[Security] Bump yaml from 2.2.1 to 2.2.2 (!7) · Merge requests · tools / infra / k3s-generator

Dependabot requested to merge dependabot-npm_and_yarn-yaml-2.2.2 into master Apr 25, 2023

Bumps yaml from 2.2.1 to 2.2.2. This update includes a security fix.

Vulnerabilities fixed

Uncaught Exception in yaml Uncaught Exception in GitHub repository eemeli/yaml prior to 2.2.2.

Patched versions: 2.2.2 Affected versions: < 2.2.2

Release notes

Sourced from yaml's releases.

v2.2.2

This patch release includes a fix for an error that could be thrown in parseDocument for degenerate input. Otherwise, it's a patch release uplifting a few fixes from the ongoing v2.3 work to v2.2:

Use correct argument order when stringifying flow collection comments (#443)

First-line folding for block scalars (#422)

Corner case failure in error pretty-printer (CVE-2023-2251)

Commits

f21fa45 2.2.2
984f578 fix: Corner case failure in error pretty-printer
443e3aa fix: First-line folding for block scalars (fixes #422)
5af5d3d fix: Use correct argument order when stringifying flow collection comments (f...
See full diff in compare view

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot rebase will rebase this MR
$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

[Security] Bump yaml from 2.2.1 to 2.2.2

v2.2.2

Merge request reports