Skip to content

build(deps): bump js-yaml from 4.1.1 to 4.2.0#4991

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/js-yaml-4.2.0
Open

build(deps): bump js-yaml from 4.1.1 to 4.2.0#4991
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/js-yaml-4.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps js-yaml from 4.1.1 to 4.2.0.

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump js-yaml from 4.1.1 to 4.2.0
f4f68d5 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.2.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added area/frontend Needs frontend code changes dependency-upgrade Dependency upgrade is needed labels Jun 19, 2026
@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

## 🔦 Lighthouse Benchmark

Tested: https://ks-dependabot-npm-and-yarn-js-yam-docs.kestra-io.workers.dev on 2026-06-19 07:51 UTC
No baseline available — scores will appear after the first merge to main

Scores (0–100, higher is better)

Page Performance Accessibility Best Practices SEO
Home 79 83 56 85
Pricing 98 91 56 100
Enterprise 97 82 56 100
Cloud 94 87 56 100
About Us 82 91 56 100
Docs Landing 98 88 56 92
Contribute to Kestra (simple docs) 99 88 56 92
Flow (full featured docs) 89 90 56 92
Blog Index 64 91 56 100
Blog Post (sample) 90 87 56 100
VS Page (sample) 97 88 56 100
Plugins Landing 93 81 56 92
Plugin Page (sample) 94 87 56 100
Plugin Debug Page (sample) 95 87 56 100
Plugin Debug Return Page (sample) 93 88 56 100
Blueprints Landing 94 80 56 92
Blueprint Audit Logs CSV Export 70 86 56 100

Core Web Vitals (lower is better)

Page LCP FCP TBT CLS Speed Index
Home 1.45 s 0.70 s 289 ms 0.000 2.16 s
Pricing 1.00 s 0.66 s 16 ms 0.000 0.83 s
Enterprise 1.27 s 0.56 s 24 ms 0.000 0.76 s
Cloud 1.55 s 0.53 s 43 ms 0.000 0.89 s
About Us 3.19 s 0.74 s 24 ms 0.000 0.96 s
Docs Landing 0.92 s 0.57 s 81 ms 0.003 0.90 s
Contribute to Kestra (simple docs) 0.96 s 0.56 s 30 ms 0.003 0.84 s
Flow (full featured docs) 1.93 s 0.61 s 103 ms 0.000 1.24 s
Blog Index 7.11 s 1.12 s 63 ms 0.000 27.43 s
Blog Post (sample) 2.09 s 0.56 s 14 ms 0.000 0.82 s
VS Page (sample) 1.22 s 0.55 s 26 ms 0.000 0.71 s
Plugins Landing 1.09 s 0.51 s 34 ms 0.000 2.23 s
Plugin Page (sample) 1.10 s 0.55 s 96 ms 0.051 1.71 s
Plugin Debug Page (sample) 1.00 s 0.56 s 83 ms 0.001 1.80 s
Plugin Debug Return Page (sample) 1.02 s 0.53 s 130 ms 0.025 1.88 s
Blueprints Landing 1.32 s 0.78 s 23 ms 0.000 1.69 s
Blueprint Audit Logs CSV Export 1.06 s 0.58 s 156 ms 0.485 2.00 s
Legend

🟢 improved  ·  🔻 regressed  ·  (blank) no significant change
Score threshold: ±10 pts  ·  Metric threshold: ±30% of baseline

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/frontend Needs frontend code changes dependency-upgrade Dependency upgrade is needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants