Skip to content

chore(deps): bump js-yaml from 4.1.1 to 4.2.0 in /api-docs#7342

Open
dependabot[bot] wants to merge 2 commits into
masterfrom
dependabot/npm_and_yarn/api-docs/js-yaml-4.2.0
Open

chore(deps): bump js-yaml from 4.1.1 to 4.2.0 in /api-docs#7342
dependabot[bot] wants to merge 2 commits into
masterfrom
dependabot/npm_and_yarn/api-docs/js-yaml-4.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026
edited by jstirnaman
Loading

Copy link
Copy Markdown
Contributor

Bumps js-yaml from 4.1.1 to 4.2.0.

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Please review:

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 16, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 16, 2026 16:30
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 16, 2026
@dependabot dependabot Bot requested review from sanderson and removed request for a team June 16, 2026 16:30
@dependabot dependabot Bot added the javascript Pull requests that update javascript code label Jun 16, 2026
@github-actions

github-actions Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

📦 PR Preview — Preview Bot

Status Details
Result ✅ DEPLOYED
Preview View preview
Pages 3 page(s) deployed
Build time 68s
Last updated 2026-06-16 22:09:31 UTC
Pages included in this preview
  • /influxdb3/core/get-started/
  • /telegraf/v1/plugins/
  • /influxdb3/enterprise/api/

Preview auto-deploys on push. Will be cleaned up when PR closes.

@jdstrand

jdstrand commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/api-docs/js-yaml-4.2.0 branch 2 times, most recently from 9af8723 to ad6ae05 Compare June 16, 2026 21:21
@jdstrand

jdstrand commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot
chore(deps): bump js-yaml from 4.1.1 to 4.2.0 in /api-docs
e03de7f 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.2.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/api-docs/js-yaml-4.2.0 branch from ad6ae05 to e03de7f Compare June 16, 2026 21:27
@github-actions

github-actions Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor
PR Preview Action v1.4.8
🚀 Deployed preview to https://influxdata.github.io/docs-v2/pr-preview/pr-7342/
on branch gh-pages at 2026-06-16 22:09 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdstrand jdstrand jdstrand approved these changes

@sanderson sanderson Awaiting requested review from sanderson sanderson is a code owner automatically assigned from influxdata/docs-team

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jdstrand @jstirnaman