fix(deps): vuln minor upgrades — 15 packages (minor: 4 · patch: 11)

[gh-worker-campaigns-3e9aa4]

Summary: Security update — 15 packages upgraded (MINOR changes included)

Manifests changed:

• . (npm)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Vulnerabilities Fixed
@babel/runtime	7.25.6	7.25.9	patch	2 MODERATE
lodash	4.17.21	4.17.23	patch	2 MODERATE
@datadog/browser-logs	5.27.0	5.35.1	minor	-
@datadog/browser-rum	5.27.0	5.35.1	minor	-
@datadog/datadog-ci	2.37.0	2.48.0	minor	-
bootstrap	5.2.3	5.3.8	minor	-
@babel/preset-env	7.24.0	7.24.8	patch	-
@datadog/openfeature-browser	0.3.1	0.3.3	patch	-
@openfeature/core	1.9.1	1.9.2	patch	-
@openfeature/web-sdk	1.7.2	1.7.3	patch	-
eslint-plugin-react	7.34.1	7.34.4	patch	-
marked	17.0.1	17.0.5	patch	-
slugify	1.6.6	1.6.8	patch	-
traverse	0.6.8	0.6.11	patch	-
typesense	3.0.1	3.0.4	patch	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

ℹ️ Other Vulnerabilities (4)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
@babel/runtime	GHSA-968p-4wvh-cqc8	MODERATE	Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups	7.25.6	7.26.10
@babel/runtime	CVE-2025-27789	MODERATE	Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups	7.25.6	-
lodash	GHSA-xxjr-mmjv-4gpg	MODERATE	Lodash has Prototype Pollution Vulnerability in _.unset and _.omit functions	4.17.21	4.17.23
lodash	CVE-2025-13465	MODERATE	-	4.17.21	-

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

[gh-worker-campaigns-3e9aa4]

Auto-rebase failed

Lockfile regeneration failed during rebase onto master. Your branch was not updated. You may need to rebase and regenerate lockfiles manually.

Error details

• Custom Action: registry.ddbuild.io/images/engraver-custom-action:update-yarn-lockfile ❌ (0.00s) - container exited with non-zero status code: 1:

Error Logs (last 30 lines)

�+    at TLSSocket.emit (node:events:519:28)
�9    at emitErrorNT (node:internal/streams/destroy:170:8)
�>    at emitErrorCloseNT (node:internal/streams/destroy:129:3)
�r    at process.processTicksAndRejections (node:internal/process/task_queues:90:21)AggregateError [EHOSTUNREACH]: 
�2    at internalConnectMultiple (node:net:1134:18)
�1    at internalConnectMultiple (node:net:1210:5)
�.    at afterConnectMultiple (node:net:1715:7)
�&➤ YN0000: └ Completed in 0s 314ms
�.➤ YN0000: · Failed with errors in 0s 327ms
�Cupdate-lockfile mode failed (exit 1), falling back to full install
��➤ YN0000: · Yarn 4.10.3
� ➤ YN0000: ┌ Resolution step
��➤ YN0001: │ RequestError
�a    at ClientRequest.<anonymous> (/campaigner/checkout/.yarn/releases/yarn-4.10.3.cjs:146:14258)
�/    at Object.onceWrapper (node:events:634:26)
�/    at ClientRequest.emit (node:events:531:35)
�N    at c.emit (/campaigner/checkout/.yarn/releases/yarn-4.10.3.cjs:141:22975)
�1    at emitErrorEvent (node:_http_client:107:11)
�?    at TLSSocket.socketErrorListener (node:_http_client:574:5)
�+    at TLSSocket.emit (node:events:519:28)
�9    at emitErrorNT (node:internal/streams/destroy:170:8)
�>    at emitErrorCloseNT (node:internal/streams/destroy:129:3)
�r    at process.processTicksAndRejections (node:internal/process/task_queues:90:21)AggregateError [EHOSTUNREACH]: 
�2    at internalConnectMultiple (node:net:1134:18)
�1    at internalConnectMultiple (node:net:1210:5)
�.    at afterConnectMultiple (node:net:1715:7)
�&➤ YN0000: └ Completed in 0s 318ms
�.➤ YN0000: · Failed with errors in 0s 331ms
��Restoring package.json...
��package.json restored

---

_{Auto-Rebase · Add no-auto-rebase to opt out}