Using vulnerable `js-yaml` version

Question

arturopie opened this issue 6 years ago · 7 comments

bootstrap-loader is using a vulnerable dependency. See:

Released!

Answer 1 · 2019-03-27T06:27:17.000Z

@arturopie Any chance that you can throw in a PR?

Answer 2 · 2019-03-27T17:32:35.000Z

@arturopie I just pushed one up!

Answer 3 · 2019-03-28T02:28:29.000Z

Thanks for the PR @alecf.
I'm sorry I didn't reply earlier @justin808, I have been very busy recently.

Answer 4 · 2019-03-28T04:02:50.000Z

@alecf @arturopie I just pushed 3.0.3 without local testing. Please confirm that you don't have any issues.

Answer 5 · 2019-04-02T03:14:03.000Z

@justin808 no issues so far. Thanks!

Answer 6 · 2019-04-27T00:03:53.000Z

v3.0.3 uses js-yaml@3.13.0, but according to https://npmjs.com/advisories/813, it is patched in >=3.13.1. Can you please update this? Thank you.