May 09 2019 03:41 PM
My organization has an internal node package management system. No code with known security vulnerabilities can be uploaded to that repository. The following 2 packages in SPFX 1.8.1 rely on js-yaml@3.9.1, which has a known security vulnerability. Is there any way to get a version that can use js-yaml@3.13.1 so that I can bring it in for use?
"@microsoft/sp-build-web": "1.8.1",
"@microsoft/sp-webpart-workbench": "1.8.1",