CVE because of dependency on yaml@2.2.1 #2280
Comments
aukevanleeuwen
added a commit
to aukevanleeuwen/cucumber-js
that referenced
this issue
Apr 26, 2023
More information: * GHSA-f9xv-q969-pqx4 * https://nvd.nist.gov/vuln/detail/CVE-2023-2251 Fixes cucumber#2280
7 tasks
davidjgoss
pushed a commit
that referenced
this issue
Apr 27, 2023
More information: * GHSA-f9xv-q969-pqx4 * https://nvd.nist.gov/vuln/detail/CVE-2023-2251 Fixes #2280
|
@davidjgoss is there a plan for a release to npm with this fix soon? Thanks |
|
Released in https://github.com/cucumber/cucumber-js/releases/tag/v9.1.1 - sorry for the delay. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
π€ What's the problem you've observed?
I was alerted by dependabot of a vulnerability because of a transitive dependency on
yaml@2.2.1(via@cucumber/cucumber-js).β¨ Do you have a proposal for making it better?
Update to
yaml@2.2.2.π Any additional context?
The text was updated successfully, but these errors were encountered: