bump deps & add security patches to release notes

radu-stefan-dt · radu-stefan-dt · commit 6a1624488a2a · 2026-01-27T10:02:09.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,27 @@
 # Change Log
 
+## Version 2.10.0 (27.01.2026)
+
+### ✨ New in this version:
+
+- [Command to create Smartscape topology](https://github.com/dynatrace-extensions/dynatrace-extensions-vscode/pull/283)
+
+### 🚀 Improved in this version:
+
+- [Generate valid YAML when using scrape prometheus action](https://github.com/dynatrace-extensions/dynatrace-extensions-vscode/pull/284)
+
+### 🪲 Fixed in this version:
+
+- [JMX Conversion - array has too many actions error](https://github.com/dynatrace-extensions/dynatrace-extensions-vscode/issues/257)
+
+### 🔒 Security patches:
+- [Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions](https://github.com/dynatrace-extensions/dynatrace-extensions-vscode/security/dependabot/77)
+- [React Router has unexpected external redirect via untrusted paths](https://github.com/dynatrace-extensions/dynatrace-extensions-vscode/security/dependabot/75)
+- [React Router vulnerable to XSS via Open Redirects](https://github.com/dynatrace-extensions/dynatrace-extensions-vscode/security/dependabot/74)
+- [qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion](https://github.com/dynatrace-extensions/dynatrace-extensions-vscode/security/dependabot/73)
+
+---
+
 ## Version 2.9.1 (11.12.2025)
 
 ### 🚀 Improved in this version:
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1026,6 +1026,7 @@
     "yaml": "^2.4.5"
   },
   "overrides": {
-    "jws": ">=4.0.1"
+    "jws": ">=4.0.1",
+    "qs": ">=6.14.1"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1026,6 +1026,7 @@`
`1026`	`1026`	`"yaml": "^2.4.5"`
`1027`	`1027`	`},`
`1028`	`1028`	`"overrides": {`
`1029`		`- "jws": ">=4.0.1"`
	`1029`	`+ "jws": ">=4.0.1",`
	`1030`	`+ "qs": ">=6.14.1"`
`1030`	`1031`	`}`
`1031`	`1032`	`}`