chore(security): patch 7 Dependabot alerts

[PMerlet]

Summary

7 fixed, 0 ignored, 13 deferred, 4 resolutions added, 5 resolutions removed. | label: 🔒 security applied

Fixed

Alert	Package	Ecosystem	From → To	Severity	Bump
344	uuid	npm	11.0.2 → 11.1.1	medium	direct dep in packages/agent
345	uuid	npm	11.0.2 → 11.1.1	medium	direct dep in packages/datasource-customizer
346	uuid	npm	11.0.2 → 11.1.1	medium	direct dep in packages/datasource-toolkit
347	uuid	npm	11.0.2 → 11.1.1	medium	transitive — collapsed into the three direct bumps above (no separate uuid@^11 chain remained)
348	uuid	npm	13.0.0 → 13.0.2	medium	resolution **/@langchain/langgraph-sdk/uuid → ^13.0.1
349	ip-address	npm	10.0.1 / 10.1.0 → 10.2.0	medium	resolutions **/socks/ip-address and **/express-rate-limit/ip-address → ^10.1.1
340	fast-xml-parser	npm	5.5.8 → 5.8.0	medium	resolution **/@aws-sdk/xml-builder/fast-xml-parser → ^5.7.0

Ignored

(none)

Deferred

Alerts opened less than 7 days ago — held over to the next run:

• 350, 351, 352, 353 — mongoose >=8.0.0, <=8.22.0 (sanitizeFilter $nor injection)
• 354, 355 — hono <4.12.16 (bodyLimit bypass, JSX HTML injection)
• 356 — fast-xml-builder <=1.1.6
• 357, 358 — fast-uri <=3.1.1
• 359, 360, 361 — hono <4.12.18 (Cache Vary, JWT NumericDate, CSS injection)
• 362 — langsmith <0.6.0

Resolutions added

All four placed at the root package.json. Yarn classic doesn't honor workspace-level resolutions when the parent of the vulnerable package is a transitive (not a workspace's direct dep), so all four had to live at the root. Each is parent-scoped via **/<parent>/<pkg> so the pin only applies inside the affected chain.

Alert	Pin	Parent chain tried for bump	Why parent bump was not viable	Form
348	**/@langchain/langgraph-sdk/uuid → ^13.0.1	@forestadmin/ai-proxy → @langchain/langgraph@^1.1.0 → @langchain/langgraph-sdk@~1.7.3	Every published 1.7.x, 1.8.x, and 1.9.x of @langchain/langgraph-sdk still declares uuid: ^13.0.0; bumping @langchain/langgraph-sdk does not change the sub-dep range, only a uuid resolution does.	Scoped root entry keyed by parent (**/parent/pkg)
349	**/socks/ip-address → ^10.1.1	socks-proxy-agent → socks	socks@^2.6.2..^2.8.4 lock-pinned to 2.8.7; yarn 1 won't refresh a transitive on install without a resolution or upgrading every consumer manually. Resolution is the narrowest knob. Separate forest-ip-utils → ip-address@5.9.4 chain left untouched (different major; not in the alert's range list).	Scoped root entry keyed by parent
349	**/express-rate-limit/ip-address → ^10.1.1	@modelcontextprotocol/sdk → express-rate-limit	express-rate-limit@8.3.1 hard-pins ip-address: "10.1.0" as an exact version; only a resolution overrides an exact transitive pin without modifying upstream.	Scoped root entry keyed by parent
340	**/@aws-sdk/xml-builder/fast-xml-parser → ^5.7.0	@aws-sdk/client-s3 → @aws-sdk/xml-builder	@aws-sdk/xml-builder@3.972.16 hard-pins fast-xml-parser: "5.5.8". Bumping @aws-sdk/client-s3 would refresh xml-builder only on a full lockfile regen and pulls in many unrelated 3.972.x bumps; a scoped resolution is the smallest knob.	Scoped root entry keyed by parent

Resolutions removed

File	Pinned entry	Reason
package.json	micromatch: ^4.0.8	Redundant — natural resolution is micromatch@4.0.8 with or without the entry.
package.json	axios: ^1.15.0	Redundant — natural resolution is axios@1.15.2 either way.
package.json	follow-redirects: ^1.16.0	Redundant — natural resolution is follow-redirects@1.16.0 either way.
package.json	hono: ^4.12.12	Redundant — natural resolution is hono@4.12.14 either way.
package.json	lodash-es: ^4.18.0	Redundant — natural resolution is lodash-es@4.18.1 either way.

Each removal was verified one-at-a-time by removing the entry, running yarn install, and confirming yarn why <pkg> reported a version >= the original pin. Other entries (tar, lerna/**/glob, semantic-release, qs, @hono/node-server, langsmith, lodash) are NOT redundant — removing them either downgrades a transitive below the security floor (e.g. qs → body-parser#qs@6.13.0, lodash → forest-cli#lodash@4.17.23) or breaks resolution outright (semantic-release). They were kept.

Risks

• uuid 11.0.2 → 11.1.1 (patch): per upstream CHANGELOG, fixes the buffer bounds check; no public API change.
• uuid 13.0.0 → 13.0.2 (patch under langgraph-sdk): patch-level; not touched by our code (only used internally by @langchain/langgraph-sdk).
• ip-address 10.0.1 / 10.1.0 → 10.2.0 (minor): used internally by socks and express-rate-limit; we don't import the package directly. The 10.x line is API-compatible with 10.0.x for the methods these parents use.
• fast-xml-parser 5.5.8 → 5.8.0 (minor): only used internally by @aws-sdk/xml-builder; we don't import it directly. AWS SDK pinned 5.5.8 exactly but tests against 5.x range.
• Removed redundant resolutions: no behavior change — versions resolved are identical with or without the entries (verified per the audit table above).

No source code changes; behavior beyond the patched vulnerabilities is unchanged.

Manual testing

Covered by CI.

Validation

✅ CI green

Note

Patch 7 Dependabot security alerts by updating vulnerable dependencies

• Removes overrides for micromatch, axios, follow-redirects, hono, and lodash-es from the root package.json, replacing them with patched overrides for ip-address (^10.1.1), fast-xml-parser (^5.7.0), and uuid (^13.0.1).
• Bumps uuid from 11.0.2 to 11.1.1 in packages/agent, packages/datasource-customizer, and packages/datasource-toolkit.

^{Macroscope summarized d099a77.}

[qltysh]

Coverage Impact

This PR will not change total coverage.

🚦 See full report on Qlty Cloud »

🛟 Help

• Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

• Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

• File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

  • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.