Uncaught Exception in yaml - A dependency update is required for `cosmiconfig`
elhardoum opened this issue · comments
See - GHSA-f9xv-q969-pqx4
The project tags cosmiconfig@^7.0.1
dependency which in turn uses an outdated yaml
version.
They stopped using that module (transitioned to js-yaml
) on version 8
. The current test suite is failing for me as they are from dev (on node:{16..20}-alpine
) so I couldn't proceed with a PR. Instead, a temporary fix was forcing a dependency override with npm@9.6.5
:
"overrides": {
"cosmiconfig@<8": "8.0.0"
},
Hopefully someone who can run the test suite successfully can try testing a cosmiconfig@8
update.