Uncaught Exception in yaml - A dependency update is required for `cosmiconfig`
elhardoum opened this issue · comments
See - GHSA-f9xv-q969-pqx4
The project tags cosmiconfig@^7.0.1 dependency which in turn uses an outdated yaml version.
They stopped using that module (transitioned to js-yaml) on version 8. The current test suite is failing for me as they are from dev (on node:{16..20}-alpine) so I couldn't proceed with a PR. Instead, a temporary fix was forcing a dependency override with npm@9.6.5:
"overrides": {
"cosmiconfig@<8": "8.0.0"
},Hopefully someone who can run the test suite successfully can try testing a cosmiconfig@8 update.