From a83d0cd65ec3d44d55db4ff3ee25ac5c4c32b204 Mon Sep 17 00:00:00 2001
From: Victor Rubezhny <vrubezhny@redhat.com>
Date: Tue, 7 Apr 2026 15:25:43 +0200
Subject: [PATCH] [build] Fix vulnerability in yaml 1.0.0 - 1.10.2

```

yaml  1.0.0 - 1.10.2
Severity: moderate
yaml is vulnerable to Stack Overflow via deeply nested YAML collections - https://github.com/advisories/GHSA-48c2-rrv3-qjmp
fix available via `npm audit fix`
node_modules/cosmiconfig/node_modules/yaml

1 moderate severity vulnerability
```

Fixes: https://github.com/redhat-developer/vscode-openshift-tools/security/dependabot/130

Signed-off-by: Victor Rubezhny <vrubezhny@redhat.com>
---
 package-lock.json | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 9450cefd8..a9c2f5250 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7541,10 +7541,11 @@
 			}
 		},
 		"node_modules/cosmiconfig/node_modules/yaml": {
-			"version": "1.10.2",
-			"resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz",
-			"integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==",
+			"version": "1.10.3",
+			"resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.3.tgz",
+			"integrity": "sha512-vIYeF1u3CjlhAFekPPAk2h/Kv4T3mAkMox5OymRiJQB0spDP10LHvt+K7G9Ny6NuuMAb25/6n1qyUjAcGNf/AA==",
 			"dev": true,
+			"license": "ISC",
 			"peer": true,
 			"engines": {
 				"node": ">= 6"