Skip to content

chore(deps): bump yaml from 1.10.2 to 1.10.3#544

Closed
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/yaml-1.10.3
Closed

chore(deps): bump yaml from 1.10.2 to 1.10.3#544
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/yaml-1.10.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 26, 2026
edited
Loading

Bumps yaml from 1.10.2 to 1.10.3.

Commits
  • cfe8f04 1.10.3
  • 7abcf45 fix: Catch stack overflow during CST composition
  • a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
  • a5e83b0 style: Apply updates Prettier rules
  • b8ddca0 chore: Refresh lockfile
  • 395f892 ci: Use a different (working) submodule checkout
  • 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
  • See full diff in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 26, 2026
@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Mar 26, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 4a4a97d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 26, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedeslint@​8.57.18910010050100
Addedjest@​29.7.01001006894100
Addedprop-types@​15.8.19910010083100

View full report

@dependabot
chore(deps): bump yaml from 1.10.2 to 1.10.3
4a4a97d 
Bumps [yaml](https://github.com/eemeli/yaml) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v1.10.2...v1.10.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 1.10.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/yaml-1.10.3 branch from a6f48ca to 4a4a97d Compare March 30, 2026 14:22
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 30, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 30, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm entities is 91.0% likely obfuscated

Confidence: 0.91

Location: Package overview

From: ?npm/entities@4.5.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 30, 2026

Looks like yaml is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Mar 30, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/yaml-1.10.3 branch March 30, 2026 15:14
@github-actions github-actions bot locked and limited conversation to collaborators Mar 30, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants