Skip to content

Bump the dev-dependencies group across 1 directory with 2 updates#2163

Merged
graduta merged 2 commits into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-daa772fb2a
Jun 16, 2026
Merged

Bump the dev-dependencies group across 1 directory with 2 updates#2163
graduta merged 2 commits into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-daa772fb2a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-dependencies group with 2 updates in the / directory: js-yaml and puppeteer.

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates puppeteer from 25.0.4 to 25.1.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v25.1.0

25.1.0 (2026-05-26)

🎉 Features

🛠️ Fixes

📄 Documentation

🏗️ Refactor

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 3.0.3 to 3.0.4

puppeteer: v25.1.0

25.1.0 (2026-05-26)

🎉 Features

  • roll to Chrome 149.0.7827.2 (af1b9be)

🛠️ Fixes

🏗️ Refactor

... (truncated)

Changelog

Sourced from puppeteer's changelog.

25.1.0 (2026-05-26)

🎉 Features

🛠️ Fixes

🏗️ Refactor

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 3.0.3 to 3.0.4

📄 Documentation

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 16, 2026
@dependabot dependabot Bot requested a review from isaachilly as a code owner June 16, 2026 05:02
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 16, 2026
@codecov

codecov Bot commented Jun 16, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 45.79%. Comparing base (07e7a88) to head (d06419b).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #2163   +/-   ##
=======================================
  Coverage   45.79%   45.79%           
=======================================
  Files        1037     1037           
  Lines       17265    17265           
  Branches     3140     3140           
=======================================
  Hits         7907     7907           
  Misses       9358     9358           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Bumps the dev-dependencies group with 2 updates in the / directory: [js-yaml](https://github.com/nodeca/js-yaml) and [puppeteer](https://github.com/puppeteer/puppeteer).


Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

Updates `puppeteer` from 25.0.4 to 25.1.0
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md)
- [Commits](puppeteer/puppeteer@puppeteer-v25.0.4...puppeteer-v25.1.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: puppeteer
  dependency-version: 25.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the dev-dependencies group with 2 updates Bump the dev-dependencies group across 1 directory with 2 updates Jun 16, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-daa772fb2a branch from 7a7056b to 2d9b5db Compare June 16, 2026 11:51
@graduta graduta merged commit 3f3fede into main Jun 16, 2026
55 of 59 checks passed
@graduta graduta deleted the dependabot/npm_and_yarn/dev-dependencies-daa772fb2a branch June 16, 2026 12:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Development

Successfully merging this pull request may close these issues.

1 participant