Skip to content

Commit eaa9eb9

Browse files
jeffabaileyclaude
jeffabailey
and
claude
authored
fix: upgrade js-yaml to 3.14.2 to address CVE-2025-64718 (#105)
Added package override to ensure js-yaml version 3.14.2+ is used, addressing a moderate severity security vulnerability in the transitive dependency. Also fixed brace-expansion vulnerability via npm audit fix. Co-authored-by: Claude <noreply@anthropic.com>
1 parent 93090e3 commit eaa9eb9

File tree

2 files changed

+9
-6
lines changed

2 files changed

+9
-6
lines changed

scripts/gqm_gen/package-lock.json

Lines changed: 6 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

scripts/gqm_gen/package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,5 +20,8 @@
2020
"nyc": "^15.1.0",
2121
"tsx": "^4.19.3",
2222
"typescript": "^5.2.2"
23+
},
24+
"overrides": {
25+
"js-yaml": "^3.14.2"
2326
}
2427
}

0 commit comments

Comments
 (0)