Skip to content

build(deps): bump yaml from 1.10.2 to 1.10.3#84

Merged
kyeh-amp merged 1 commit into
mainfrom
dependabot/npm_and_yarn/yaml-1.10.3
Apr 28, 2026
Merged

build(deps): bump yaml from 1.10.2 to 1.10.3#84
kyeh-amp merged 1 commit into
mainfrom
dependabot/npm_and_yarn/yaml-1.10.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 26, 2026
edited
Loading

Bumps yaml from 1.10.2 to 1.10.3.

Commits
  • cfe8f04 1.10.3
  • 7abcf45 fix: Catch stack overflow during CST composition
  • a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
  • a5e83b0 style: Apply updates Prettier rules
  • b8ddca0 chore: Refresh lockfile
  • 395f892 ci: Use a different (working) submodule checkout
  • 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
  • See full diff in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note

Low Risk
Low risk lockfile-only dependency updates; primary impact is on build/release tooling via transitive package resolution.

Overview
Updates package-lock.json to bump yaml from 1.10.2 to 1.10.3 (new tarball/integrity).

Also loosens the lockfile entry for semantic-release-rubygem from latest to *, which may change which version gets resolved during installs.

Written by Cursor Bugbot for commit 6ede59c. This will update automatically on new commits. Configure here.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
build(deps): bump yaml from 1.10.2 to 1.10.3
6ede59c 
Bumps [yaml](https://github.com/eemeli/yaml) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v1.10.2...v1.10.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 1.10.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 26, 2026
@kyeh-amp kyeh-amp merged commit c266d7e into main Apr 28, 2026
6 of 9 checks passed
@kyeh-amp kyeh-amp deleted the dependabot/npm_and_yarn/yaml-1.10.3 branch April 28, 2026 23:47
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026

🎉 This PR is included in version 1.10.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kyeh-amp