Build: Upgrade to js-yaml 3.1.0

scottgonzalez · scottgonzalez · commit b5c8783f5fbb · 2014-08-19T16:27:28.000-04:00
Use `.safeLoad()` instead of `.load()`. https://nodesecurity.io/advisories/JS-YAML_Deserialization_Code_Execution
diff --git a/grunt.js b/grunt.js
@@ -54,7 +54,7 @@ grunt.registerHelper( "read-order", function( orderFile ) {
 		index = 0;
 
 	try {
-		order = yaml.load( grunt.file.read( orderFile ) );
+		order = yaml.safeLoad( grunt.file.read( orderFile ) );
 	} catch( error ) {
 		grunt.warn( "Invalid order file: " + orderFile );
 		return null;
diff --git a/package.json b/package.json
@@ -27,6 +27,6 @@
     "grunt-wordpress": "1.0.7",
     "grunt-jquery-content": "0.11.1",
     "grunt-check-modules": "0.1.0",
-    "js-yaml": "2.0.1"
+    "js-yaml": "3.1.0"
   }
 }
