diff --git a/deny.toml b/deny.toml index fba427e8a3..a4e5203d77 100644 --- a/deny.toml +++ b/deny.toml @@ -10,4 +10,5 @@ unsound = "none" # See: https://github.com/block/goose/issues/7008 ignore = [ "RUSTSEC-2024-0370", # proc-macro-error is unmaintained + "RUSTSEC-2023-0071", # rsa: Marvin Attack timing sidechannel (no safe upgrade available, via jsonwebtoken) ] diff --git a/evals/open-model-gym/suite/package-lock.json b/evals/open-model-gym/suite/package-lock.json index 6c4864b908..3c9c510279 100644 --- a/evals/open-model-gym/suite/package-lock.json +++ b/evals/open-model-gym/suite/package-lock.json @@ -9,7 +9,7 @@ "version": "0.1.0", "dependencies": { "glob": "^11.0.0", - "yaml": "^2.4.0" + "yaml": "^2.8.3" }, "devDependencies": { "@types/node": "^22.0.0", @@ -1065,9 +1065,9 @@ } }, "node_modules/yaml": { - "version": "2.8.2", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.2.tgz", - "integrity": "sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==", + "version": "2.8.3", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz", + "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==", "license": "ISC", "bin": { "yaml": "bin.mjs" diff --git a/evals/open-model-gym/suite/package.json b/evals/open-model-gym/suite/package.json index d3eaaceb0b..a01fdbbecb 100644 --- a/evals/open-model-gym/suite/package.json +++ b/evals/open-model-gym/suite/package.json @@ -9,7 +9,7 @@ }, "dependencies": { "glob": "^11.0.0", - "yaml": "^2.4.0" + "yaml": "^2.8.3" }, "devDependencies": { "@types/node": "^22.0.0",