fix: add npm override for js-yaml to resolve security vulnerability

ajamadar-mdsol · ajamadar-mdsol · commit c11730760c2a · 2025-11-17T07:30:19.000Z
- Add js-yaml ^4.1.1 to package.json overrides - Fixes prototype pollution vulnerability (GHSA-mh29-5h37-fv8m) in js-yaml <4.1.1 - Forces all transitive dependencies to use the patched version - Resolves conflict between js-yaml 3.x (via @codeceptjs/detox-helper) and 4.x - All tests passing (unit and runner tests verified)
diff --git a/package.json b/package.json
@@ -198,6 +198,7 @@
     }
   },
   "overrides": {
-    "tmp": "0.2.5"
+    "tmp": "0.2.5",
+    "js-yaml": "^4.1.1"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -198,6 +198,7 @@`
`198`	`198`	`}`
`199`	`199`	`},`
`200`	`200`	`"overrides": {`
`201`		`- "tmp": "0.2.5"`
	`201`	`+ "tmp": "0.2.5",`
	`202`	`+ "js-yaml": "^4.1.1"`
`202`	`203`	`}`
`203`	`204`	`}`