diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4bf4f4a..058d21c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - Binaries are now compiled statically and using Go 1.18.
 - Reuse server address as typed in by the user in connect dialog instead of using resolved IP address. (Windows UI)
 - Update copyright text.
+- Update several dependencies, including yaml.v2 to fix potential looping resource hog (https://github.com/icedream/icecon/security/dependabot/1).
 
 ## [1.0.0] - 2016-05-07
 ### Added
diff --git a/go.mod b/go.mod
index 20c0a65..349c79e 100644
--- a/go.mod
+++ b/go.mod
@@ -11,4 +11,5 @@ require (
 	golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f // indirect
 	gopkg.in/Knetic/govaluate.v3 v3.0.0 // indirect
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 20ce79d..6288ee4 100644
--- a/go.sum
+++ b/go.sum
@@ -38,3 +38,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=