Skip to content

fix: resolve CVE-2026-53550 in js-yaml#587

Merged
benoitf merged 1 commit into
redhat-developer:mainfrom
benoitf:cve-fix/cve-2026-53550-main
Jun 18, 2026
Merged

fix: resolve CVE-2026-53550 in js-yaml#587
benoitf merged 1 commit into
redhat-developer:mainfrom
benoitf:cve-fix/cve-2026-53550-main

Conversation

@benoitf

@benoitf benoitf commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

What does this PR do?

Fix moderate severity vulnerability CVE-2026-53550 in js-yaml.

Advisory: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases
Vulnerable versions: <=4.1.1
Patched versions: >=4.2.0
Advisory URL: GHSA-h67p-54hq-rp68

Screenshot / video of UI

N/A - dependency update only.

What issues does this PR fix or reference?

Fixes CVE-2026-53550: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

How to test this PR?

Run pnpm audit and verify CVE-2026-53550 is no longer reported

Upgrade js-yaml to satisfy >=4.2.0
Advisory: GHSA-h67p-54hq-rp68

Co-authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
@benoitf

benoitf commented Jun 18, 2026

Copy link
Copy Markdown
Collaborator Author

cc @feloy @SoniaSandler

got an approval from @simonrey1 but I need a domain approval to unlock the merge

@benoitf benoitf merged commit b21ae5a into redhat-developer:main Jun 18, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants