Skip to content

build(deps): bump js-yaml from 5.1.0 to 5.2.0#1199

Merged
crazy-max merged 1 commit into
mainfrom
dependabot/npm_and_yarn/js-yaml-4.2.0
Jun 29, 2026
Merged

build(deps): bump js-yaml from 5.1.0 to 5.2.0#1199
crazy-max merged 1 commit into
mainfrom
dependabot/npm_and_yarn/js-yaml-4.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 28, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps js-yaml from 5.1.0 to 5.2.0.

Changelog

Sourced from js-yaml's changelog.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)
Commits
  • c28ed5e 5.2.0 released
  • 125cd5a Add maxAliases option
  • 3105455 Replace maxMergeSeqLengthoption with maxTotalMergeKeys (more robust)
  • 39d00d6 numbers: Drop boxed numbers support, simplify .identify() checks, clarify rou...
  • eb5cb5b fix: round-trip integers that stringify in exponential notation (#771)
  • 89024c4 Update migration info, close #770
  • See full diff in compare view

@dependabot
build(deps): bump js-yaml from 5.1.0 to 5.2.0
8d43aa3 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.1.0 to 5.2.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.1.0...5.2.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump js-yaml from 4.1.1 to 4.2.0 build(deps): bump js-yaml from 5.1.0 to 5.2.0 Jun 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/js-yaml-4.2.0 branch from 9f79149 to 8d43aa3 Compare June 29, 2026 09:55
@crazy-max crazy-max merged commit b8bb2fd into main Jun 29, 2026
116 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/js-yaml-4.2.0 branch June 29, 2026 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crazy-max crazy-max crazy-max approved these changes

Assignees

No one assigned

Labels

bot dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@crazy-max