VULN UPGRADE: major upgrades — 14 packages (major: 10 · patch: 4)

[campaigner-prod]

Summary: Security update — 14 packages upgraded (MAJOR changes included)

Manifests changed:

• . (npm)

Updates

Package	From	To	Type	Vulnerabilities Fixed
mdast-util-to-hast	13.2.0	13.2.1	patch	2 MODERATE
hastscript	8.0.0	9.0.1	major	-
rehype-document	6.1.0	7.0.3	major	-
rehype-format	4.0.1	5.0.1	major	-
rehype-stringify	9.0.4	10.0.1	major	-
remark	14.0.3	15.0.1	major	-
remark-gfm	3.0.1	4.0.1	major	-
remark-parse	10.0.2	11.0.0	major	-
remark-stringify	10.0.3	11.0.0	major	-
remark-toc	8.0.1	9.0.0	major	-
unist-util-visit	4.1.2	5.1.0	major	-
@types/unist	2.0.8	2.0.11	patch	-
hast-util-to-html	9.0.1	9.0.5	patch	-
mdast-util-from-markdown	2.0.1	2.0.2	patch	-

Packages marked with "-" are updated due to dependency constraints.

---

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

• Review the changelog/release notes for breaking changes
• Test thoroughly in a staging environment
• Update any code that depends on changed APIs
• Ensure all tests pass before merging

Security Details

ℹ️ Other Vulnerabilities (2)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
mdast-util-to-hast	GHSA-4fh9-h7wg-q85m	MODERATE	mdast-util-to-hast has unsanitized class attribute	13.2.0	13.2.1
mdast-util-to-hast	CVE-2025-66400	MODERATE	mdast-util-to-hast unsanitized class attribute	13.2.0	-

---

Review Checklist

Extra review is recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System