[Snyk] Upgrade js-yaml from 3.10.0 to 3.14.1

[NOUIY]

Snyk has created this PR to upgrade js-yaml from 3.10.0 to 3.14.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 8 versions ahead of your current version.
• The recommended version was released 4 years ago, on 2020-12-07.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: js-yaml

• 3.14.1 - 2020-12-07
  

  3.14.1 released

• 3.14.0 - 2020-05-22
  

  3.14.0 released

• 3.13.1 - 2019-04-05
  

  3.13.1 released

• 3.13.0 - 2019-03-20
  

  3.13.0 released

• 3.12.2 - 2019-02-26
  

  3.12.2 released

• 3.12.1 - 2019-01-05
  

  3.12.1 released

• 3.12.0 - 2018-06-01
  

  3.12.0 released

• 3.11.0 - 2018-03-05
  

  3.11.0 released

• 3.10.0 - 2017-09-11

from js-yaml GitHub release notes

Commit messages

Package name: js-yaml

• 37caaad 3.14.1 released
• 094c0f7 dist rebuild
• 9586ebe Avoid calling hasOwnProperty of user-controlled objects
• 34e5072 3.14.0 released
• 7b25c83 Browser files rebuild
• 6f73473 Dev deps bump
• 0c29349 Travis-CI: drop old nodejs versions
• 10be97e fix(loader): Add support for `safe/loadAll(input, options)`
• d6983dd Fix issue [Snyk] Upgrade gulp-replace from 0.5.4 to 0.6.1 #526: wrong quote position writing condensed flow ([Snyk] Upgrade js-yaml from 3.10.0 to 3.14.1 #527)
• 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
• e569cc7 readme: update titelift info
• 8fb2905 changelog format update
• 33c2236 Verify that there are no null-bytes in input
• aeb6828 Check the node type for !<?> tag in case user manually specifies it
• 3e93973 Merge pull request [Snyk] Upgrade js-yaml from 3.10.0 to 3.14.1 #523 from tmcw/unpkg-jsdelivr-fields
• b565e1a Add unpkg and jsdelivr fields to point to browser build
• d9fe622 Merge pull request [Snyk] Upgrade gulp-connect from 5.5.0 to 5.7.0 #521 from vcache/feature/dumper-spec-compilance
• 667b3a1 dumper: don't quote strings with # without need
• 2fcb465 Add equals sign to list of unsafe values for plain styling ([Snyk] Upgrade js-yaml from 3.10.0 to 3.14.1 #519)
• 54074ae Merge pull request [Snyk] Upgrade gulp-connect from 5.5.0 to 5.7.0 #513 from MartijnCuppens/patch-1
• ae24505 Use `const` where appropriate
• 3db03f2 README: add Tidelift link
• 1d88bd1 README cleanup
• 2334c9b Create FUNDING.yml

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs