Could be there a patch with the vulnerability fix for `yaml@1.10.2` ? #469

eppisapiafsl · 2023-04-25T17:09:16Z

eppisapiafsl
Apr 25, 2023

Hi!

Wondering if you plan to do a patch to fix the vulnerability in Yaml@1.10.2 so we can apply a resolution to transitive dependencies installing the old version 🙏

Answered by eemeli

Apr 25, 2023

yaml@1 is not affected by this vulnerability, and does not need to be patched. A fresh npm audit should show it passing. The version range has also been updated at least on GitHub: GHSA-f9xv-q969-pqx4

View full answer

eemeli · 2023-04-25T20:15:15Z

eemeli
Apr 25, 2023
Maintainer

yaml@1 is not affected by this vulnerability, and does not need to be patched. A fresh npm audit should show it passing. The version range has also been updated at least on GitHub: GHSA-f9xv-q969-pqx4

1 reply

eppisapiafsl Apr 25, 2023
Author

Thanks! Yeah, I just notice dependabot changed the issue 🚀

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Could be there a patch with the vulnerability fix for `yaml@1.10.2` ? #469

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

Could be there a patch with the vulnerability fix for yaml@1.10.2 ? #469

eppisapiafsl Apr 25, 2023

Replies: 1 comment · 1 reply

eemeli Apr 25, 2023 Maintainer

eppisapiafsl Apr 25, 2023 Author

Could be there a patch with the vulnerability fix for `yaml@1.10.2` ? #469

eppisapiafsl
Apr 25, 2023

Replies: 1 comment 1 reply

eemeli
Apr 25, 2023
Maintainer

eppisapiafsl Apr 25, 2023
Author