fix(node-js-yaml): CVE-2025-64718 by deepin-ci-robot · Pull Request #2 · deepin-community/node-js-yaml

deepin-ci-robot · 2026-05-06T00:25:28Z

Security Update

CVE-2025-64718: Fix prototype pollution in merge (<<) operator.

Upstream: nodeca/js-yaml@383665f
Generated-By: glm-5.1
Co-Authored-By: hudeng hudeng@deepin.org

Generated by AI

deepin-ci-robot · 2026-05-06T00:25:40Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign qaqland for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

https:/raw.githubusercontent.com/deepin-community/template-repository/master/debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

github-actions · 2026-05-06T00:25:40Z

TAG Bot

TAG: 4.1.0+dfsg+_4.0.5-7deepin1
EXISTED: no
DISTRIBUTION: unstable

Fix prototype pollution in merge (<<) operator. Upstream: nodeca/js-yaml@383665f Generated-By: glm-5.1 Co-Authored-By: hudeng <hudeng@deepin.org>

The patch was missing the 'diff --git' header for test/issues/0164.js, causing quilt to fail when applying patches. This fix adds the proper git diff header.

hudeng-go · 2026-05-09T06:13:47Z

/integrate

github-actions · 2026-05-09T06:14:20Z

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#3973
PrNumber: 3973
PrBranch: auto-integration-25593833948

deepin-ci-robot requested a review from chenchongbiao May 6, 2026 00:25

deepin-ci-robot added generated-by-ai cve labels May 6, 2026

fix(node-js-yaml): CVE-2025-64718

9a0ad21

Fix prototype pollution in merge (<<) operator. Upstream: nodeca/js-yaml@383665f Generated-By: glm-5.1 Co-Authored-By: hudeng <hudeng@deepin.org>

deepin-ci-robot force-pushed the fix/CVE-2025-64718 branch from e9a38be to 9a0ad21 Compare May 6, 2026 04:19

fix(patch): correct CVE-2025-64718 patch format

38b52fd

The patch was missing the 'diff --git' header for test/issues/0164.js, causing quilt to fail when applying patches. This fix adds the proper git diff header.

deepin-community-ci-bot Bot mentioned this pull request May 9, 2026

auto integration deepin-community/node-js-yaml deepin-community/Repository-Integration#3973

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(node-js-yaml): CVE-2025-64718#2

fix(node-js-yaml): CVE-2025-64718#2
deepin-ci-robot wants to merge 2 commits intomasterfrom
fix/CVE-2025-64718

deepin-ci-robot commented May 6, 2026

Uh oh!

deepin-ci-robot commented May 6, 2026

Uh oh!

github-actions Bot commented May 6, 2026

Uh oh!

hudeng-go commented May 9, 2026

Uh oh!

github-actions Bot commented May 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

deepin-ci-robot commented May 6, 2026

Security Update

Uh oh!

deepin-ci-robot commented May 6, 2026

Uh oh!

github-actions Bot commented May 6, 2026

Uh oh!

hudeng-go commented May 9, 2026

Uh oh!

github-actions Bot commented May 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants