[0.81][0.80][0.79]Component Governance critical alert Upgrade js-yaml from 3.14.1 to 3.14.2

[HariniMalothu17]

Description This bug needs version update in 0.81,0.80,0.79 Impact In js-yaml 4.1.0, 4.0.0, and 3.14.1 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (proto). All users who parse untrusted yaml documents may be impacted.

Patches Problem is patched in js-yaml 4.1.1 and 3.14.2.

Workarounds You can protect against this kind of attack on the server by using node --disable-proto=delete or deno (in Deno, pollution protection is on by default). Recommendation Upgrade js-yaml from 3.14.1 to 3.14.2 to fix the vulnerability.