chore: update cosmiconfig due to vulnerability in yaml

TypeStrong / fork-ts-checker-webpack-plugin

Webpack plugin that runs typescript type checker on a separate process.

MIT License

1.93k stars 238 forks source link

chore: update cosmiconfig due to vulnerability in yaml #811

Closed ignaciojcano closed 1 year ago

ignaciojcano commented 1 year ago

Updates the cosmiconfig version due to a vulnerability in the yaml package, newer versions of cosmiconfig do not have this issue.

yaml  <2.2.2
Severity: moderate
Uncaught Exception in yaml - https://github.com/advisories/GHSA-f9xv-q969-pqx4

The plugin still depends on cosmiconfig v7, because commitlint is using it, but updating that should be a separate PR.

ignaciojcano commented 1 year ago

@piotr-oles who an kick off ci/review?

Methuselah96 commented 1 year ago

FWIW, the security vulnerability's version range has been updated and no longer includes yaml v1, so you shouldn't be seeing a vulnerability anymore, and I don't think any action is required here.

ignaciojcano commented 1 year ago

ahhh amazing, then i'll close this.