[Snyk] Upgrade yaml from 2.6.0 to 2.8.0 #24
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade yaml from 2.6.0 to 2.8.0. See this package in npm: yaml See this project in Snyk: https://app.snyk.io/org/security-labs/project/e52268f1-2785-4cd0-99cb-29e16ecf0e5d?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade yaml from 2.6.0 to 2.8.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 4 versions ahead of your current version.
The recommended version was released a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-OCTOKITENDPOINT-8730856
SNYK-JS-OCTOKITPLUGINPAGINATEREST-8730855
SNYK-JS-OCTOKITREQUEST-8730853
SNYK-JS-OCTOKITREQUESTERROR-8730854
Release notes
Package name: yaml
-
2.8.0 - 2025-05-15
- Add node cache for faster alias resolution (#612)
- Re-introduce compatibility with Node.js 14.6 (#614)
- Add
- Improve error for tag resolution error on null value (#616)
- Allow empty string as plain scalar representation, for failsafe schema (#616)
- docs: include cli example (#617)
-
2.7.1 - 2025-03-29
- Do not allow seq with single-line collection value on same line with map key (#603)
- Improve warning & avoid TypeError on bad YAML 1.1 nodes (#610)
-
2.7.0 - 2024-12-31
- Use .ts extension in all relative imports (#591)
- Ignore newline after block seq indicator as space before value (#590)
- Require Node.js 14.18 or later (was 14.6) (#598)
-
2.6.1 - 2024-11-19
- Do not strip
- Tighten regexp for JSON
- Default to literal block scalar if folded would overflow (#585)
-
2.6.0 - 2024-10-13
- Use a proper tag for
- Add
- Stringify a Document as a Document (#576)
- Add sponsorship by Manifest
from yaml GitHub release notes--mergeoption to CLI tool (#611)The library is now available on JSR as @ eemeli/yaml and on deno.land/x as yaml. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.
:00seconds from!!timestampvalues (#578, with thanks to @ qraynaud)!!bool(#587, with thanks to @ vra5107)!!merge <<keys (#580)stringKeysparse option (#581)Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: