From f4e02ad673f4a580b66e9a2968c5d987c00e7c29 Mon Sep 17 00:00:00 2001
From: "claude[bot]" <noreply@anthropic.com>
Date: Mon, 20 Apr 2026 18:25:02 +0000
Subject: [PATCH] fix(security): pin yaml devDependency to exact version 2.8.3

Caret ranges allow automatic minor and patch upgrades, which can introduce
silent supply-chain drift in CI environments. Pinning to an exact version
ensures the installed package is always the audited one.

Co-Authored-By: Claude Code <noreply@anthropic.com>
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 5c34566..5a04779 100644
--- a/package.json
+++ b/package.json
@@ -19,6 +19,6 @@
   },
   "homepage": "https://github.com/numman-ali/n-skills#readme",
   "devDependencies": {
-    "yaml": "^2.8.3"
+    "yaml": "2.8.3"
   }
 }