Skovorodan

**Name of the Vulnerable Software and Affected Versions** Yarn versions prior to 1.17.3 **Description** The issue is related to missing encryption of sensitive data. Specifically, HTTP URLs in the lockfile cause unencrypted authentication data to be sent over the network. **Recommendations** For versions prior to 1.17.3, update to version 1.17.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of HTTP URLs in the lockfile to minimize the risk of sending unencrypted authentication data over the network.