Bump @mitre/saf from 1.5.3 to 1.6.0

[dependabot]

Bumps @mitre/saf from 1.5.3 to 1.6.0.

Release notes

Sourced from @​mitre/saf's releases.

1.6.0

What's New

• ci(mergify): upgrade configuration to current format @mergify[bot] (#6880)
• feat: Add --issueStatuses flag to sonarqube2hdf command @​mikeBoterf (#6661)
• Dep updates 2026 04 10 @​Amndeep7 (#7054)
• Add axios version constraint in package.json @​Amndeep7 (#6908)
• Fix 6872 - add higher entity expansion limit for XML parsing; fix 6873 - allow node versions greater than 22 @​wdower (#6874)
• Dependency and eslint upgrades @​Amndeep7 (#6486)
• Update_controls4delta Test @​DMedina6 (#6621)

Dependency Updates

• build(deps): Bump @​aws-sdk/client-config-service from 3.1027.0 to 3.1028.0 @dependabot[bot] (#7050)
• build(deps): Bump @​smithy/middleware-retry from 4.5.0 to 4.5.1 @dependabot[bot] (#7049)
• build(deps-dev): Bump @​asamuzakjp/dom-selector from 7.0.8 to 7.0.9 @dependabot[bot] (#7053)
• build(deps-dev): Bump baseline-browser-mapping from 2.10.16 to 2.10.17 @dependabot[bot] (#7052)
• build(deps): Bump @​smithy/util-retry from 4.3.0 to 4.3.1 @dependabot[bot] (#7051)
• build(deps-dev): Bump vitest from 4.1.3 to 4.1.4 @dependabot[bot] (#7047)
• build(deps-dev): Bump @​asamuzakjp/css-color from 5.1.8 to 5.1.9 @dependabot[bot] (#7048)
• build(deps-dev): Bump vite from 8.0.7 to 8.0.8 @dependabot[bot] (#7046)
• build(deps): Bump @​aws-sdk/client-securityhub from 3.1027.0 to 3.1028.0 @dependabot[bot] (#7045)
• build(deps): Bump @​aws-sdk/client-config-service from 3.1026.0 to 3.1027.0 @dependabot[bot] (#7041)
• build(deps-dev): Bump electron-to-chromium from 1.5.333 to 1.5.334 @dependabot[bot] (#7037)
• build(deps-dev): Bump @​eslint/config-array from 0.23.4 to 0.23.5 @dependabot[bot] (#7040)
• build(deps): Bump qs from 6.15.0 to 6.15.1 @dependabot[bot] (#7043)
• build(deps-dev): Bump @​eslint/config-helpers from 0.5.4 to 0.5.5 @dependabot[bot] (#7039)
• build(deps): Bump axios from 1.14.0 to 1.15.0 @dependabot[bot] (#7034)
• build(deps): Bump fast-xml-parser from 5.5.10 to 5.5.11 @dependabot[bot] (#7031)
• build(deps): Bump side-channel-list from 1.0.0 to 1.0.1 @dependabot[bot] (#7044)
• build(deps-dev): Bump @​eslint/plugin-kit from 0.7.0 to 0.7.1 @dependabot[bot] (#7036)
• build(deps): Bump @​typespec/ts-http-runtime from 0.3.4 to 0.3.5 @dependabot[bot] (#7032)
• build(deps-dev): Bump caniuse-lite from 1.0.30001786 to 1.0.30001787 @dependabot[bot] (#7035)
• build(deps): Bump @​aws-sdk/client-securityhub from 3.1026.0 to 3.1027.0 @dependabot[bot] (#7033)
• build(deps-dev): Bump typescript-eslint from 8.58.0 to 8.58.1 @dependabot[bot] (#7030)
• build(deps-dev): Bump vitest from 4.1.2 to 4.1.3 @dependabot[bot] (#7026)
• build(deps-dev): Bump @​aws-sdk/middleware-ssec from 3.972.8 to 3.972.9 @dependabot[bot] (#7019)
• build(deps-dev): Bump @​asamuzakjp/dom-selector from 7.0.7 to 7.0.8 @dependabot[bot] (#7016)
• build(deps-dev): Bump @​asamuzakjp/css-color from 5.1.6 to 5.1.8 @dependabot[bot] (#7027)
• build(deps-dev): Bump @​aws-sdk/middleware-bucket-endpoint from 3.972.8 to 3.972.9 @dependabot[bot] (#7012)
• build(deps-dev): Bump electron-to-chromium from 1.5.331 to 1.5.332 @dependabot[bot] (#7022)
• build(deps-dev): Bump @​aws-sdk/signature-v4-multi-region from 3.996.15 to 3.996.16 @dependabot[bot] (#7029)
• build(deps-dev): Bump jsdom from 29.0.1 to 29.0.2 @dependabot[bot] (#7024)
• build(deps): Bump content-disposition from 1.0.1 to 1.1.0 @dependabot[bot] (#7011)
• build(deps-dev): Bump vite from 8.0.5 to 8.0.7 @dependabot[bot] (#7028)
• build(deps-dev): Bump @​aws-sdk/middleware-flexible-checksums from 3.974.6 to 3.974.7 @dependabot[bot] (#7025)
• build(deps-dev): Bump @​aws-sdk/middleware-location-constraint from 3.972.8 to 3.972.9 @dependabot[bot] (#7010)
• build(deps): Bump @​aws-sdk/client-securityhub from 3.1025.0 to 3.1026.0 @dependabot[bot] (#7015)
• build(deps-dev): Bump @​aws-sdk/middleware-sdk-s3 from 3.972.27 to 3.972.28 @dependabot[bot] (#7020)
• build(deps-dev): Bump @​aws-sdk/crc64-nvme from 3.972.5 to 3.972.6 @dependabot[bot] (#7017)
• build(deps-dev): Bump tinyexec from 1.0.4 to 1.1.1 @dependabot[bot] (#7021)

... (truncated)

Commits

• a835d60 prep for 1.6.0
• d9b3285 ci(mergify): upgrade configuration to current format (#6880)
• 6773a86 feat: Add --issueStatuses flag to sonarqube2hdf command (#6661)
• fd7b512 Dep updates 2026 04 10 (#7054)
• 9a75a77 Merge pull request #7050 from mitre/dependabot/npm_and_yarn/aws-sdk/client-co...
• 0423435 build(deps): Bump @​aws-sdk/client-config-service
• b78db28 Merge pull request #7049 from mitre/dependabot/npm_and_yarn/smithy/middleware...
• dc1b2a2 build(deps): Bump @​smithy/middleware-retry from 4.5.0 to 4.5.1
• 3325bb3 Merge pull request #7053 from mitre/dependabot/npm_and_yarn/asamuzakjp/dom-se...
• 8727ac9 build(deps-dev): Bump @​asamuzakjp/dom-selector from 7.0.8 to 7.0.9
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)