Skip to content

chore: consolidate dependabot dependency updates#58

Draft
rahul-mixpanel wants to merge 11 commits into
mainfrom
chore/dependabot-updates
Draft

chore: consolidate dependabot dependency updates#58
rahul-mixpanel wants to merge 11 commits into
mainfrom
chore/dependabot-updates

Conversation

@rahul-mixpanel
Copy link
Copy Markdown
Contributor

@rahul-mixpanel rahul-mixpanel commented Apr 22, 2026

Summary

Consolidates 11 dependabot PRs into a single PR with security fixes and dependency updates.

Applied Updates

PR Update Note
#56 setup-xcode 1.6.0 → 1.7.0 CI
#50 setup-java 4.7.1 → 5.2.0 CI
#57 actions/cache 4.2.3 → 5.0.4 CI
#49 actions/checkout 4.2.2 → 6.0.2 CI
#28 js-yaml 3.14.1 → 3.14.2 Fixes CVE-2025-64718
#51 react-native-screens 4.13.1 → 4.24.0
#54 react-native-builder-bob 0.40.13 → 0.40.18
#32 example CLI 18.0.0 → 18.0.1
#52 commitlint 19.6.1 → 20.4.4
#55 cli-platform-ios 18.0.0 → 20.1.2
#27 CLI 15.0.0-alpha.2 → 17.0.1 Fixes CVE-2025-11953

Skipped PRs

PR Reason
#43 tar 7.5.7 is vulnerable to CVE-2026-31802 - needs 7.5.8+
#53 @release-it/conventional-changelog 10.x requires release-it 18+

Test plan

  • yarn prepare builds successfully
  • yarn lint passes
  • yarn typecheck passes
  • yarn test passes (23/23 tests)
  • All commits verified with commitlint

🤖 Generated with Claude Code

rahul-mixpanel and others added 11 commits April 21, 2026 23:57
@rahul-mixpanel @claude
chore(deps): bump maxim-lobanov/setup-xcode from 1.6.0 to 1.7.0
931c722 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@rahul-mixpanel @claude
chore(deps): bump actions/setup-java from 4.7.1 to 5.2.0
6d32c87 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@rahul-mixpanel @claude
chore(deps): bump actions/cache from 4.2.3 to 5.0.4
db26d4b 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@rahul-mixpanel @claude
chore(deps): bump actions/checkout from 4.2.2 to 6.0.2
11fe5b0 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@rahul-mixpanel @claude
chore(deps): bump js-yaml from 3.14.1 to 3.14.2
99b2154 
Fixes CVE-2025-64718 (Prototype Pollution vulnerability)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@rahul-mixpanel @claude
chore(deps): bump react-native-screens from 4.13.1 to 4.24.0
9b10cf8 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@rahul-mixpanel @claude
chore(deps-dev): bump react-native-builder-bob from 0.40.13 to 0.40.18
d9f9cf9 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@rahul-mixpanel @claude
chore(deps-dev): bump @react-native-community/cli from 18.0.0 to 18.0…
fd8d0d6 
….1 in /example

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@rahul-mixpanel @claude
chore(deps-dev): bump commitlint from 19.6.1 to 20.4.4
eaea7a0 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@rahul-mixpanel @claude
chore(deps-dev): bump @react-native-community/cli-platform-ios from 1…
c23e0ac 
…8.0.0 to 20.1.2 in /example

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@rahul-mixpanel @claude
chore(deps-dev): bump @react-native-community/cli from 15.0.0-alpha.2…
185fca1 
… to 17.0.1

Fixes CVE-2025-11953 (command injection vulnerability)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@rahul-mixpanel rahul-mixpanel requested review from a team and tylerjroach April 22, 2026 07:23
@rahul-mixpanel rahul-mixpanel marked this pull request as draft April 22, 2026 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tylerjroach tylerjroach Awaiting requested review from tylerjroach tylerjroach was automatically assigned from mixpanel/sdk-maintainers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rahul-mixpanel