diff --git a/.changeset/modern-files-fly.md b/.changeset/modern-files-fly.md
deleted file mode 100644
index 6c2ddc846..000000000
--- a/.changeset/modern-files-fly.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-"@wdio/image-comparison-core": patch
-"@wdio/ocr-service": patch
-"@wdio/visual-reporter": patch
-"@wdio/visual-service": patch
----
-
-#### `@wdio/image-comparison-core` and `@wdio/ocr-service` — Security: update jimp (CVE in `file-type` transitive dep)
-
-Bumped `jimp` to the latest version to resolve a reported vulnerability in its `file-type` transitive dependency (see [#1130](https://github.com/webdriverio/visual-testing/issues/1130), raised by [@denis-sokolov](https://github.com/denis-sokolov), thank you!).
-
-**Actual impact on these packages**
-`file-type` is used by `@jimp/core` solely to detect image MIME types when reading a buffer. In both `@wdio/image-comparison-core` and `@wdio/ocr-service`, every image passed to jimp originates from either WebDriver screenshots (browser-controlled base64 data) or local files written by the framework itself. There is no code path where untrusted external input is fed directly into jimp, which removes the exploitability that the CVE describes.
-
-That said, the reputational and compliance risk was real, security scanners flag the package as vulnerable, enterprise users hit audit failures, and some organisations block installation of packages with known CVEs. The update addresses all of that.
-
-#### `@wdio/visual-reporter` and `@wdio/visual-service`
-
-Updated internal dependencies to pick up the jimp bump in `@wdio/image-comparison-core`.
-
-
-### Committers: 1
-
-- Wim Selles ([@wswebcreation](https://github.com/wswebcreation))
diff --git a/packages/image-comparison-core/CHANGELOG.md b/packages/image-comparison-core/CHANGELOG.md
index 54d6b5e59..6e178986a 100644
--- a/packages/image-comparison-core/CHANGELOG.md
+++ b/packages/image-comparison-core/CHANGELOG.md
@@ -1,5 +1,26 @@
 # @wdio/image-comparison-core
 
+## 1.2.2
+
+### Patch Changes
+
+- db33fa7: #### `@wdio/image-comparison-core` and `@wdio/ocr-service` Security: update jimp (CVE in `file-type` transitive dep)
+
+  Bumped `jimp` to the latest version to resolve a reported vulnerability in its `file-type` transitive dependency (see [#1130](https://github.com/webdriverio/visual-testing/issues/1130), raised by [@denis-sokolov](https://github.com/denis-sokolov), thank you!).
+
+  **Actual impact on these packages**
+  `file-type` is used by `@jimp/core` solely to detect image MIME types when reading a buffer. In both `@wdio/image-comparison-core` and `@wdio/ocr-service`, every image passed to jimp originates from either WebDriver screenshots (browser-controlled base64 data) or local files written by the framework itself. There is no code path where untrusted external input is fed directly into jimp, which removes the exploitability that the CVE describes.
+
+  That said, the reputational and compliance risk was real, security scanners flag the package as vulnerable, enterprise users hit audit failures, and some organisations block installation of packages with known CVEs. The update addresses all of that.
+
+  #### `@wdio/visual-reporter` and `@wdio/visual-service`
+
+  Updated internal dependencies to pick up the jimp bump in `@wdio/image-comparison-core`.
+
+  ### Committers: 1
+
+  - Wim Selles ([@wswebcreation](https://github.com/wswebcreation))
+
 ## 1.2.1
 
 ### Patch Changes
diff --git a/packages/image-comparison-core/package.json b/packages/image-comparison-core/package.json
index 1e8dc6ce2..426d23fd9 100644
--- a/packages/image-comparison-core/package.json
+++ b/packages/image-comparison-core/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@wdio/image-comparison-core",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "author": "Wim Selles - wswebcreation",
   "description": "Image comparison core module for @wdio/visual-service - WebdriverIO visual testing framework",
   "keywords": [
diff --git a/packages/ocr-service/CHANGELOG.md b/packages/ocr-service/CHANGELOG.md
index 2a1d03b72..d8db55676 100644
--- a/packages/ocr-service/CHANGELOG.md
+++ b/packages/ocr-service/CHANGELOG.md
@@ -1,5 +1,26 @@
 # @wdio/ocr-service
 
+## 2.2.9
+
+### Patch Changes
+
+- db33fa7: #### `@wdio/image-comparison-core` and `@wdio/ocr-service` Security: update jimp (CVE in `file-type` transitive dep)
+
+  Bumped `jimp` to the latest version to resolve a reported vulnerability in its `file-type` transitive dependency (see [#1130](https://github.com/webdriverio/visual-testing/issues/1130), raised by [@denis-sokolov](https://github.com/denis-sokolov), thank you!).
+
+  **Actual impact on these packages**
+  `file-type` is used by `@jimp/core` solely to detect image MIME types when reading a buffer. In both `@wdio/image-comparison-core` and `@wdio/ocr-service`, every image passed to jimp originates from either WebDriver screenshots (browser-controlled base64 data) or local files written by the framework itself. There is no code path where untrusted external input is fed directly into jimp, which removes the exploitability that the CVE describes.
+
+  That said, the reputational and compliance risk was real, security scanners flag the package as vulnerable, enterprise users hit audit failures, and some organisations block installation of packages with known CVEs. The update addresses all of that.
+
+  #### `@wdio/visual-reporter` and `@wdio/visual-service`
+
+  Updated internal dependencies to pick up the jimp bump in `@wdio/image-comparison-core`.
+
+  ### Committers: 1
+
+  - Wim Selles ([@wswebcreation](https://github.com/wswebcreation))
+
 ## 2.2.8
 
 ### Patch Changes
diff --git a/packages/ocr-service/package.json b/packages/ocr-service/package.json
index a90d9ff39..e950506a4 100644
--- a/packages/ocr-service/package.json
+++ b/packages/ocr-service/package.json
@@ -2,7 +2,7 @@
   "name": "@wdio/ocr-service",
   "author": "Wim Selles - wswebcreation",
   "description": "A WebdriverIO service that is using Tesseract OCR for Desktop/Mobile Web and Mobile Native App tests.",
-  "version": "2.2.8",
+  "version": "2.2.9",
   "license": "MIT",
   "homepage": "https://webdriver.io/docs/visual-testing",
   "repository": {
diff --git a/packages/visual-reporter/CHANGELOG.md b/packages/visual-reporter/CHANGELOG.md
index 81c9522d0..81c9da92b 100644
--- a/packages/visual-reporter/CHANGELOG.md
+++ b/packages/visual-reporter/CHANGELOG.md
@@ -1,5 +1,26 @@
 # @wdio/visual-reporter
 
+## 0.4.13
+
+### Patch Changes
+
+- db33fa7: #### `@wdio/image-comparison-core` and `@wdio/ocr-service` Security: update jimp (CVE in `file-type` transitive dep)
+
+  Bumped `jimp` to the latest version to resolve a reported vulnerability in its `file-type` transitive dependency (see [#1130](https://github.com/webdriverio/visual-testing/issues/1130), raised by [@denis-sokolov](https://github.com/denis-sokolov), thank you!).
+
+  **Actual impact on these packages**
+  `file-type` is used by `@jimp/core` solely to detect image MIME types when reading a buffer. In both `@wdio/image-comparison-core` and `@wdio/ocr-service`, every image passed to jimp originates from either WebDriver screenshots (browser-controlled base64 data) or local files written by the framework itself. There is no code path where untrusted external input is fed directly into jimp, which removes the exploitability that the CVE describes.
+
+  That said, the reputational and compliance risk was real, security scanners flag the package as vulnerable, enterprise users hit audit failures, and some organisations block installation of packages with known CVEs. The update addresses all of that.
+
+  #### `@wdio/visual-reporter` and `@wdio/visual-service`
+
+  Updated internal dependencies to pick up the jimp bump in `@wdio/image-comparison-core`.
+
+  ### Committers: 1
+
+  - Wim Selles ([@wswebcreation](https://github.com/wswebcreation))
+
 ## 0.4.12
 
