js-yaml advisory

Question

js-yaml advisory

dekaikiwi opened this issue 6 years ago · 6 comments

Is there any plan to update the version of js-yaml at all?

Currently yarn audit yields the following advisory.

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ js-yaml                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.13.0                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-svg-loader                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ react-svg-loader > react-svg-core > svgo > js-yaml           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/788                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

Answer 1 · 2019-04-15T14:11:16.000Z

It seems to already be fixed in this commit: e8884d1

Would be ice to have a version out with the fix :)

Answer 2 · 2019-04-16T02:47:29.000Z

when will be the next release to fix this issue ?

Answer 3 · 2019-04-24T22:35:28.000Z

Adding another request here for a release push!

Answer 4 · 2019-04-26T04:36:25.000Z

Would be great if this could be pushed 😄

Answer 5 · 2019-04-29T23:35:42.000Z

An additional request for a release push 💃 😄

Answer 6 · 2019-05-03T07:35:56.000Z

Published 3.0.0