From 1110616109311da0d44594f12d06f1720d6e3027 Mon Sep 17 00:00:00 2001
From: bruce-y <kratosdc@gmail.com>
Date: Thu, 26 Mar 2026 17:11:35 +0000
Subject: [PATCH 1/2] Bump Snyk-flagged dependencies to resolve security
 warnings

Co-authored-by: Codesmith <codesmith@blacksmith.sh>
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 9a3dced..ba79fd4 100644
--- a/package.json
+++ b/package.json
@@ -23,7 +23,7 @@
     "@bufbuild/protobuf": "^1.4.2",
     "@connectrpc/connect": "^1.6.1",
     "@connectrpc/connect-node": "^1.6.1",
-    "@vercel/ncc": "^0.38.0",
+    "@vercel/ncc": "^0.38.3",
     "yaml": "^2.2.1"
   },
   "devDependencies": {

From 84efda9f46c4728fc4c6d1d960f33778f3b86a08 Mon Sep 17 00:00:00 2001
From: bruce-y <kratosdc@gmail.com>
Date: Thu, 26 Mar 2026 17:13:21 +0000
Subject: [PATCH 2/2] Apply all 5 Snyk dependency bumps (not just ncc)

Co-authored-by: Codesmith <codesmith@blacksmith.sh>
---
 package.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index ba79fd4..5d14e77 100644
--- a/package.json
+++ b/package.json
@@ -14,17 +14,17 @@
   "license": "MIT",
   "dependencies": {
     "@actions/cache": "npm:@useblacksmith/cache@3.2.213",
-    "@actions/core": "^1.10.1",
-    "@actions/github": "^6.0.0",
+    "@actions/core": "^1.11.1",
+    "@actions/github": "^6.0.1",
     "@actions/glob": "^0.5.0",
-    "@actions/tool-cache": "^2.0.1",
+    "@actions/tool-cache": "^2.0.2",
     "@buf/blacksmith_vm-agent.bufbuild_es": "1.5.0-20251002224722-c44b45f26c5e.2",
     "@buf/blacksmith_vm-agent.connectrpc_es": "1.6.1-20251002224722-c44b45f26c5e.2",
     "@bufbuild/protobuf": "^1.4.2",
     "@connectrpc/connect": "^1.6.1",
     "@connectrpc/connect-node": "^1.6.1",
     "@vercel/ncc": "^0.38.3",
-    "yaml": "^2.2.1"
+    "yaml": "^2.8.0"
   },
   "devDependencies": {
     "jest": "^29.7.0"