Skip to content

deps(website)(deps): bump js-yaml from 4.1.1 to 4.2.0 in /website in the website-minor-patch group across 1 directory#153

Merged
arnaudlh merged 1 commit into
mainfrom
dependabot/npm_and_yarn/website/website-minor-patch-4e38a52fea
Jun 3, 2026
Merged

deps(website)(deps): bump js-yaml from 4.1.1 to 4.2.0 in /website in the website-minor-patch group across 1 directory#153
arnaudlh merged 1 commit into
mainfrom
dependabot/npm_and_yarn/website/website-minor-patch-4e38a52fea

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the website-minor-patch group with 1 update in the /website directory: js-yaml.

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

@dependabot
deps(website)(deps): bump js-yaml
9cd63b0 
Bumps the website-minor-patch group with 1 update in the /website directory: [js-yaml](https://github.com/nodeca/js-yaml).


Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: website-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title deps(website)(deps): bump js-yaml from 4.1.1 to 4.2.0 in /website in the website-minor-patch group deps(website)(deps): bump js-yaml from 4.1.1 to 4.2.0 in /website in the website-minor-patch group across 1 directory Jun 3, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/website/website-minor-patch-4e38a52fea branch from ec9e9bb to 9cd63b0 Compare June 3, 2026 08:38
@arnaudlh arnaudlh merged commit 5bded2d into main Jun 3, 2026
3 checks passed
@arnaudlh arnaudlh deleted the dependabot/npm_and_yarn/website/website-minor-patch-4e38a52fea branch June 3, 2026 08:39
This was referenced Jun 4, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arnaudlh arnaudlh arnaudlh approved these changes

Assignees

No one assigned

Labels

dependencies Website

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@arnaudlh