Closed ignaciojcano closed 1 year ago
@piotr-oles who an kick off ci/review?
FWIW, the security vulnerability's version range has been updated and no longer includes yaml v1, so you shouldn't be seeing a vulnerability anymore, and I don't think any action is required here.
ahhh amazing, then i'll close this.
Updates the
cosmiconfig
version due to a vulnerability in the yaml package, newer versions ofcosmiconfig
do not have this issue.The plugin still depends on cosmiconfig v7, because commitlint is using it, but updating that should be a separate PR.