Skip to content

build(deps-dev): bump the npm group with 2 updates#4418

Merged
actions-bot merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-c2da3951d5
Jul 1, 2026
Merged

build(deps-dev): bump the npm group with 2 updates#4418
actions-bot merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-c2da3951d5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm group with 2 updates: js-yaml and prettier.

Updates js-yaml from 5.0.0 to 5.2.0

Changelog

Sourced from js-yaml's changelog.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.
Commits
  • c28ed5e 5.2.0 released
  • 125cd5a Add maxAliases option
  • 3105455 Replace maxMergeSeqLengthoption with maxTotalMergeKeys (more robust)
  • 39d00d6 numbers: Drop boxed numbers support, simplify .identify() checks, clarify rou...
  • eb5cb5b fix: round-trip integers that stringify in exponential notation (#771)
  • 89024c4 Update migration info, close #770
  • f1e45cd 5.1.0 released
  • 53b22be Fix constructor coverage
  • a1eaa2b Fix quote style options and restore forceQuotes
  • 0532e7d Add finalizers for immutable collection tags
  • Additional commits viewable in compare view

Updates prettier from 3.8.4 to 3.9.1

Release notes

Sourced from prettier's releases.

3.9.1

🔗 Changelog

3.9.0

diff

🔗 Prettier 3.9: Major parser upgrades and Formatting improvements

3.8.5

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.1

diff

CLI: Fix ignored file has been cached incorrectly (#19483 by @​kovsu)

Bug details prettier/prettier#18016

3.9.0

diff

🔗 Release Notes

3.8.5

diff

Flow: Support readonly as a variance annotation (#19022 by @​marcoww6)

Flow now accepts readonly as a property variance annotation, equivalent to + (covariant/read-only).

// Input
type T = {
  readonly foo: string,
};
// Prettier 3.8.4
SyntaxError
// Prettier 3.8.5
type T = {
readonly foo: string,
};

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm group with 2 updates: [js-yaml](https://github.com/nodeca/js-yaml) and [prettier](https://github.com/prettier/prettier).


Updates `js-yaml` from 5.0.0 to 5.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.0.0...5.2.0)

Updates `prettier` from 3.8.4 to 3.9.1
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.4...3.9.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: prettier
  dependency-version: 3.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 1, 2026
@actions-bot actions-bot enabled auto-merge (squash) July 1, 2026 12:33
@actions-bot actions-bot merged commit 653ba8b into main Jul 1, 2026
6 checks passed
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Full test suite slash command (repository admin only)

/test repository=peter-evans/create-pull-request ref=dependabot/npm_and_yarn/npm-c2da3951d5 build=true
/test repository=peter-evans/create-pull-request ref=dependabot/npm_and_yarn/npm-c2da3951d5 build=true sign-commits=true

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm-c2da3951d5 branch July 1, 2026 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant