Yep 4.0.4 Fix May 2026

The following critical CVEs (Common Vulnerabilities and Exposures) have been patched in this version:

This write-up covers the key security and functional fixes for the release, which addresses several critical vulnerabilities across core components. Release Overview

If you are managing an environment using these packages, follow these remediation steps to ensure a clean update: Yep 4.0.4 fix

: Fixes multiple vulnerabilities, including CVE-2021-3695 and CVE-2022-28733, which could potentially allow for unauthorized boot access.

: Patches CVE-2022-35252 to improve the security of data transfers. : Run a clean command (e

: Run a clean command (e.g., npm cache clean or your build system's equivalent) to prevent old, vulnerable artifacts from persisting.

: Fixes CVE-2022-35737 to prevent potential crashes or data corruption during database operations. : Run a clean command (e.g.

: Addresses five separate security flaws (CVE-2021-3507 through CVE-2022-0358) related to virtualization and hardware emulation.