chore(deps): bump js-yaml from 4.1.1 to 4.2.0#4286
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
|
|
Contributor
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.2.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.1...4.2.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
d1f11ba to
659bd74
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps js-yaml from 4.1.1 to 4.2.0.
Changelog
Sourced from js-yaml's changelog.
Commits
590dbab4.2.0 releasedf944dc5Add package.json funding fieldf692719Changelog update9971a06Fix digits in YAML named tag handles464a5b8Fix flow scalar trailing whitespace folding, close #3071fda4f7Tests for #567, #565031ad07Stop resolving numbers with underscores as numeric scalars, #627e46d223CI config update9023feeAdd lockfile990e6f4Docs updateNote
Low Risk
Dependency-only bump with no code changes; low risk overall, with a small chance of YAML parse differences where external/untrusted YAML is loaded.
Overview
Bumps direct
js-yamldependencies from 4.1.x to^4.2.0incron_service,packages_worker, andsecurity_best_practices_worker, withpnpm-lock.yamlpinning resolved 4.3.0 and updating transitive consumers (e.g. ESLint, cosmiconfig, OpenAPI tooling) off 4.1.1.There are no application code changes—only version ranges and lockfile churn (including unrelated lockfile edits such as
needlegit resolution and AWS SDK peer-dependency wiring).4.2.x brings parser hardening (merge-related DoS fix, default
maxDepth, merge-length limits) and behavior changes such as no longer treating numbers with underscores as numeric scalars; services thatyaml.loadexternal YAML (e.g. OpenStack governance, Security Insights) may see stricter or slightly different parse results without any call-site updates in this PR.Reviewed by Cursor Bugbot for commit 659bd74. Bugbot is set up for automated code reviews on this repo. Configure here.