Update version of js-yaml

[seahindeniz]

I'm getting warning from NPM because of previous version of js-yaml. Please make this change available to avoid getting high level warning from npm

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Code Injection                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ js-yaml                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-yaml [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ gulp-yaml > js-yaml                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/813                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

https://npmjs.com/advisories/813

[ehmicky]

Thanks for this PR!

Please note however that this can be fixed by simply removing your package-lock.json then running npm install. Dependencies like gulp-yaml always use the latest version of their dependencies (matching the semver ranges in package.json) during npm install, which means the latest version of js-yaml here. The thing that was preventing you from getting the latest version of js-yaml was your package-lock.json pinning specific versions for your nested dependencies.

@crissdev would it be possible yo publish a new release to npm? Thanks!

[crissdev]

Thanks @ehmicky, @seahindeniz. I've published a new version (2.0.4) a few minutes ago.