VULN UPGRADE: minor upgrades — 14 packages (minor: 9 · patch: 5)

[campaigner-prod]

Summary: Security update — 14 packages upgraded (MINOR changes included)

Manifests changed:

• . (npm)

Updates

Package	From	To	Type	Vulnerabilities Fixed
js-yaml	4.1.0	4.1.1	patch	2 MODERATE
commander	11.0.0	11.1.0	minor	-
dd-trace	5.6.0	5.85.0	minor	-
dotenv	16.0.3	16.6.1	minor	-
express	4.19.2	4.22.1	minor	2 LOW
express-session	1.17.3	1.19.0	minor	-
figlet	1.5.2	1.10.0	minor	-
fs-extra	11.1.1	11.3.3	minor	-
needle	3.2.0	3.3.1	minor	-
winston	3.8.2	3.19.0	minor	-
cookie-parser	1.4.6	1.4.7	patch	-
debug	4.3.4	4.3.7	patch	-
inquirer	8.2.4	8.2.7	patch	-
prettier	2.8.6	2.8.8	patch	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

ℹ️ Other Vulnerabilities (4)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
js-yaml	GHSA-mh29-5h37-fv8m	MODERATE	js-yaml has prototype pollution in merge (<<)	4.1.0	4.1.1
js-yaml	CVE-2025-64718	MODERATE	js-yaml has prototype pollution in merge (<<)	4.1.0	-
express	GHSA-qw6h-vgh9-j6wx	LOW	express vulnerable to XSS via response.redirect()	4.19.2	4.20.0
express	CVE-2024-43796	LOW	express vulnerable to XSS via response.redirect()	4.19.2	-

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

[dd-prapprover]

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

🔗 Workflow Link

• ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-02-13T11:58:35Z
• ⬜ CI tests passed
• ⬜ Approved
• ⬜ Merge Started
• ⬜ Merged

➡️ Current phase: waiting for CI tests to complete...