Last 12 weeks · 50 commits
5 of 6 standards met
Summary: Remediates GitHub security alert GHSA-q8mj-m7cp-5q26 / CVE-2026-8723 (medium severity) flagged on . is a transitive dependency (via and ) pinned to through the range, which does not permit the fixed . A plain lockfile bump is therefore insufficient, so a Yarn override is used to force to across all dependents. Changes: Add to in . Regenerate via , keeping the host for open-source lockfile consistency. Differential Revision: D110207476
Summary: Resolves the GitHub security alert for the npm package in the facebook/yoga project (T273208322). < 0.2.6 is affected by GHSA-ph9p-34f9-6g65 / CVE-2026-44705 (high severity). It is a transitive dependency pulled in via in the workspace. This bumps the entry in from 0.2.5 to the fixed 0.2.6, updating the resolved URL and integrity hash. The range already satisfies 0.2.6, and tmp@0.2.6 has no dependencies, so no other lockfile entries change. Differential Revision: D110195946
Summary: Remediates HIGH-severity advisory GHSA-fv7c-fp4j-7gwp / CVE-2026-44728 in (affected ; fixed in ). This is a transitive dependency pulled in via . The existing semver selector already permits , so this is a minimal lockfile-only edit in : bump , , and for the single resolved entry. The block and the host are unchanged, keeping the open-source lockfile consistent and avoiding an internal-registry rewrite. Reviewed By: javache Differential Revision: D110064496
Repository: react/yoga. Description: Yoga is an embeddable layout engine targeting web standards. Stars: 18803, Forks: 1546. Primary language: C++. Languages: C++ (47.3%), Java (23.8%), TypeScript (22.7%), HTML (2.6%), Kotlin (1.7%). License: MIT. Homepage: https://yogalayout.dev/ Latest release: v3.2.1 (1y ago). Open PRs: 55, open issues: 100. Last activity: 14h ago. Community health: 62%. Top contributors: NickGerleman, vjeux, davidaurelio, joevilches, SidharthGuglani-zz, priteshrnandgaonkar, woehrl01, splhack, passy, d16r and others.