From b5f31a390ab248f7d802fd06d68354b9e6e013d5 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Wed, 26 Nov 2025 14:04:04 +0000
Subject: [PATCH] fix: upgrade js-yaml to 3.14.2 to address CVE-2025-64718

Added package override to ensure js-yaml version 3.14.2+ is used,
addressing a moderate severity security vulnerability in the transitive
dependency. Also fixed brace-expansion vulnerability via npm audit fix.
---
 scripts/gqm_gen/package-lock.json | 12 ++++++------
 scripts/gqm_gen/package.json      |  3 +++
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/scripts/gqm_gen/package-lock.json b/scripts/gqm_gen/package-lock.json
index b88ebaf..41fe65a 100644
--- a/scripts/gqm_gen/package-lock.json
+++ b/scripts/gqm_gen/package-lock.json
@@ -869,9 +869,9 @@
             "license": "MIT"
         },
         "node_modules/brace-expansion": {
-            "version": "1.1.11",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-            "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+            "version": "1.1.12",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+            "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -1620,9 +1620,9 @@
             "license": "MIT"
         },
         "node_modules/js-yaml": {
-            "version": "3.14.1",
-            "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
-            "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+            "version": "3.14.2",
+            "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+            "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
diff --git a/scripts/gqm_gen/package.json b/scripts/gqm_gen/package.json
index 9e1cc79..1598924 100644
--- a/scripts/gqm_gen/package.json
+++ b/scripts/gqm_gen/package.json
@@ -20,5 +20,8 @@
         "nyc": "^15.1.0",
         "tsx": "^4.19.3",
         "typescript": "^5.2.2"
+    },
+    "overrides": {
+        "js-yaml": "^3.14.2"
     }
 }