Hello,
Thanks for backporting yarnpkg (source node-yarnpkg) to buster-backports, with version 1.19.1.
There is now a 1.22.4 in testing:
stable: 1.13.0-1+deb10u1
stable-bpo: 1.19.1-1~bpo10+1
testing: 1.22.4-2
unstable: 1.22.4-2
and it fixes a rather worrying security vulnerability:
> Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
Would you please update the backport to the new version from testing?
Thanks, kind regards,
Greg