Commit 7bf099a
fix(deps): Bump js-yaml to 3.14.2 and 4.1.1 (#19216)
Addresses CVE-2025-64718 (GHSA-mh29-5h37-fv8m), a medium severity
prototype pollution via __proto__ in YAML merge (<<) when parsing
untrusted documents.
Co-authored-by: Claude <noreply@anthropic.com>1 parent 92198b6 commit 7bf099a
1 file changed
+11
-4
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
21155 | 21155 | | |
21156 | 21156 | | |
21157 | 21157 | | |
21158 | | - | |
| 21158 | + | |
21159 | 21159 | | |
21160 | 21160 | | |
21161 | 21161 | | |
21162 | 21162 | | |
21163 | 21163 | | |
21164 | 21164 | | |
21165 | 21165 | | |
21166 | | - | |
21167 | | - | |
21168 | | - | |
| 21166 | + | |
| 21167 | + | |
| 21168 | + | |
21169 | 21169 | | |
21170 | 21170 | | |
21171 | 21171 | | |
21172 | 21172 | | |
| 21173 | + | |
| 21174 | + | |
| 21175 | + | |
| 21176 | + | |
| 21177 | + | |
| 21178 | + | |
| 21179 | + | |
21173 | 21180 | | |
21174 | 21181 | | |
21175 | 21182 | | |
| |||
0 commit comments