[PR] chore(deps): bump uuid, qs, js-yaml, and @cypress/request in frontend lockfiles [superset]

Sat, 30 May 2026 13:36:14 -0700 


rusackas opened a new pull request, #40561:
URL: https://github.com/apache/superset/pull/40561

   ### SUMMARY
   
   Resolves several transitive npm security advisories in the frontend dev/test 
tooling, surfaced by Dependabot, via `package.json` `overrides`. Grouped 
because they all live in the two frontend lockfiles.
   
   **`superset-frontend/`**
   | pkg | before | after | notes |
   |---|---|---|---|
   | uuid | 8.3.2 / 9.0.1 (nested) | 14.x | unified to the root version via 
`"uuid": "$uuid"` |
   
   The nested uuid copies are under storybook, jest-junit, 
istanbul-lib-processinfo, and sockjs. Each imports the **named** API (`{ v4 }`, 
`{ v1 }`, `.v4`), which is unchanged from uuid 7 onward, so the major bump is 
API-compatible for these consumers.
   
   **`superset-frontend/cypress-base/`** (deprecated, Cypress→Playwright 
migration)
   | pkg | before | after | notes |
   |---|---|---|---|
   | uuid | 3.4.0 / 8.3.2 | 11.1.1 | global override |
   | qs | 6.10.4 | 6.15.2 | clears the moderate **and** low advisory |
   | @cypress/request | 2.88.12 | 3.0.10 | |
   | js-yaml | 4.1.0 | 4.1.1 | **scoped** under `@cypress/code-coverage`; the 
3.x used by eslint is left untouched |
   
   ### NOTES
   - Lockfiles were regenerated with `npm install --package-lock-only` 
(minimal, incremental diffs). Verified that `cypress` (11.2.0), `eslint` 
(7.32.0), and `@cypress/code-coverage` (3.10.4) versions are unchanged.
   - A full sweep confirms no remaining vulnerable instances of these four 
packages in either lockfile.
   
   ### TESTING INSTRUCTIONS
   
   - [x] `npm install --package-lock-only` resolves cleanly for both lockfiles
   - [x] Verified consuming code uses uuid's named exports (compatible with the 
bump)
   - [ ] CI green (jest / build / cypress exercise runtime)
   
   ### ADDITIONAL INFORMATION
   
   - [ ] Has associated issue: n/a
   - [ ] Required feature flags: n/a
   - [ ] Changes UI: No
   - [ ] Includes DB Migration: No
   - [ ] Introduces new feature or API: No
   - [ ] Removes existing feature or API: No
   
   🤖 Generated with [Claude Code](https://claude.com/claude-code)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to