From 3099b4eb5b8b9f973dc9de9e1733440d70d45be7 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Jun 2026 16:50:17 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-17342520 --- package.json | 2 +- yarn.lock | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index 4e8558e..ec54c70 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "@forge/resolver": "^1.6.2", "exponential-backoff": "^3.1.0", "jest-mock": "^28.1.0", - "js-yaml": "^4.1.1", + "js-yaml": "^4.2.0", "lodash": "^4.18.1", "url-parse": "^1.5.10" }, diff --git a/yarn.lock b/yarn.lock index 8488795..44aa2b1 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4459,7 +4459,7 @@ flat-cache@^3.0.4: flatted "^3.1.0" rimraf "^3.0.2" -flatted@3.4.2, flatted@^3.1.0: +flatted@^3.1.0: version "3.4.2" resolved "https://packages.atlassian.com/api/npm/npm-remote/flatted/-/flatted-3.4.2.tgz#f5c23c107f0f37de8dbdf24f13722b3b98d52726" integrity sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA== @@ -6169,10 +6169,10 @@ js-yaml@^4.1.0: dependencies: argparse "^2.0.1" -js-yaml@^4.1.1: - version "4.1.1" - resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.1.tgz#854c292467705b699476e1a2decc0c8a3458806b" - integrity sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA== +js-yaml@^4.2.0: + version "4.2.0" + resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.2.0.tgz#2bd9e85682dd91bd469afb809d816043b3d49524" + integrity sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw== dependencies: argparse "^2.0.1" @@ -7251,7 +7251,7 @@ picocolors@^1.1.1: resolved "https://packages.atlassian.com/api/npm/npm-remote/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b" integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== -picomatch@2.3.2, picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1: +picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1: version "2.3.2" resolved "https://packages.atlassian.com/api/npm/npm-remote/picomatch/-/picomatch-2.3.2.tgz#5a942915e26b372dc0f0e6753149a16e6b1c5601" integrity sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==