Skip to content

chore(deps)(deps): bump js-yaml and @redocly/openapi-core in /frontend#115

Merged
vidit-admin merged 1 commit into
mainfrom
dependabot/npm_and_yarn/frontend/multi-aad9f915bb
Jul 5, 2026
Merged

chore(deps)(deps): bump js-yaml and @redocly/openapi-core in /frontend#115
vidit-admin merged 1 commit into
mainfrom
dependabot/npm_and_yarn/frontend/multi-aad9f915bb

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps js-yaml and @redocly/openapi-core. These dependencies needed to be updated together.
Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added a loader option limiting merge sequence length. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates @redocly/openapi-core from 1.34.15 to 1.34.17

Release notes

Sourced from @​redocly/openapi-core's releases.

@​redocly/openapi-core@​1.34.17

No release notes provided.

@​redocly/openapi-core@​1.34.16

Patch Changes

  • Updated js-yaml to the 4.2.0 version.
Changelog

Sourced from @​redocly/openapi-core's changelog.

1.34.17 (2026-06-30)

Patch Changes

  • Fixed a path traversal in the split command that might have written files outside the chosen --outDir.
  • Updated @​redocly/respect-core to v1.34.17.

1.34.16 (2026-06-26)

Patch Changes

  • Updated js-yaml to the 4.2.0 version.
  • Updated @​redocly/respect-core to v1.34.16.
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/frontend/multi-aad9f915bb branch from c567311 to 01e68c8 Compare July 2, 2026 16:32
@vidit-admin

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [js-yaml](https://github.com/nodeca/js-yaml) and [@redocly/openapi-core](https://github.com/Redocly/redocly-cli). These dependencies needed to be updated together.

Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.2.0)

Updates `@redocly/openapi-core` from 1.34.15 to 1.34.17
- [Release notes](https://github.com/Redocly/redocly-cli/releases)
- [Changelog](https://github.com/Redocly/redocly-cli/blob/@redocly/openapi-core@1.34.17/docs/changelog.md)
- [Commits](https://github.com/Redocly/redocly-cli/compare/@redocly/openapi-core@1.34.15...@redocly/openapi-core@1.34.17)

---
updated-dependencies:
- dependency-name: "@redocly/openapi-core"
  dependency-version: 1.34.16
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/frontend/multi-aad9f915bb branch from 01e68c8 to 3292e34 Compare July 5, 2026 22:35
@vidit-admin vidit-admin merged commit d8b4b2d into main Jul 5, 2026
11 checks passed
@vidit-admin vidit-admin deleted the dependabot/npm_and_yarn/frontend/multi-aad9f915bb branch July 5, 2026 22:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant