Skip to content

Bump js-yaml from 4.1.0 to 4.1.1#124

Merged
shadowwwind merged 1 commit into
masterfrom
dependabot/npm_and_yarn/js-yaml-4.1.1
Mar 29, 2026
Merged

Bump js-yaml from 4.1.0 to 4.1.1#124
shadowwwind merged 1 commit into
masterfrom
dependabot/npm_and_yarn/js-yaml-4.1.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Nov 15, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps js-yaml from 4.1.0 to 4.1.1.

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 15, 2025
@coderabbitai

coderabbitai Bot commented Nov 15, 2025

Copy link
Copy Markdown

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud

sonarqubecloud Bot commented Nov 15, 2025

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@shadowwwind shadowwwind requested review from shadowwwind and removed request for shadowwwind January 20, 2026 17:42
@shadowwwind

shadowwwind commented Mar 29, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot
Bump js-yaml from 4.1.0 to 4.1.1
4f7ea8f 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/js-yaml-4.1.1 branch from b0ed1a8 to 4f7ea8f Compare March 29, 2026 19:17
@sonarqubecloud

sonarqubecloud Bot commented Mar 29, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@shadowwwind shadowwwind merged commit 94c54c1 into master Mar 29, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/js-yaml-4.1.1 branch March 29, 2026 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shadowwwind shadowwwind shadowwwind approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shadowwwind