Skip to content

deps: Update js-yaml to ^4.1.0#172

Open
Zearin wants to merge 1 commit into
jonschlinkert:masterfrom
Zearin:deps
Open

deps: Update js-yaml to ^4.1.0#172
Zearin wants to merge 1 commit into
jonschlinkert:masterfrom
Zearin:deps

Conversation

@Zearin

@Zearin Zearin commented Apr 13, 2024

Copy link
Copy Markdown

The latest version of js-yaml uses the “safe” function variants by default now.

The migration guide for v3 to v4 is here, if you want to check for any edge cases.

The latest version of `js-yaml` uses the “safe” function variants by default now.

The [migration guide for v3 to v4 is here](https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md), if you want to check for any edge cases.
@Eric-Arellano

Copy link
Copy Markdown

Hey @jonschlinkert, any chance you would be willing to please merge this and deploy a new release? js-yaml has a CVE that was only patched in v4 and not v3. https://www.mend.io/vulnerability-database/CVE-2025-64718

@6543

6543 commented Jun 19, 2026

Copy link
Copy Markdown

@jonschlinkert gengle ping after some time, bumping this would be realy nice!

also a new version tag afterwards would also help ... it was quite some time since the last version release ...

Comment thread bower.json
"dependencies": {
"define-property": "^2.0.2",
"js-yaml": "^3.11.0",
"js-yaml": "^4.1.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

newer version available ... but i can overwrite that in my project ... i need the code-change for the major bump ...

@slorber

slorber commented Jun 19, 2026

Copy link
Copy Markdown

FYI there's a maintained fork here with this upgrade included: https://github.com/11ty/gray-matter

Already adopted by Eleventy and Docusaurus (see facebook/docusaurus#12181)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants