Commit 4ae958c
Fix Dependabot alert #18: upgrade js-yaml to 4.2.0 via override
Add npm override for js-yaml ^4.2.0 to resolve CVE-2026-53550, a
quadratic-complexity DoS vulnerability in merge key handling.
The vulnerable js-yaml <=4.1.1 was a transitive dev dependency via
@istanbuljs/load-nyc-config.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>1 parent 7251eee commit 4ae958c
2 files changed
Lines changed: 20 additions & 34 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
31 | | - | |
| 31 | + | |
| 32 | + | |
32 | 33 | | |
33 | 34 | | |
34 | 35 | | |
| |||
0 commit comments