Backport js-yaml dependency upgrade to v0.18

[simPod]

https://www.npmjs.com/advisories/788

js-yaml 3.12.0 is marked as vulnerable. Upgrade to 3.13.0 is required. However, gql-code-generator v0.18 requires it as 3.12.0 and not as ^3.12.0 so the version is locked. Can we have v0.18.1 with dep upgrade, please?

[dotansimha]

Hi, @simPod , sorry for the delay. I released 0.18.1 with this fix. (btw, if you are using yarn, you can use the resolutions field to do this kind of overrides).

[simPod]

@dotansimha Hi, no worries. Thanks for reply and ur work. Meanwhile I used resolutions, thanks for the tip tho ;)

[simPod]

@dotansimha yea... one more thing https://www.npmjs.com/advisories/813 sorry :D It needs js-yaml 3.13.1 now.

Why not use ^3.13.0 anyway?

[dotansimha]

@simPod that's the one I upgraded to: 7713bf5#diff-e8b2a1e1f04630fb5c0898905c324ab4R71

And we prefer to use pinned dependencies, makes it easier to maintain and track :)

[simPod]

@dotansimha u r right, mb. Thanks!