Any option to mitigate CVE-2025-64718?

**Describe the bug**
We are seeing findings for CVE-2025-64718 and hoping there is a way to update to JS-YAML 4.1.1 in the dependency chain.

**To Reproduce**
Scan with a CVE scanner like Snyk.

**Actual behavior** 
A clear and concise description of what happens.

**Expected behavior**
No finding of CVE-2025-64718 in OpenAPI-Explorer - which depends on this package.

**Examples and context**

<img width="1473" height="279" alt="Image" src="https://github.com/user-attachments/assets/f2a85ba6-0139-44e6-a22d-9e9a4d11d45a" />


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Any option to mitigate CVE-2025-64718? #6

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Any option to mitigate CVE-2025-64718? #6

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions