Steps to reproduce
Steps:
npm inpm audit
Current behavior
# npm audit report
yaml 2.0.0 - 2.8.2
Severity: moderate
yaml is vulnerable to Stack Overflow via deeply nested YAML collections - https://github.com/advisories/GHSA-48c2-rrv3-qjmp
fix available via `npm audit fix --force`
Will install @toolpad/core@0.1.55, which is a breaking change
node_modules/yaml
@toolpad/utils *
Depends on vulnerable versions of yaml
node_modules/@toolpad/utils
@toolpad/core >=0.2.0
Depends on vulnerable versions of @toolpad/utils
node_modules/@toolpad/core
3 moderate severity vulnerabilities
Expected behavior
No response
Context
npm audit fix does not solve the problem even with --force
Your environment
npx @mui/envinfo
System:
OS: Windows 11 10.0.26100
Binaries:
Node: 24.13.1 - C:\nvm4w\nodejs\node.EXE
npm: 11.12.0 - C:\nvm4w\nodejs\npm.CMD
pnpm: Not Found
Browsers:
Chrome: 146.0.7680.165
Edge: Not Found
npmPackages:
@base-ui/utils: 0.2.6
@emotion/react: 11.14.0 => 11.14.0
@emotion/styled: 11.14.1 => 11.14.1
@mui/core-downloads-tracker: 7.3.9
@mui/icons-material: 7.3.9 => 7.3.9
@mui/material: 7.3.9 => 7.3.9
@mui/mcp: 0.1.0 => 0.1.0
@mui/private-theming: 7.3.9
@mui/styled-engine: 7.3.9
@mui/system: 7.3.9
@mui/types: 7.4.12
@mui/utils: 7.3.9
@mui/x-data-grid: 8.28.1
@mui/x-data-grid-premium: 8.28.1 => 8.28.1
@mui/x-data-grid-pro: 8.28.1
@mui/x-date-pickers: 8.27.2
@mui/x-date-pickers-pro: 8.27.2 => 8.27.2
@mui/x-internal-exceljs-fork: 4.4.3
@mui/x-internals: 8.26.0
@mui/x-license: 8.26.0
@mui/x-telemetry: 8.20.0
@mui/x-tree-view: 8.27.2
@mui/x-tree-view-pro: 8.27.2 => 8.27.2
@mui/x-virtualizer: 0.3.4
@toolpad/core: 0.16.0 => 0.16.0
@toolpad/utils: 0.16.0
@types/react: 19.2.14
react: 19.2.4 => 19.2.4
react-dom: 19.2.4 => 19.2.4
typescript: 5.9.3 => 5.9.3
Search keywords: YAML vulnerabilities
Steps to reproduce
Steps:
npm inpm auditCurrent behavior
Expected behavior
No response
Context
npm audit fixdoes not solve the problem even with --forceYour environment
npx @mui/envinfoSearch keywords: YAML vulnerabilities