Security vulnerability: Update js-yaml from 4.1.0 to 4.1.1 to fix prototype pollution (BDSA-2025-27523) #970

New issue

Open

#971

@helinsuezer

Description

@helinsuezer

helinsuezer

opened

on Dec 1, 2025

Hello!

There is a vulnerability issue with one of the dependencies. Would you be able to fix it? Thanks for maintaining this package.

Vulnerability: js-yaml 4.1.0 has a prototype pollution vulnerability (BDSA-2025-27523) that allows attackers to modify object prototypes via crafted YAML with proto nodes.

Current version: 4.1.0
Fixed version: 4.1.1+

Metadata

Assignees

No one assigned

Labels

No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security vulnerability: Update js-yaml from 4.1.0 to 4.1.1 to fix prototype pollution (BDSA-2025-27523) #970

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions