SharePoint Framework 1.8.1 relies on js-yaml@3.9.1 which has a known security vulnerability.

Regular Visitor

My organization has an internal node package management system.  No code with known security vulnerabilities can be uploaded to that repository.  The following 2 packages in SPFX 1.8.1 rely on js-yaml@3.9.1, which has a known security vulnerability.  Is there any way to get a version that can use js-yaml@3.13.1 so that I can bring it in for use? 


"@microsoft/sp-build-web": "1.8.1",
"@microsoft/sp-webpart-workbench": "1.8.1",



0 Replies