Commit 51c28c2
fix(deps): [release-2.8] bump yaml to ^2.8.3 (SNYK-JS-YAML-15765520) (#2416)
yaml is reachable in frontend/src (rp-connect pipeline parsing, MCP
config, yaml-label-sync — 5+ direct imports), so this is a direct-dep
fix rather than a .snyk dismissal.
Before:
- yaml@2.7.0 (direct — vulnerable)
- yaml@2.6.1 (via vitest/ast-v8-to-istanbul chain — vulnerable)
- yaml@1.10.2 ×3 (via @emotion/css > babel-plugin-macros > cosmiconfig
— vulnerable even though dev/build-only)
After: all 5 resolve to yaml@2.8.3 via the single overrides/resolutions
entry. Snyk scan confirms 0 yaml findings post-fix.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent 63d3c9a commit 51c28c2
3 files changed
Lines changed: 197 additions & 283 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
37 | 37 | | |
38 | 38 | | |
39 | 39 | | |
40 | | - | |
| 40 | + | |
| 41 | + | |
41 | 42 | | |
42 | 43 | | |
43 | 44 | | |
| |||
90 | 91 | | |
91 | 92 | | |
92 | 93 | | |
93 | | - | |
| 94 | + | |
94 | 95 | | |
95 | 96 | | |
96 | 97 | | |
| |||
132 | 133 | | |
133 | 134 | | |
134 | 135 | | |
135 | | - | |
| 136 | + | |
| 137 | + | |
136 | 138 | | |
137 | 139 | | |
0 commit comments