Skip to content

Update dependency js-yaml to v3.14.1 - autoclosed #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Update dependency js-yaml to v3.14.1 - autoclosed #5

wants to merge 1 commit into from

Conversation

@mend-for-github-com
Copy link

@mend-for-github-com mend-for-github-com bot commented Apr 9, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
js-yaml dependencies minor 3.13.0 -> 3.14.1

This PR resolves the vulnerabilities described in Issue #13

Version 3.13.0
Risk Change Critical High Medium Low
N/A 0 1 0 0
Version 3.14.1
Risk Change Critical High Medium Low
-100% 0 (--) 0 (-1 ) 0 (--) 0 (--)

Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.

Release Notes

nodeca/js-yaml (js-yaml)

v3.14.1

Compare Source

Security
  • Fix possible code execution in (already unsafe) .load() (in &anchor).

v3.14.0

Compare Source

Changed
  • Support safe/loadAll(input, options) variant of call.
  • CI: drop outdated nodejs versions.
  • Dev deps bump.
Fixed
  • Quote = in plain scalars #​519.
  • Check the node type for !<?> tag in case user manually specifies it.
  • Verify that there are no null-bytes in input.
  • Fix wrong quote position when writing condensed flow, #​526.

v3.13.1

Compare Source

Security
  • Fix possible code execution in (already unsafe) .load(), #​480.
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Apr 9, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/js-yaml-3.x branch from 58ba216 to aba67d5 Compare May 21, 2024 18:52
@mend-for-github-com mend-for-github-com bot changed the title Update dependency js-yaml to v3.14.1 Update dependency js-yaml to v3.13.1 May 21, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/js-yaml-3.x branch from aba67d5 to 00820b7 Compare December 9, 2024 08:14
@mend-for-github-com mend-for-github-com bot changed the title Update dependency js-yaml to v3.13.1 Update dependency js-yaml to v3.14.1 Dec 9, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/js-yaml-3.x branch from 00820b7 to c660539 Compare December 18, 2024 00:15
@mend-for-github-com mend-for-github-com bot changed the title Update dependency js-yaml to v3.14.1 Update dependency js-yaml to v3.13.1 Dec 18, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/js-yaml-3.x branch from c660539 to 3b15511 Compare January 17, 2025 13:03
@mend-for-github-com mend-for-github-com bot changed the title Update dependency js-yaml to v3.13.1 Update dependency js-yaml to v3.14.1 Jan 17, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/js-yaml-3.x branch from 3b15511 to c15f82c Compare January 19, 2025 13:34
@mend-for-github-com mend-for-github-com bot changed the title Update dependency js-yaml to v3.14.1 Update dependency js-yaml to v3.13.1 Jan 19, 2025
@mend-for-github-com mend-for-github-com bot changed the title Update dependency js-yaml to v3.13.1 Update dependency js-yaml to v3.14.1 Feb 25, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/js-yaml-3.x branch from c15f82c to 384a44c Compare February 25, 2025 10:24
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/js-yaml-3.x branch from 384a44c to df64b46 Compare March 20, 2025 06:45
@mend-for-github-com mend-for-github-com bot changed the title Update dependency js-yaml to v3.14.1 Update dependency js-yaml to v3.13.1 Mar 20, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/js-yaml-3.x branch from df64b46 to 4693dc4 Compare March 30, 2025 14:40
@mend-for-github-com mend-for-github-com bot changed the title Update dependency js-yaml to v3.13.1 Update dependency js-yaml to v3.14.1 Mar 30, 2025
@mend-for-github-com mend-for-github-com bot changed the title Update dependency js-yaml to v3.14.1 Update dependency js-yaml to v3.14.1 - autoclosed Nov 14, 2025
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/js-yaml-3.x branch November 14, 2025 12:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant