Security vulnerability at js-yaml

[pyrho]

A security issue had been found in js-yml which is a direct dependency of tslint.
js-yml 3.13.0 fixes the issue.

yarn audit output:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ js-yaml                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.13.0                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ tslint                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ tslint > js-yaml                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/788                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

[adidahiya]

Fixed by #4595

[vinaydasari]

@adidahiya Could you please release next version, so we can get benefit of this commit? Thank you

[adidahiya]

@vinaydasari the commit from #4595 has been available since 5.15.0

[vinaydasari]

@adidahiya My bad. I was referring to 4663.
I found this issue with js-yaml and thought this is the one. But this is a different issue.
The PR above fixes it but it hasn't been released yet. It will be useful if you can release the new version as we are also close to the cadence as well I guess. And thanks alot for the quick response, really appreciate it.

[adidahiya]

tslint's dependency range doesn't block you from upgrading js-yaml. it's a ^ version range so you should be able to get the latest js-yaml installed without any change from tslint itself