Greetings folks! The js-yaml issue addressed here is causing us a bit of grief with our vulnerability checks in the Google npm modules. Thank you so much for the quick fix. Would it be possible to cut a patch release with the change so npm audit stops poking us? Thank you!
JustinBeckwith
All 7 comments
cc @bcoe @ofrobots
JustinBeckwith
on 31 Mar 2019
Seconded, it's a bit of a pain in our CI as well.
daerion
on 1 Apr 2019
As far as I know, a new release is blocked by https://github.com/mochajs/mocha/milestone/27 I'm basing this on an explanation from @boneskull in https://gitter.im/mochajs/contributors. Relevant messages start March 18th.
In particular, discussion on https://github.com/mochajs/mocha/pull/3829 has stalled.
There's a simpler fix proposed in https://github.com/mochajs/mocha/pull/3823, pending approval by the maintainers. (I submitted it, so it's the one issue I've been following)
cspotcode
on 1 Apr 2019
sorry been busy w other work. will try to look into it this week
boneskull
on 2 Apr 2019
@boneskull thank you!
nullivex
on 2 Apr 2019
boneskull
on 3 Apr 2019
@boneskull thank you \o/ totally understand being busy.
bcoe
on 3 Apr 2019
Related issues
3p3r
路
3Comments
robertherber
路
3Comments
adamhooper
路
3Comments
jmiller-airfox
路
3Comments
luoxi001713
路
3Comments
Most helpful comment
Seconded, it's a bit of a pain in our CI as well.