High severity security vulnerabilities introduced by the js-yaml v3.5.3 Tangram fork

**TANGRAM VERSION:**
Tangram version: 0.21.1
The [js-yaml fork](https://github.com/tangrams/js-yaml/blob/master/package.json) used in Tangram has high severity security vulnerabilities according to `npm audit`. That makes it difficult to use Tangram in any kind of enterprise product. Is it possible to update js-yaml to version 3.13.1 or later?

**ENVIRONMENT:**
macOS 10.15.7

**TO REPRODUCE THE ISSUE, FOLLOW THESE STEPS:**
Add Tangram as a dependency to your project. Run `npm audit` (or `yarn audit`)

**RESULT:**
```
js-yaml  <=3.13.0
Severity: high
Denial of Service - https://npmjs.com/advisories/788
Code Injection - https://npmjs.com/advisories/813
```

**EXPECTED RESULT:**
`npm audit` should not find vulnerabilities related to Tangram.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

High severity security vulnerabilities introduced by the js-yaml v3.5.3 Tangram fork #781

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

High severity security vulnerabilities introduced by the js-yaml v3.5.3 Tangram fork #781

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions