Using vulnerable `js-yaml` version
arturopie opened this issue · comments
bootstrap-loader is using a vulnerable dependency. See:
and: https://github.com/shakacode/bootstrap-loader/blob/master/package.json#L51
@arturopie Any chance that you can throw in a PR?
@arturopie I just pushed one up!
Thanks for the PR @alecf.
I'm sorry I didn't reply earlier @justin808, I have been very busy recently.
@alecf @arturopie I just pushed 3.0.3 without local testing. Please confirm that you don't have any issues.
@justin808 no issues so far. Thanks!
v3.0.3 uses js-yaml@3.13.0, but according to https://npmjs.com/advisories/813, it is patched in >=3.13.1. Can you please update this? Thank you.
Released!