fix(security): prototype pollution vulnerability in js-yaml (#6168)

2026-06-23 12:45:38 +00:00 · 2025-11-21 17:42:31 +05:30
parent fb420fcea4
commit f429fa94e3
5 changed files with 20 additions and 20 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -3906,7 +3906,7 @@
        "globals": "^14.0.0",
        "ignore": "^5.2.0",
        "import-fresh": "^3.2.1",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
        "minimatch": "^3.1.2",
        "strip-json-comments": "^3.1.1"
      },
@@ -4469,9 +4469,9 @@
      }
    },
    "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml": {
-      "version": "3.14.1",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
-      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+      "version": "3.14.2",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+      "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -11639,7 +11639,7 @@
      "dependencies": {
        "env-paths": "^2.2.1",
        "import-fresh": "^3.3.0",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
        "parse-json": "^5.2.0"
      },
      "engines": {
@@ -17787,9 +17787,9 @@
      "license": "MIT"
    },
    "node_modules/js-yaml": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
      "license": "MIT",
      "dependencies": {
        "argparse": "^2.0.1"
@@ -22268,7 +22268,7 @@
        "config-file-ts": "^0.2.4",
        "dotenv": "^9.0.2",
        "dotenv-expand": "^5.1.0",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
        "json5": "^2.2.0",
        "lazy-val": "^1.0.4"
      },
@@ -28539,7 +28539,7 @@
        "http-proxy-agent": "^7.0.0",
        "https-proxy-agent": "^7.0.2",
        "iconv-lite": "^0.6.3",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
        "lodash": "^4.17.21",
        "qs": "^6.11.0",
        "socks-proxy-agent": "^8.0.2",
@@ -30163,7 +30163,7 @@
      "license": "MIT",
      "dependencies": {
        "@usebruno/schema": "^0.7.0",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
        "jscodeshift": "^17.3.0",
        "lodash": "^4.17.21",
        "nanoid": "3.3.8",
@@ -30304,7 +30304,7 @@
        "https-proxy-agent": "^7.0.2",
        "iconv-lite": "^0.6.3",
        "is-valid-path": "^0.1.1",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
        "lodash": "^4.17.21",
        "mime-types": "^2.1.35",
        "nanoid": "3.3.8",
@@ -31544,7 +31544,7 @@
        "hosted-git-info": "^4.1.0",
        "is-ci": "^3.0.0",
        "isbinaryfile": "^5.0.0",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
        "lazy-val": "^1.0.5",
        "minimatch": "^5.1.1",
        "read-config-file": "6.3.2",
@@ -31591,7 +31591,7 @@
        "http-proxy-agent": "^5.0.0",
        "https-proxy-agent": "^5.0.1",
        "is-ci": "^3.0.0",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
        "source-map-support": "^0.5.19",
        "stat-mode": "^1.0.0",
        "temp-file": "^3.4.0"
@@ -31722,7 +31722,7 @@
        "builder-util-runtime": "9.2.4",
        "fs-extra": "^10.1.0",
        "iconv-lite": "^0.6.2",
-        "js-yaml": "^4.1.0"
+        "js-yaml": "^4.1.1"
      },
      "optionalDependencies": {
        "dmg-license": "^1.0.11"
@@ -32272,7 +32272,7 @@
        "express-basic-auth": "^1.2.1",
        "fast-xml-parser": "^5.0.8",
        "http-proxy": "^1.18.1",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
        "jsonwebtoken": "^9.0.2",
        "lodash": "^4.17.21",
        "multer": "^1.4.5-lts.1",
--- a/packages/bruno-cli/package.json
+++ b/packages/bruno-cli/package.json
@@ -65,7 +65,7 @@
    "http-proxy-agent": "^7.0.0",
    "https-proxy-agent": "^7.0.2",
    "iconv-lite": "^0.6.3",
-    "js-yaml": "^4.1.0",
+    "js-yaml": "^4.1.1",
    "lodash": "^4.17.21",
    "qs": "^6.11.0",
    "socks-proxy-agent": "^8.0.2",
--- a/packages/bruno-converters/package.json
+++ b/packages/bruno-converters/package.json
@@ -20,7 +20,7 @@
  },
  "dependencies": {
    "@usebruno/schema": "^0.7.0",
-    "js-yaml": "^4.1.0",
+    "js-yaml": "^4.1.1",
    "jscodeshift": "^17.3.0",
    "lodash": "^4.17.21",
    "nanoid": "3.3.8",
--- a/packages/bruno-electron/package.json
+++ b/packages/bruno-electron/package.json
@@ -62,7 +62,7 @@
    "https-proxy-agent": "^7.0.2",
    "iconv-lite": "^0.6.3",
    "is-valid-path": "^0.1.1",
-    "js-yaml": "^4.1.0",
+    "js-yaml": "^4.1.1",
    "lodash": "^4.17.21",
    "mime-types": "^2.1.35",
    "nanoid": "3.3.8",
--- a/packages/bruno-tests/package.json
+++ b/packages/bruno-tests/package.json
@@ -26,7 +26,7 @@
    "express-basic-auth": "^1.2.1",
    "fast-xml-parser": "^5.0.8",
    "http-proxy": "^1.18.1",
-    "js-yaml": "^4.1.0",
+    "js-yaml": "^4.1.1",
    "jsonwebtoken": "^9.0.2",
    "lodash": "^4.17.21",
    "multer": "^1.4.5-lts.1",