Skip to content

Bump js-yaml #115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from

Bump js-yaml

7625532
Select commit
Loading
Failed to load commit list.
Open

Bump js-yaml #115

Bump js-yaml
7625532
Select commit
Loading
Failed to load commit list.
Appcues WSS / WhiteSource Security Check failed Nov 18, 2025 in 2m 4s

Security Report

You have successfully remediated 2 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2025-64718

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-native-0.79.5.tgz (Root Library)

   -> community-cli-plugin-0.79.5.tgz

     -> metro-config-0.82.5.tgz

       -> cosmiconfig-5.2.1.tgz

         -> ❌ js-yaml-3.14.2.tgz (Vulnerable Library)

Medium 5.3 js-yaml-3.14.2.tgz Upgrade to version: js-yaml - 4.1.1 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2025-64718 js-yaml-3.14.1.tgz
CVE-2025-64718 js-yaml-4.1.0.tgz

Base branch total remaining vulnerabilities: 4
Base branch commit: 0156f0289a690b11d552f2952174b38f2762a59b


Total libraries scanned: 680

Scan token: 7c35e1ba77724b4b82b22b10074226e4

View more details on Appcues WSS