yaml-validator icon indicating copy to clipboard operation
yaml-validator copied to clipboard

Published 20 hours ago verified publisher icon paazmaya

Migrate off of check-type dependency due to security vulnerability

Open noahnu opened this issue 10 months ago • 0 comments

Expected behaviour

yaml-validator should not depend on vulnerable dependencies.

Actual behaviour

yaml-validator depends on check-type, last published 10 years ago. It is no longer maintained. It brings in [email protected] which suffers from the security vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2021-23358

Versions and environment

  • Operating system:
  • Node.js: lts/iron
  • npm:
  • yaml-validator:

Thank you and have some :grapes:.

noahnu avatar Apr 20 '24 17:04 noahnu