From f429fa94e360cf62f1da5c8e70d6ad01f566b795 Mon Sep 17 00:00:00 2001 From: Bijin A B Date: Fri, 21 Nov 2025 17:42:31 +0530 Subject: [PATCH] fix(security): prototype pollution vulnerability in js-yaml (#6168) --- package-lock.json | 32 +++++++++++++------------- packages/bruno-cli/package.json | 2 +- packages/bruno-converters/package.json | 2 +- packages/bruno-electron/package.json | 2 +- packages/bruno-tests/package.json | 2 +- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2e473bf84..ad4fd8d9b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3906,7 +3906,7 @@ "globals": "^14.0.0", "ignore": "^5.2.0", "import-fresh": "^3.2.1", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "minimatch": "^3.1.2", "strip-json-comments": "^3.1.1" }, @@ -4469,9 +4469,9 @@ } }, "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "version": "3.14.2", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz", + "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==", "dev": true, "license": "MIT", "dependencies": { @@ -11639,7 +11639,7 @@ "dependencies": { "env-paths": "^2.2.1", "import-fresh": "^3.3.0", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "parse-json": "^5.2.0" }, "engines": { @@ -17787,9 +17787,9 @@ "license": "MIT" }, "node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", "license": "MIT", "dependencies": { "argparse": "^2.0.1" @@ -22268,7 +22268,7 @@ "config-file-ts": "^0.2.4", "dotenv": "^9.0.2", "dotenv-expand": "^5.1.0", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "json5": "^2.2.0", "lazy-val": "^1.0.4" }, @@ -28539,7 +28539,7 @@ "http-proxy-agent": "^7.0.0", "https-proxy-agent": "^7.0.2", "iconv-lite": "^0.6.3", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "lodash": "^4.17.21", "qs": "^6.11.0", "socks-proxy-agent": "^8.0.2", @@ -30163,7 +30163,7 @@ "license": "MIT", "dependencies": { "@usebruno/schema": "^0.7.0", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "jscodeshift": "^17.3.0", "lodash": "^4.17.21", "nanoid": "3.3.8", @@ -30304,7 +30304,7 @@ "https-proxy-agent": "^7.0.2", "iconv-lite": "^0.6.3", "is-valid-path": "^0.1.1", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "lodash": "^4.17.21", "mime-types": "^2.1.35", "nanoid": "3.3.8", @@ -31544,7 +31544,7 @@ "hosted-git-info": "^4.1.0", "is-ci": "^3.0.0", "isbinaryfile": "^5.0.0", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "lazy-val": "^1.0.5", "minimatch": "^5.1.1", "read-config-file": "6.3.2", @@ -31591,7 +31591,7 @@ "http-proxy-agent": "^5.0.0", "https-proxy-agent": "^5.0.1", "is-ci": "^3.0.0", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "source-map-support": "^0.5.19", "stat-mode": "^1.0.0", "temp-file": "^3.4.0" @@ -31722,7 +31722,7 @@ "builder-util-runtime": "9.2.4", "fs-extra": "^10.1.0", "iconv-lite": "^0.6.2", - "js-yaml": "^4.1.0" + "js-yaml": "^4.1.1" }, "optionalDependencies": { "dmg-license": "^1.0.11" @@ -32272,7 +32272,7 @@ "express-basic-auth": "^1.2.1", "fast-xml-parser": "^5.0.8", "http-proxy": "^1.18.1", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "jsonwebtoken": "^9.0.2", "lodash": "^4.17.21", "multer": "^1.4.5-lts.1", diff --git a/packages/bruno-cli/package.json b/packages/bruno-cli/package.json index c298273b4..99a4c907a 100644 --- a/packages/bruno-cli/package.json +++ b/packages/bruno-cli/package.json @@ -65,7 +65,7 @@ "http-proxy-agent": "^7.0.0", "https-proxy-agent": "^7.0.2", "iconv-lite": "^0.6.3", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "lodash": "^4.17.21", "qs": "^6.11.0", "socks-proxy-agent": "^8.0.2", diff --git a/packages/bruno-converters/package.json b/packages/bruno-converters/package.json index 77f8c45c1..4e780e56e 100644 --- a/packages/bruno-converters/package.json +++ b/packages/bruno-converters/package.json @@ -20,7 +20,7 @@ }, "dependencies": { "@usebruno/schema": "^0.7.0", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "jscodeshift": "^17.3.0", "lodash": "^4.17.21", "nanoid": "3.3.8", diff --git a/packages/bruno-electron/package.json b/packages/bruno-electron/package.json index a5712543d..4c4256dd8 100644 --- a/packages/bruno-electron/package.json +++ b/packages/bruno-electron/package.json @@ -62,7 +62,7 @@ "https-proxy-agent": "^7.0.2", "iconv-lite": "^0.6.3", "is-valid-path": "^0.1.1", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "lodash": "^4.17.21", "mime-types": "^2.1.35", "nanoid": "3.3.8", diff --git a/packages/bruno-tests/package.json b/packages/bruno-tests/package.json index 45b2ac18d..8cfe133e7 100644 --- a/packages/bruno-tests/package.json +++ b/packages/bruno-tests/package.json @@ -26,7 +26,7 @@ "express-basic-auth": "^1.2.1", "fast-xml-parser": "^5.0.8", "http-proxy": "^1.18.1", - "js-yaml": "^4.1.0", + "js-yaml": "^4.1.1", "jsonwebtoken": "^9.0.2", "lodash": "^4.17.21", "multer": "^1.4.5-lts.1",