rusackas commented on code in PR #37434:
URL: https://github.com/apache/superset/pull/37434#discussion_r2734366481
##########
docs/yarn.lock:
##########
@@ -8782,6 +9219,13 @@ js-yaml-loader@^1.2.2:
loader-utils "^1.2.3"
un-eval "^1.2.0"
[email protected]:
Review Comment:
This is a transitive dependency pulled in by other packages in the
dependency tree. Our `package.json` specifies `"js-yaml": "^4.1.1"`. The lock
file is generated by `yarn install` and the resolved version is determined by
the dependency tree. Additionally, CVE-2025-64718 doesn't appear to be a
verified CVE in the NVD database — this may be a false positive from the bot's
vulnerability scanner.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
