New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump js-yaml to fix Denial of Servic vulnerability #11550
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
Note to merger: The commit summary should start with "Upgrade: ".
What do the release cycles of ESLint look like? When can we expect the next release? |
Hi @vernondegoede. Per our readme, we release every 2 weeks. You can use this link to track our release management issues:
release
|
Cool, thanks @platinumazure. I like how @eslintbot is used for automation of almost everything. |
What is the purpose of this pull request? (put an "X" next to item)
[ ] Documentation update
[ ] Bug fix (template)
[ ] New rule (template)
[ ] Changes an existing rule (template)
[ ] Add autofixing to a rule
[ ] Add a CLI option
[ ] Add something to the core
[X] Other, please explain:
What changes did you make? (Give an overview)
js-yaml
dependency to fix https://www.npmjs.com/advisories/788.Is there anything you'd like reviewers to focus on?
Please check whether everything still works as expected after bumping the version.
This shouldn't be the case, as explained in the
js-yaml
CHANGELOG.