They stopped using that module (transitioned to js-yaml) on version 8. The current test suite is failing for me as they are from dev (on node:{16..20}-alpine) so I couldn't proceed with a PR. Instead, a temporary fix was forcing a dependency override with npm@9.6.5:
"overrides": {
"cosmiconfig@<8": "8.0.0"
},
Hopefully someone who can run the test suite successfully can try testing a cosmiconfig@8 update.
See - https://github.com/advisories/GHSA-f9xv-q969-pqx4
The project tags
cosmiconfig@^7.0.1dependency which in turn uses an outdatedyamlversion.https://github.com/TypeStrong/fork-ts-checker-webpack-plugin/blob/5afee9fbcec648e2c69fd12c6b65fd0186ba36aa/package.json#L61
They stopped using that module (transitioned to
js-yaml) on version8. The current test suite is failing for me as they are from dev (onnode:{16..20}-alpine) so I couldn't proceed with a PR. Instead, a temporary fix was forcing a dependency override withnpm@9.6.5:Hopefully someone who can run the test suite successfully can try testing a
cosmiconfig@8update.