search

ericcornelissen / webmangler

MIT License
1 stars 2 forks source link

Update transitive dependency `yaml` #434

Closed ericcornelissen closed 1 year ago

ericcornelissen commented 1 year ago

Bumping because of CVE-2023-2251. Since yaml is only a development dependency it's not necessary to create a release for any of the packages.

$ npm ls yaml
webmangler-monorepo@0.1.0-alpha /path/to/webmangler
├─┬ commitlint@17.3.0
│ └─┬ @commitlint/cli@17.3.0
│   └─┬ @commitlint/load@17.3.0
│     └─┬ cosmiconfig@7.1.0
│       └── yaml@1.10.2
└─┬ eslint-plugin-yml@1.2.0
  └─┬ yaml-eslint-parser@1.1.0
    └── yaml@2.2.2