Skip to content

chore(deps): bump js-yaml from 4.1.1 to 4.2.0#6647

Merged
github-actions[bot] merged 2 commits into
mainfrom
dependabot/npm_and_yarn/main/js-yaml-4.2.0
Jun 4, 2026
Merged

chore(deps): bump js-yaml from 4.1.1 to 4.2.0#6647
github-actions[bot] merged 2 commits into
mainfrom
dependabot/npm_and_yarn/main/js-yaml-4.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor

Bumps js-yaml from 4.1.1 to 4.2.0.

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump js-yaml from 4.1.1 to 4.2.0
651f5fd 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.2.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 4, 2026
@github-actions github-actions Bot merged commit 98b452e into main Jun 4, 2026
18 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/main/js-yaml-4.2.0 branch June 4, 2026 23:10
davidkna-sap added a commit that referenced this pull request Jun 5, 2026
@davidkna-sap
Merge remote-tracking branch 'origin/main' into davidkna-sap_internal…
df9388d 
…-ts-shim

* origin/main:
  chore(deps): bump js-yaml from 4.1.1 to 4.2.0 (#6647)
  chore(deps): bump eslint-plugin-jsdoc from 62.9.0 to 63.0.0 (#6628)
  chore(deps): bump bignumber.js from 11.1.1 to 11.1.2 (#6644)
  chore: Set explicit workflow permissions (#6629)
  chore(deps-dev): bump turbo from 2.9.15 to 2.9.16 (#6645)
  chore(deps): bump memfs from 4.57.2 to 4.57.3 (#6643)
  chore(deps): bump eslint-plugin-prettier from 5.5.5 to 5.5.6 (#6641)
  chore(deps-dev): bump eslint from 10.4.0 to 10.4.1 (#6642)
  chore(deps-dev): bump @sap/cds-dk from 9.9.1 to 9.9.2 (#6640)
davidkna-sap added a commit that referenced this pull request Jun 8, 2026
@davidkna-sap
Merge remote-tracking branch 'origin/main' into dependabot/npm_and_ya…
6bbcf57 
…rn/main/typescript-6.0.2

* origin/main: (93 commits)
  chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#6649)
  chore(deps): bump @typescript-eslint/parser from 8.60.0 to 8.60.1 (#6654)
  chore(deps): bump typescript-eslint from 8.60.0 to 8.60.1 (#6651)
  chore(deps): bump memfs from 4.57.3 to 4.57.6 (#6655)
  chore(deps): bump axios from 1.16.1 to 1.17.0 (#6653)
  chore(deps): bump eslint-plugin-jsdoc from 63.0.0 to 63.0.1 (#6652)
  chore(deps): bump eslint-import-resolver-typescript from 4.4.4 to 4.4.5 (#6650)
  chore(deps): bump github/codeql-action from 4.36.0 to 4.36.1 (#6648)
  chore(deps): bump js-yaml from 4.1.1 to 4.2.0 (#6647)
  chore(deps): bump eslint-plugin-jsdoc from 62.9.0 to 63.0.0 (#6628)
  chore(deps): bump bignumber.js from 11.1.1 to 11.1.2 (#6644)
  chore: Set explicit workflow permissions (#6629)
  chore(deps-dev): bump turbo from 2.9.15 to 2.9.16 (#6645)
  chore(deps): bump memfs from 4.57.2 to 4.57.3 (#6643)
  chore(deps): bump eslint-plugin-prettier from 5.5.5 to 5.5.6 (#6641)
  chore(deps-dev): bump eslint from 10.4.0 to 10.4.1 (#6642)
  chore(deps-dev): bump @sap/cds-dk from 9.9.1 to 9.9.2 (#6640)
  chore: Support changeset type shorthands via shared source of truth (#6617)
  chore(deps): bump @typescript-eslint/parser from 8.59.4 to 8.60.0 (#6636)
  chore(deps-dev): bump turbo from 2.9.14 to 2.9.15 (#6637)
  ...
davidkna-sap added a commit that referenced this pull request Jun 10, 2026
@davidkna-sap
Merge remote-tracking branch 'origin/main' into davidkna-sap_rm-pup
86d9e24 
* origin/main:
  chore: Remove node 20 from build matrix (#6662)
  chore(deps-dev): bump @types/node from 22.19.19 to 22.19.20 (#6660)
  chore(deps): bump bignumber.js from 11.1.2 to 11.1.3 (#6659)
  chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2 (#6658)
  chore(deps): bump rtCamp/action-slack-notify from 2.3.3 to 2.4.0 (#6657)
  Update dependabot.yml
  chore(deps): bump semver from 7.8.1 to 7.8.2 (#6656)
  chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#6649)
  chore(deps): bump @typescript-eslint/parser from 8.60.0 to 8.60.1 (#6654)
  chore(deps): bump typescript-eslint from 8.60.0 to 8.60.1 (#6651)
  chore(deps): bump memfs from 4.57.3 to 4.57.6 (#6655)
  chore(deps): bump axios from 1.16.1 to 1.17.0 (#6653)
  chore(deps): bump eslint-plugin-jsdoc from 63.0.0 to 63.0.1 (#6652)
  chore(deps): bump eslint-import-resolver-typescript from 4.4.4 to 4.4.5 (#6650)
  chore(deps): bump github/codeql-action from 4.36.0 to 4.36.1 (#6648)
  chore(deps): bump js-yaml from 4.1.1 to 4.2.0 (#6647)
  chore(deps): bump eslint-plugin-jsdoc from 62.9.0 to 63.0.0 (#6628)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants