diff --git a/CHANGELOG.md b/CHANGELOG.md
index d53a785..6e9d771 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,9 +6,11 @@ and this project adheres to [Semantic
 Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Changed
+- Merge PR #232, Update dependency `js-yaml` to fix DoS vulnerability
 
 ## [1.9.6] - 2019-02-27
-### Added 
+### Added
 - Merge PR #227, adding Depreciation/Retirement Notice to README.md
 
 ### Fixed
@@ -193,8 +195,8 @@ Versioning](http://semver.org/spec/v2.0.0.html).
 ### Fixed
 - Merge PR #60, allowing a single wildcard as a string within the template
 - Merge PR #65, allowing forked branches to run tests
-- Merge PR #71, fixing maps, see #69 and #68 
-- Merge PR #63, fixing if intrinsic functions, see 
+- Merge PR #71, fixing maps, see #69 and #68
+- Merge PR #63, fixing if intrinsic functions, see
 
 ## [1.1.7] - 2017-10-07
 ### Changed
diff --git a/package.json b/package.json
index b4c3865..9dcde4d 100644
--- a/package.json
+++ b/package.json
@@ -19,13 +19,13 @@
     "colors": "^1.2.1",
     "commander": "^2.15.0",
     "core-js": "^2.5.1",
-    "js-yaml": "^3.7.0",
     "merge-options": "^1.0.1",
     "opn": "^5.2.0",
     "winston": "^2.4.0",
     "sha.js": "^2.4.11",
     "source-map-support": "^0.5.0",
-    "safe-buffer": "^5.1.1"
+    "safe-buffer": "^5.1.1",
+    "js-yaml": "^3.13.0"
   },
   "devDependencies": {
     "@types/chai": "^4.0.4",
@@ -39,10 +39,10 @@
     "@types/source-map-support": "^0.4.0",
     "@types/winston": "^2.3.7",
     "chai": "latest",
-    "mocha": "latest",
-    "typescript": "~2.6.2",
     "dependency-check": "^2.9.1",
-    "proxyquire-2": "^1.0.7"
+    "mocha": "^5.2.0",
+    "proxyquire-2": "^1.0.7",
+    "typescript": "~2.6.2"
   },
   "scripts": {
     "build": "tsc",