 ### Patch Changes
diff --git a/packages/visual-reporter/package.json b/packages/visual-reporter/package.json
index 697a0ca61..113b4d3bd 100644
--- a/packages/visual-reporter/package.json
+++ b/packages/visual-reporter/package.json
@@ -2,7 +2,7 @@
   "name": "@wdio/visual-reporter",
   "author": "Wim Selles - wswebcreation",
   "description": "Visual Testing HTML Report for the @wdio/visual-service module",
-  "version": "0.4.12",
+  "version": "0.4.13",
   "license": "MIT",
   "homepage": "https://webdriver.io/docs/visual-testing",
   "repository": {
diff --git a/packages/visual-service/CHANGELOG.md b/packages/visual-service/CHANGELOG.md
index 803ad8c65..2369e46c7 100644
--- a/packages/visual-service/CHANGELOG.md
+++ b/packages/visual-service/CHANGELOG.md
@@ -1,8 +1,33 @@
 # @wdio/visual-service
 
+## 9.2.2
+
+### Patch Changes
+
+- db33fa7: #### `@wdio/image-comparison-core` and `@wdio/ocr-service` Security: update jimp (CVE in `file-type` transitive dep)
+
+  Bumped `jimp` to the latest version to resolve a reported vulnerability in its `file-type` transitive dependency (see [#1130](https://github.com/webdriverio/visual-testing/issues/1130), raised by [@denis-sokolov](https://github.com/denis-sokolov), thank you!).
+
+  **Actual impact on these packages**
+  `file-type` is used by `@jimp/core` solely to detect image MIME types when reading a buffer. In both `@wdio/image-comparison-core` and `@wdio/ocr-service`, every image passed to jimp originates from either WebDriver screenshots (browser-controlled base64 data) or local files written by the framework itself. There is no code path where untrusted external input is fed directly into jimp, which removes the exploitability that the CVE describes.
+
+  That said, the reputational and compliance risk was real, security scanners flag the package as vulnerable, enterprise users hit audit failures, and some organisations block installation of packages with known CVEs. The update addresses all of that.
+
+  #### `@wdio/visual-reporter` and `@wdio/visual-service`
+
+  Updated internal dependencies to pick up the jimp bump in `@wdio/image-comparison-core`.
+
+  ### Committers: 1
+
+  - Wim Selles ([@wswebcreation](https://github.com/wswebcreation))
+
+- Updated dependencies [db33fa7]
+  - @wdio/image-comparison-core@1.2.2
+
 ## 9.2.1
 
 ### Patch Changes
+
 - d5afb54: ## #1129 Fix `TypeError: element.getBoundingClientRect is not a function` when a `ChainablePromiseElement` is passed to `checkElement`
 
   When `checkElement` (or `saveElement`) was called with a `ChainablePromiseElement`, the lazy promise-based element reference that WebdriverIO's `$()` returns, the element was passed directly as an argument to `browser.execute()` without being awaited first. `browser.execute()` serializes its arguments for transfer to the browser context and cannot handle a pending Promise, so it arrived in the browser as a plain empty object `{}` instead of a WebElement reference. This caused `element.getBoundingClientRect is not a function` because the browser-side `scrollElementIntoView` script received `{}` rather than a DOM element.
diff --git a/packages/visual-service/package.json b/packages/visual-service/package.json
index 70af167b3..e3b325a19 100644
--- a/packages/visual-service/package.json
+++ b/packages/visual-service/package.json
@@ -2,7 +2,7 @@
   "name": "@wdio/visual-service",
   "author": "Wim Selles - wswebcreation",
   "description": "Image comparison / visual regression testing for WebdriverIO",
-  "version": "9.2.1",
+  "version": "9.2.2",
   "license": "MIT",
   "homepage": "https://webdriver.io/docs/visual-testing",
   "repository": {