Skip to content

Commit 4ae958c

Browse files
tidy-devCopilot
andcommitted
Fix Dependabot alert #18: upgrade js-yaml to 4.2.0 via override
Add npm override for js-yaml ^4.2.0 to resolve CVE-2026-53550, a quadratic-complexity DoS vulnerability in merge key handling. The vulnerable js-yaml <=4.1.1 was a transitive dev dependency via @istanbuljs/load-nyc-config. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 7251eee commit 4ae958c

2 files changed

Lines changed: 20 additions & 34 deletions

File tree

package-lock.json

Lines changed: 18 additions & 33 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,8 @@
2828
},
2929
"overrides": {
3030
"undici": "^6.24.1",
31-
"handlebars": "^4.7.9"
31+
"handlebars": "^4.7.9",
32+
"js-yaml": "^4.2.0"
3233
},
3334
"devDependencies": {
3435
"@types/jest": "^30.0.0",

0 commit comments

Comments
 (0)