cloudfoundry-community · pmuellr · Dec 2, 2025 · Dec 2, 2025 · alumni · Dec 3, 2025
diff --git a/README.md b/README.md
@@ -325,6 +325,14 @@ When you visit the site, you'll see the output of various cfenv calls.
 changes
 ================================================================================
 
+**1.2.5** - 2025/12/01
+
+- upgrade `js.yaml` to 4.1.x for [CVE-2025-64718][] - [pr #56][]
+
+[pr #56]: https://github.com/cloudfoundry-community/node-cfenv/pull/56
+
+[CVE-2025-64718]: https://www.cve.org/CVERecord?id=CVE-2025-64718
+
 **1.2.4** - 2021/04/03
 
 - upgrade most dependencies, but not CoffeeScript, since the latest

diff --git a/lib/cfenv.js b/lib/cfenv.js
diff --git a/lib/server.js b/lib/server.js
diff --git a/package.json b/package.json
@@ -2,7 +2,7 @@
     "name": "cfenv",
     "main": "./lib/cfenv",
     "description": "easy access to your Cloud Foundry application environment",
-    "version": "1.2.4",
+    "version": "1.2.5",
     "author": "pmuellr",
     "license": "Apache-2.0",
     "homepage": "https://github.com/cloudfoundry-community/node-cfenv",
@@ -17,7 +17,7 @@
         "watch": "jbuild watch"
     },
     "dependencies": {
-        "js-yaml": "4.0.x",
+        "js-yaml": "4.1.x",
         "ports": "1.1.x",
         "underscore": "1.12.x"
-        "js-yaml": "4.1.x",
-        "ports": "1.1.x",
-        "underscore": "1.12.x"
+        "js-yaml": "^4.1.1",
+        "ports": "^1.1.0",
+        "underscore": "^1.13.7"
-        "js-yaml": "4.1.x",
-        "ports": "1.1.x",
-        "underscore": "1.12.x"
+        "js-yaml": "^4.1.1",
+        "ports": "^1.1.0",
+        "underscore": "^1.13.7"
     },