Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: removing yaml dependency #1650

Merged
merged 1 commit into from
Apr 28, 2023
Merged

fix: removing yaml dependency #1650

merged 1 commit into from
Apr 28, 2023

Conversation

JGibson2019
Copy link
Contributor

Details

Removed the yaml dependency and updated to a later version of the cosmiconfig package that uses js-yaml instead

Motivation

The older version of yaml had a security vulnerability. Since the dependency was introduced by cosmiconfig, opted to update this package, which switched to the js-yaml parser

Context

Pull request checklist

  • [N/A] Addresses an existing issue: Fixes #0000
  • [N/A] Added relevant unit test for your changes. (yarn test)
  • Verified code coverage for the changes made. Check coverage report at: <rootDir>/test-results/unit/coverage
  • Ran precheckin (yarn precheckin)

@JGibson2019 JGibson2019 requested a review from a team as a code owner April 28, 2023 20:04
@JGibson2019 JGibson2019 merged commit ced3b7c into main Apr 28, 2023
@DaveTryon DaveTryon deleted the yamlUpgrade branch August 8, 2023 23:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dbjorge dbjorge dbjorge approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JGibson2019 @dbjorge