.2.0)
5764
colored2 (3.1.2)
5865
concurrent-ruby (1.3.3)
66+
connection_pool (3.0.2)
67+
drb (2.2.3)
5968
escape (0.0.4)
6069
ethon (0.16.0)
6170
ffi (>= 1.15.0)
@@ -64,11 +73,11 @@ GEM
6473
fuzzy_match (2.0.4)
6574
gh_inspector (1.1.3)
6675
httpclient (2.8.3)
67-
i18n (1.14.6)
76+
i18n (1.14.8)
6877
concurrent-ruby (~> 1.0)
6978
json (2.7.6)
7079
logger (1.6.1)
71-
minitest (5.25.1)
80+
minitest (5.27.0)
7281
molinillo (0.8.0)
7382
mutex_m (0.3.0)
7483
nanaimo (0.3.0)
@@ -77,6 +86,7 @@ GEM
7786
public_suffix (4.0.7)
7887
rexml (3.4.4)
7988
ruby-macho (2.5.1)
89+
securerandom (0.4.1)
8090
typhoeus (1.4.1)
8191
ethon (>= 0.9.0)
8292
tzinfo (2.0.6)
@@ -88,7 +98,6 @@ GEM
8898
colored2 (~> 3.1)
8999
nanaimo (~> 0.3.0)
90100
rexml (>= 3.3.6, < 4.0)
91-
zeitwerk (2.6.18)
92101

93102
PLATFORMS
94103
ruby

TVOSExample/yarn.lock

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -5300,13 +5300,13 @@ __metadata:
53005300
linkType: hard
53015301

53025302
"fast-xml-parser@npm:^4.4.1":
5303-
version: 4.5.4
5304-
resolution: "fast-xml-parser@npm:4.5.4"
5303+
version: 4.5.5
5304+
resolution: "fast-xml-parser@npm:4.5.5"
53055305
dependencies:
53065306
strnum: "npm:^1.0.5"
53075307
bin:
53085308
fxparser: src/cli/cli.js
5309-
checksum: 10c0/7989148650fc1fce988798b62467f7dee0fd5a7ad049373e00e65fbc68f689c119975d03da32c427f0a1f5aad01de2efbd783a48dcdaf3ca41817a8b161ad3e8
5309+
checksum: 10c0/e65634f1ddad5c093ab77e54f188d93f2138e18fc91b923575f28ee4aee39439a535ea2f26b83b6c1aebbbcbda2daa7f9295093444c81923bc5bdf76e03f88d7
53105310
languageName: node
53115311
linkType: hard
53125312

@@ -5423,9 +5423,9 @@ __metadata:
54235423
linkType: hard
54245424

54255425
"flatted@npm:^3.2.9":
5426-
version: 3.3.1
5427-
resolution: "flatted@npm:3.3.1"
5428-
checksum: 10c0/324166b125ee07d4ca9bcf3a5f98d915d5db4f39d711fba640a3178b959919aae1f7cfd8aabcfef5826ed8aa8a2aa14cc85b2d7d18ff638ddf4ae3df39573eaf
5426+
version: 3.4.2
5427+
resolution: "flatted@npm:3.4.2"
5428+
checksum: 10c0/a65b67aae7172d6cdf63691be7de6c5cd5adbdfdfe2e9da1a09b617c9512ed794037741ee53d93114276bff3f93cd3b0d97d54f9b316e1e4885dde6e9ffdf7ed
54295429
languageName: node
54305430
linkType: hard
54315431

@@ -8257,9 +8257,9 @@ __metadata:
82578257
linkType: hard
82588258

82598259
"picomatch@npm:^2.0.4, picomatch@npm:^2.2.3, picomatch@npm:^2.3.1":
8260-
version: 2.3.1
8261-
resolution: "picomatch@npm:2.3.1"
8262-
checksum: 10c0/26c02b8d06f03206fc2ab8d16f19960f2ff9e81a658f831ecb656d8f17d9edc799e8364b1f4a7873e89d9702dff96204be0fa26fe4181f6843f040f819dac4be
8260+
version: 2.3.2
8261+
resolution: "picomatch@npm:2.3.2"
8262+
checksum: 10c0/a554d1709e59be97d1acb9eaedbbc700a5c03dbd4579807baed95100b00420bc729335440ef15004ae2378984e2487a7c1cebd743cfdb72b6fa9ab69223c0d61
82638263
languageName: node
82648264
linkType: hard
82658265

docs/yarn.lock

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10261,9 +10261,9 @@ __metadata:
1026110261
linkType: hard
1026210262

1026310263
"picomatch@npm:^2.0.4, picomatch@npm:^2.2.1, picomatch@npm:^2.2.3, picomatch@npm:^2.3.1":
10264-
version: 2.3.1
10265-
resolution: "picomatch@npm:2.3.1"
10266-
checksum: 10c0/26c02b8d06f03206fc2ab8d16f19960f2ff9e81a658f831ecb656d8f17d9edc799e8364b1f4a7873e89d9702dff96204be0fa26fe4181f6843f040f819dac4be
10264+
version: 2.3.2
10265+
resolution: "picomatch@npm:2.3.2"
10266+
checksum: 10c0/a554d1709e59be97d1acb9eaedbbc700a5c03dbd4579807baed95100b00420bc729335440ef15004ae2378984e2487a7c1cebd743cfdb72b6fa9ab69223c0d61
1026710267
languageName: node
1026810268
linkType: hard
1026910269

@@ -13802,9 +13802,9 @@ __metadata:
1380213802
linkType: hard
1380313803

1380413804
"yaml@npm:^1.10.0, yaml@npm:^1.7.2":
13805-
version: 1.10.2
13806-
resolution: "yaml@npm:1.10.2"
13807-
checksum: 10c0/5c28b9eb7adc46544f28d9a8d20c5b3cb1215a886609a2fd41f51628d8aaa5878ccd628b755dbcd29f6bb4921bd04ffbc6dcc370689bb96e594e2f9813d2605f
13805+
version: 1.10.3
13806+
resolution: "yaml@npm:1.10.3"
13807+
checksum: 10c0/c309ff85a0a569a981d71ab9cf0fef68672a16b9cdf40639d1c3b30034f6cd16ee428602bd6d64ecf006f8c8bee499023cac236538f79898aa99fb5db529a2ed
1380813808
languageName: node
1380913809
linkType: hard
1381013810

yarn.lock

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8157,9 +8157,9 @@ __metadata:
81578157
linkType: hard
81588158

81598159
"flatted@npm:^3.2.9":
8160-
version: 3.3.3
8161-
resolution: "flatted@npm:3.3.3"
8162-
checksum: 10c0/e957a1c6b0254aa15b8cce8533e24165abd98fadc98575db082b786b5da1b7d72062b81bfdcd1da2f4d46b6ed93bec2434e62333e9b4261d79ef2e75a10dd538
8160+
version: 3.4.2
8161+
resolution: "flatted@npm:3.4.2"
8162+
checksum: 10c0/a65b67aae7172d6cdf63691be7de6c5cd5adbdfdfe2e9da1a09b617c9512ed794037741ee53d93114276bff3f93cd3b0d97d54f9b316e1e4885dde6e9ffdf7ed
81638163
languageName: node
81648164
linkType: hard
81658165

0 commit comments

Comments
 (0)