Skip to content

build(deps): bump smol-toml from 1.6.0 to 1.6.1#832

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/smol-toml-1.6.1
Closed

build(deps): bump smol-toml from 1.6.0 to 1.6.1#832
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/smol-toml-1.6.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 25, 2026
edited
Loading

Bumps smol-toml from 1.6.0 to 1.6.1.

Release notes

Sourced from smol-toml's releases.

v1.6.1

This release addresses a minor security vulnerability where an attacker-controlled TOML document can exploit an unrestricted recustion and cause a stack overflow error with a document that contains thousands of sucessive commented lines. Security advisory: GHSA-v3rj-xjv7-4jmq

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 25, 2026
@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented Mar 25, 2026

PR author is in the excluded authors list.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 7, 2026

Dependabot doesn't support the 'updating transitive dependencies' feature for pnpm package_manager. Because of this, Dependabot cannot update this pull request.

@dependabot
chore(deps): bump smol-toml from 1.6.0 to 1.6.1
5af981e 
Bumps [smol-toml](https://github.com/squirrelchat/smol-toml) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/squirrelchat/smol-toml/releases)
- [Commits](squirrelchat/smol-toml@v1.6.0...v1.6.1)

---
updated-dependencies:
- dependency-name: smol-toml
  dependency-version: 1.6.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump smol-toml from 1.6.0 to 1.6.1 build(deps): bump smol-toml from 1.6.0 to 1.6.1 Apr 19, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/smol-toml-1.6.1 branch from 1a37287 to 5af981e Compare April 19, 2026 22:31
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 20, 2026

Looks like smol-toml is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 20, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/smol-toml-1.6.1 branch April 20, 2026 22:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants