Electron Releases

Description of Change

Bumps @datadog/datadog-ci from ^5.9.1 to ^5.17.0 to get its vulnerable transitive dependencies out of the lockfile.

The previous version pinned simple-git@3.33.0 exactly (GHSA-hffm-xvc3-vprc); 5.16.1+ pins ^3.36.0 instead, so the patched version now resolves through the normal dependency graph — no resolutions override needed (thanks @erickzhao). simple-git@3.36.0 remains in the tree only via @electron/fiddle-core's ^3.5.0.

The lockfile shrinks by ~120 entries because 5.17.0 ships as a single bundled tarball rather than the old base + plugin packages with separately-resolved dependencies. That also removes the vulnerable basic-ftp@5.3.0 (GHSA-rpmf-866q-6p89) along with its whole proxy-agent/get-uri chain, plus other historically CVE-prone packages (axios, follow-redirects, fast-xml-parser) that no longer have any dependents.

No other dependency versions change. yarn install verified clean.

Checklist

• I have built and tested this change
• I have filled out the PR description
• I have reviewed and verified the changes
• npm test passes
• tests are changed or added
• relevant API documentation, tutorials, and examples are updated and follow the documentation style guide
• PR release notes describe the change in a way relevant to app developers, and are capitalized, punctuated, and past tense.

Release Notes

Notes: none