Skip to content

Chore(deps): Bump js-yaml from 5.0.0 to 5.2.0#270

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/js-yaml-5.2.0
Open

Chore(deps): Bump js-yaml from 5.0.0 to 5.2.0#270
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/js-yaml-5.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps js-yaml from 5.0.0 to 5.2.0.

Changelog

Sourced from js-yaml's changelog.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.
Commits
  • c28ed5e 5.2.0 released
  • 125cd5a Add maxAliases option
  • 3105455 Replace maxMergeSeqLengthoption with maxTotalMergeKeys (more robust)
  • 39d00d6 numbers: Drop boxed numbers support, simplify .identify() checks, clarify rou...
  • eb5cb5b fix: round-trip integers that stringify in exponential notation (#771)
  • 89024c4 Update migration info, close #770
  • f1e45cd 5.1.0 released
  • 53b22be Fix constructor coverage
  • a1eaa2b Fix quote style options and restore forceQuotes
  • 0532e7d Add finalizers for immutable collection tags
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.0.0 to 5.2.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.0.0...5.2.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
ymnao added a commit that referenced this pull request Jul 1, 2026
CI test job で live-preview 系 (tables.test.ts / wikilinks.test.ts) と
electron-e2e (image-rendering / mermaid-rendering) が fail。原因は
@codemirror/state 6.6→6.7 (or 関連 4 件) + mermaid 11.15→11.16 の
Decoration/parser 挙動変化と判定。ローカル vitest 2230 pass は node_modules が
前 install から未更新 (--lockfile-only) だったため、CI で新 version 反映後に
regression 発現。

追加見送り:
- #263 @codemirror/{commands,language,state,view} を元 version に戻す
- #269 mermaid 11.15.0 に戻す (@mermaid-js/parser も 1.1.1 に戻る)

残 combine 対象 (7 件):
- #261 actions/cache 5.0.5 → 6.1.0
- #262 electron 42.4.1 → 42.5.0 (実 42.5.1)
- #264 vite group (vite 8.1.1 / @vitejs/plugin-react 6.0.3)
- #265 @biomejs/biome 2.5.0 → 2.5.1
- #266 @playwright/test 1.61.0 → 1.61.1
- #267 @types/node 26.0.0 → 26.0.1
- #270 js-yaml 5.0.0 → 5.2.0

verify:
- biome check clean
- typecheck 3 config (web / node / e2e) clean
- vitest 2230 pass / 2 skipped

Refs #263 (codemirror), #269 (mermaid) — 次回別 PR で対応 (live-preview の
Table/FencedCode SyntaxTree 判定 / image widget / mermaid render を新 API に
追従させる必要あり)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants