Skip to content

chore(deps): bump yaml from 2.8.2 to 2.8.3#43

Merged
maxgolov merged 1 commit intomainfrom
dependabot/npm_and_yarn/yaml-2.8.3
Apr 11, 2026
Merged

chore(deps): bump yaml from 2.8.2 to 2.8.3#43
maxgolov merged 1 commit intomainfrom
dependabot/npm_and_yarn/yaml-2.8.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 27, 2026
edited
Loading

Bumps yaml from 2.8.2 to 2.8.3.

Release notes

Sourced from yaml's releases.

v2.8.3

  • Add trailingComma ToString option for multiline flow formatting (#670)
  • Catch stack overflow during node composition (1e84ebb)
Commits
  • ce14587 2.8.3
  • 1e84ebb fix: Catch stack overflow during node composition
  • 6b24090 ci: Include Prettier check in lint action
  • 9424dee chore: Refresh lockfile
  • d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
  • 4321509 ci: Drop the branch filter from GitHub PR actions
  • 47207d0 chore: Update docs-slate
  • 5212fae chore: Update docs-slate
  • See full diff in compare view

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 27, 2026
@dependabot dependabot bot requested a review from maxgolov as a code owner March 27, 2026 02:15
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 27, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 27, 2026
edited
Loading

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 51b9fe6.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/yaml 2.8.3 🟢 7.2
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/20 approved changesets -- score normalized to 0
Maintained🟢 1029 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool detected but not run on all commits

Scanned Files

  • package-lock.json

maxgolov
maxgolov approved these changes Apr 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@maxgolov maxgolov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot security patch (yaml 2.8.2 -> 2.8.3). CI green. LGTM.

@maxgolov
Copy link
Copy Markdown
Contributor

maxgolov commented Apr 11, 2026

@dependabot rebase

@dependabot
chore(deps): bump yaml from 2.8.2 to 2.8.3
51b9fe6 
Bumps [yaml](https://github.com/eemeli/yaml) from 2.8.2 to 2.8.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.2...v2.8.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/yaml-2.8.3 branch from df97827 to 51b9fe6 Compare April 11, 2026 19:25
@maxgolov maxgolov merged commit 83f41cd into main Apr 11, 2026
9 checks passed
@maxgolov maxgolov deleted the dependabot/npm_and_yarn/yaml-2.8.3 branch April 11, 2026 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maxgolov maxgolov maxgolov approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maxgolov