Skip to content

Security vulnerability: Update js-yaml from 4.1.0 to 4.1.1 to fix prototype pollution (BDSA-2025-27523) #970

New issue
New issue
Open
Open
Security vulnerability: Update js-yaml from 4.1.0 to 4.1.1 to fix prototype pollution (BDSA-2025-27523)#970
@helinsuezer

Description

@helinsuezer
helinsuezer
opened on Dec 1, 2025

Hello!

There is a vulnerability issue with one of the dependencies. Would you be able to fix it? Thanks for maintaining this package.

Vulnerability: js-yaml 4.1.0 has a prototype pollution vulnerability (BDSA-2025-27523) that allows attackers to modify object prototypes via crafted YAML with proto nodes.

Current version: 4.1.0
Fixed version: 4.1.1+

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions