update deps due to sec vuln

Issue #79 invalid
Former user created an issue

Hi,

Could we update js-yaml dep due to a sec vuln.

I have raised an issue against json-schema-ref-parser

Cheers!

Comments (7)

  1. Ben Sayers

    @YOU54F we already have declared our dependency like this:

    "js-yaml": "^3.12.0"
    

    And from your screen shot the fix is in 3.13.0 or higher, which will be picked up by our caret range. What more do you need us to do?

  2. Former user Account Deleted reporter

    Ahhh yes, you are correct on the fact that it will pick up that version, deleted my yarn lock file and reinstalled, yarn audit was fine after that :)

    Thanks! I will marked as resolved

  3. Log in to comment