Skip to content

Commit b5400aa

Browse files
ignaciosantiseclaude
ignaciosantise
and
claude
committed
fix: use js-yaml 3.14.2 instead of 4.1.1 to maintain API compatibility
js-yaml 4.x removed safeLoad/safeDump functions used by @changesets/parse. The security fix for js-yaml 3.x is 3.14.2, which maintains backward compatibility while patching the prototype pollution vulnerability. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent 6389490 commit b5400aa

File tree

4 files changed

+131
-30
lines changed

4 files changed

+131
-30
lines changed

examples/expo-multichain/package-lock.json

Lines changed: 109 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/expo-multichain/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@
8484
"qs": "6.14.1",
8585
"undici": "6.23.0",
8686
"preact": "10.28.2",
87-
"js-yaml": "4.1.1",
87+
"js-yaml": "3.14.2",
8888
"valibot": "1.2.0"
8989
},
9090
"private": true

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@
102102
"qs": "6.14.1",
103103
"undici": "6.23.0",
104104
"preact": "10.28.2",
105-
"js-yaml": "4.1.1",
105+
"js-yaml": "3.14.2",
106106
"valibot": "1.2.0",
107107
"hono": "4.11.4"
108108
}

yarn.lock

Lines changed: 20 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -7143,10 +7143,12 @@ __metadata:
71437143
languageName: node
71447144
linkType: hard
71457145

7146-
"argparse@npm:^2.0.1":
7147-
version: 2.0.1
7148-
resolution: "argparse@npm:2.0.1"
7149-
checksum: 83644b56493e89a254bae05702abf3a1101b4fa4d0ca31df1c9985275a5a5bd47b3c27b7fa0b71098d41114d8ca000e6ed90cad764b306f8a503665e4d517ced
7146+
"argparse@npm:^1.0.7":
7147+
version: 1.0.10
7148+
resolution: "argparse@npm:1.0.10"
7149+
dependencies:
7150+
sprintf-js: ~1.0.2
7151+
checksum: 7ca6e45583a28de7258e39e13d81e925cfa25d7d4aacbf806a382d3c02fcb13403a07fb8aeef949f10a7cfe4a62da0e2e807b348a5980554cc28ee573ef95945
71507152
languageName: node
71517153
linkType: hard
71527154

@@ -10131,7 +10133,7 @@ __metadata:
1013110133
languageName: node
1013210134
linkType: hard
1013310135

10134-
"esprima@npm:~4.0.0":
10136+
"esprima@npm:^4.0.0, esprima@npm:~4.0.0":
1013510137
version: 4.0.1
1013610138
resolution: "esprima@npm:4.0.1"
1013710139
bin:
@@ -13025,14 +13027,15 @@ __metadata:
1302513027
languageName: node
1302613028
linkType: hard
1302713029

13028-
"js-yaml@npm:4.1.1":
13029-
version: 4.1.1
13030-
resolution: "js-yaml@npm:4.1.1"
13030+
"js-yaml@npm:3.14.2":
13031+
version: 3.14.2
13032+
resolution: "js-yaml@npm:3.14.2"
1303113033
dependencies:
13032-
argparse: ^2.0.1
13034+
argparse: ^1.0.7
13035+
esprima: ^4.0.0
1303313036
bin:
1303413037
js-yaml: bin/js-yaml.js
13035-
checksum: ea2339c6930fe048ec31b007b3c90be2714ab3e7defcc2c27ebf30c74fd940358f29070b4345af0019ef151875bf3bc3f8644bea1bab0372652b5044813ac02d
13038+
checksum: 626fc207734a3452d6ba84e1c8c226240e6d431426ed94d0ab043c50926d97c509629c08b1d636f5d27815833b7cfd225865631da9fb33cb957374490bf3e90b
1303613039
languageName: node
1303713040
linkType: hard
1303813041

@@ -17376,6 +17379,13 @@ __metadata:
1737617379
languageName: node
1737717380
linkType: hard
1737817381

17382+
"sprintf-js@npm:~1.0.2":
17383+
version: 1.0.3
17384+
resolution: "sprintf-js@npm:1.0.3"
17385+
checksum: 19d79aec211f09b99ec3099b5b2ae2f6e9cdefe50bc91ac4c69144b6d3928a640bb6ae5b3def70c2e85a2c3d9f5ec2719921e3a59d3ca3ef4b2fd1a4656a0df3
17386+
languageName: node
17387+
linkType: hard
17388+
1737917389
"ssri@npm:^10.0.0":
1738017390
version: 10.0.6
1738117391
resolution: "ssri@npm:10.0.6"

0 commit comments

Comments
 (0)