Skip to content

build(deps): bump js-yaml from 4.1.1 to 4.2.0 in /frontend#212

Open
Tetramputechture wants to merge 1 commit into
mainfrom
deps/frontend-js-yaml-4.2.0
Open

build(deps): bump js-yaml from 4.1.1 to 4.2.0 in /frontend#212
Tetramputechture wants to merge 1 commit into
mainfrom
deps/frontend-js-yaml-4.2.0

Conversation

@Tetramputechture

Copy link
Copy Markdown

Resolves Dependabot alert OpenHands#564 (MODERATE) — GHSA-h67p-54hq-rp68: quadratic-complexity DoS in js-yaml merge key handling via repeated aliases.

Change

  • js-yaml 4.1.1 → 4.2.0 (transitive dependency, lockfile only)

No package.json change. Lockfile edited surgically (no unrelated drift).

🤖 Generated with Claude Code

Resolves Dependabot alert OpenHands#564 (MODERATE) GHSA-h67p-54hq-rp68:
quadratic-complexity DoS in merge key handling via repeated aliases.

Transitive dependency; lockfile only.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant