Skip to content

Bump js-yaml, @idearium/eslint-config and eslint#96

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-ff91a9e3de
Open

Bump js-yaml, @idearium/eslint-config and eslint#96
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-ff91a9e3de

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps js-yaml to 4.2.0 and updates ancestor dependencies js-yaml, @idearium/eslint-config and eslint. These dependencies need to be updated together.

Updates js-yaml from 3.14.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

... (truncated)

Commits

Updates @idearium/eslint-config from 4.0.0 to 5.0.0

Changelog

Sourced from @​idearium/eslint-config's changelog.

v5.0.0 - 2025-04-09

Changed

  • Upgraded packages.
Commits

Updates eslint from 7.31.0 to 9.24.0

Release notes

Sourced from eslint's releases.

v9.24.0

Features

  • 556c25b feat: support loading TS config files using --experimental-strip-types (#19401) (Arya Emami)
  • 72650ac feat: support TS syntax in init-declarations (#19540) (Nitin Kumar)
  • 03fb0bc feat: normalize patterns to handle "./" prefix in files and ignores (#19568) (Pixel998)
  • 071dcd3 feat: support TS syntax in no-dupe-class-members (#19558) (Nitin Kumar)
  • cd72bcc feat: Introduce a way to suppress violations (#19159) (Iacovos Constantinou)
  • 2a81578 feat: support TS syntax in no-loss-of-precision (#19560) (Nitin Kumar)
  • 30ae4ed feat: add new options to class-methods-use-this (#19527) (sethamus)
  • b79ade6 feat: support TypeScript syntax in no-array-constructor (#19493) (Tanuj Kanti)

Bug Fixes

  • b23d1c5 fix: deduplicate variable names in no-loop-func error messages (#19595) (Nitin Kumar)
  • fb8cdb8 fix: use any[] type for context.options (#19584) (Francesco Trotta)

Documentation

  • f857820 docs: update documentation for --experimental-strip-types (#19594) (Nikolas Schröter)
  • 803e4af docs: simplify gitignore path handling in includeIgnoreFile section (#19596) (Thomas Broyer)
  • 6d979cc docs: Update README (GitHub Actions Bot)
  • 82177e4 docs: Update README (GitHub Actions Bot)
  • e849dc0 docs: replace existing var with const (#19578) (Sweta Tanwar)
  • 0c65c62 docs: don't pass filename when linting rule examples (#19571) (Milos Djermanovic)
  • 6be36c9 docs: Update custom-rules.md code example of fixer (#19555) (Yifan Pan)

Build Related

  • 366e369 build: re-enable Prettier formatting for package.json files (#19569) (Francesco Trotta)

Chores

  • ef67420 chore: upgrade @​eslint/js@​9.24.0 (#19602) (Milos Djermanovic)
  • 4946847 chore: package.json update for @​eslint/js release (Jenkins)
  • a995acb chore: correct 'flter'/'filter' typo in package script (#19587) (Josh Goldberg ✨)
  • b9a5efa test: skip symlink test on Windows (#19503) (fisker Cheung)
  • 46eea6d chore: remove Rule & FormatterFunction from shared/types.js (#19556) (Nitin Kumar)
  • bdcc91d chore: modify .editorconfig to keep parity with prettier config (#19577) (Sweta Tanwar)
  • 7790d83 chore: fix some typos in comment (#19576) (todaymoon)
  • 76064a6 test: ignore package-lock.json for eslint-webpack-plugin (#19572) (Francesco Trotta)

v9.23.0

Features

  • 557a0d2 feat: support TypeScript syntax in no-useless-constructor (#19535) (Josh Goldberg ✨)
  • 8320241 feat: support TypeScript syntax in default-param-last (#19431) (Josh Goldberg ✨)
  • 833c4a3 feat: defineConfig() supports "flat/" config prefix (#19533) (Nicholas C. Zakas)
  • 4a0df16 feat: circular autofix/conflicting rules detection (#19514) (Milos Djermanovic)
  • be56a68 feat: support TypeScript syntax in class-methods-use-this (#19498) (Josh Goldberg ✨)

Bug Fixes

  • 0e20aa7 fix: move deprecated RuleContext methods to subtype (#19531) (Francesco Trotta)
  • cc3bd00 fix: reporting variable used in catch block in no-useless-assignment (#19423) (Tanuj Kanti)
  • d46ff83 fix: no-dupe-keys false positive with proto setter (#19508) (Milos Djermanovic)
  • e732773 fix: navigation of search results on pressing Enter (#19502) (Tanuj Kanti)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.24.0 - April 4, 2025

  • ef67420 chore: upgrade @​eslint/js@​9.24.0 (#19602) (Milos Djermanovic)
  • 4946847 chore: package.json update for @​eslint/js release (Jenkins)
  • f857820 docs: update documentation for --experimental-strip-types (#19594) (Nikolas Schröter)
  • 803e4af docs: simplify gitignore path handling in includeIgnoreFile section (#19596) (Thomas Broyer)
  • 6d979cc docs: Update README (GitHub Actions Bot)
  • b23d1c5 fix: deduplicate variable names in no-loop-func error messages (#19595) (Nitin Kumar)
  • 556c25b feat: support loading TS config files using --experimental-strip-types (#19401) (Arya Emami)
  • 82177e4 docs: Update README (GitHub Actions Bot)
  • a995acb chore: correct 'flter'/'filter' typo in package script (#19587) (Josh Goldberg ✨)
  • 72650ac feat: support TS syntax in init-declarations (#19540) (Nitin Kumar)
  • 03fb0bc feat: normalize patterns to handle "./" prefix in files and ignores (#19568) (Pixel998)
  • b9a5efa test: skip symlink test on Windows (#19503) (fisker Cheung)
  • 46eea6d chore: remove Rule & FormatterFunction from shared/types.js (#19556) (Nitin Kumar)
  • fb8cdb8 fix: use any[] type for context.options (#19584) (Francesco Trotta)
  • 071dcd3 feat: support TS syntax in no-dupe-class-members (#19558) (Nitin Kumar)
  • e849dc0 docs: replace existing var with const (#19578) (Sweta Tanwar)
  • bdcc91d chore: modify .editorconfig to keep parity with prettier config (#19577) (Sweta Tanwar)
  • 7790d83 chore: fix some typos in comment (#19576) (todaymoon)
  • cd72bcc feat: Introduce a way to suppress violations (#19159) (Iacovos Constantinou)
  • 2a81578 feat: support TS syntax in no-loss-of-precision (#19560) (Nitin Kumar)
  • 366e369 build: re-enable Prettier formatting for package.json files (#19569) (Francesco Trotta)
  • 30ae4ed feat: add new options to class-methods-use-this (#19527) (sethamus)
  • b79ade6 feat: support TypeScript syntax in no-array-constructor (#19493) (Tanuj Kanti)
  • 0c65c62 docs: don't pass filename when linting rule examples (#19571) (Milos Djermanovic)
  • 76064a6 test: ignore package-lock.json for eslint-webpack-plugin (#19572) (Francesco Trotta)
  • 6be36c9 docs: Update custom-rules.md code example of fixer (#19555) (Yifan Pan)

v9.23.0 - March 21, 2025

  • 0ac8ea4 chore: update dependencies for v9.23.0 release (#19554) (Francesco Trotta)
  • 20591c4 chore: package.json update for @​eslint/js release (Jenkins)
  • 901344f chore: update dependency @​eslint/json to ^0.11.0 (#19552) (renovate[bot])
  • 557a0d2 feat: support TypeScript syntax in no-useless-constructor (#19535) (Josh Goldberg ✨)
  • 2357edd build: exclude autogenerated files from Prettier formatting (#19548) (Francesco Trotta)
  • 5405939 docs: show red underlines in TypeScript examples in rules docs (#19547) (Milos Djermanovic)
  • 48b53d6 docs: replace var with const in examples (#19539) (Nitin Kumar)
  • 0e20aa7 fix: move deprecated RuleContext methods to subtype (#19531) (Francesco Trotta)
  • 5228383 chore: fix update-readme formatting (#19544) (Milos Djermanovic)
  • c39d7db docs: Update README (GitHub Actions Bot)
  • a4f8760 docs: revert accidental changes (#19542) (Francesco Trotta)
  • 5439525 chore: format JSON files in Trunk (#19541) (Francesco Trotta)
  • 75adc99 chore: enabled Prettier in Trunk (#19354) (Josh Goldberg ✨)
  • 2395168 chore: added .git-blame-ignore-revs for Prettier via trunk fmt (#19538) (Josh Goldberg ✨)
  • 129882d chore: formatted files with Prettier via trunk fmt (#19355) (Josh Goldberg ✨)
  • 1738dbc chore: temporarily disable prettier in trunk (#19537) (Josh Goldberg ✨)
  • 8320241 feat: support TypeScript syntax in default-param-last (#19431) (Josh Goldberg ✨)
  • 280128f docs: add copy button (#19512) (xbinaryx)
  • 833c4a3 feat: defineConfig() supports "flat/" config prefix (#19533) (Nicholas C. Zakas)

... (truncated)

Commits
  • d49f5b7 9.24.0
  • 9b6ed8a Build: changelog update for 9.24.0
  • ef67420 chore: upgrade @​eslint/js@​9.24.0 (#19602)
  • 4946847 chore: package.json update for @​eslint/js release
  • f857820 docs: update documentation for --experimental-strip-types (#19594)
  • 803e4af docs: simplify gitignore path handling in includeIgnoreFile section (#19596)
  • 6d979cc docs: Update README
  • b23d1c5 fix: deduplicate variable names in no-loop-func error messages (#19595)
  • 556c25b feat: support loading TS config files using --experimental-strip-types (#19...
  • 82177e4 docs: Update README
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by eslintbot, a new releaser for eslint since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump js-yaml, @idearium/eslint-config and eslint
8a7d16d 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) to 4.2.0 and updates ancestor dependencies [js-yaml](https://github.com/nodeca/js-yaml), [@idearium/eslint-config](https://github.com/idearium/eslint-config-idearium) and [eslint](https://github.com/eslint/eslint). These dependencies need to be updated together.


Updates `js-yaml` from 3.14.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

Updates `@idearium/eslint-config` from 4.0.0 to 5.0.0
- [Changelog](https://github.com/idearium/eslint-config-idearium/blob/master/CHANGELOG.md)
- [Commits](https://github.com/idearium/eslint-config-idearium/commits)

Updates `eslint` from 7.31.0 to 9.24.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/v9.24.0/CHANGELOG.md)
- [Commits](eslint/eslint@v7.31.0...v9.24.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: indirect
- dependency-name: "@idearium/eslint-config"
  dependency-version: 5.0.0
  dependency-type: direct:development
- dependency-name: eslint
  dependency-version: 9.24.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants