Skip to content

Bump the actions group across 1 directory with 2 updates#535

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/actions-800da858a2
Closed

Bump the actions group across 1 directory with 2 updates#535
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/actions-800da858a2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions group with 2 updates in the / directory: js-yaml and @types/node.

Updates js-yaml from 4.2.0 to 5.1.0

Changelog

Sourced from js-yaml's changelog.

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.
  • Reduced the set of exported schemas:
    • YAML 1.2 schemas: CORE_SCHEMA (loader default), JSON_SCHEMA, FAILSAFE_SCHEMA.
    • YAML11_SCHEMA, a combination of all YAML 1.1 tags (YAML 1.1 does not specify a schema, only "types").
  • load/dump default behaviour is now specified exactly via schemas:
    • load uses CORE_SCHEMA, without !!merge by default.
    • dump uses YAML11_SCHEMA + CORE_SCHEMA for the quoting check, to guarantee backward compatibility by default.
  • !!set is now loaded as a JavaScript Set.
  • Replaced the Type API with a tags API. Similar, but more precise and simpler. See examples for details. Tags can be defined via defineScalarTag(), defineSequenceTag() and defineMappingTag(), or as a spread + override of an existing tag.
  • Renamed Schema.extend() to Schema.withTags().
  • Expanded YAML 1.2 conformance and improved handling of directives, document markers, block keys, multiline scalars, tag syntax and other things.
  • load() now throws on empty input instead of returning undefined.
  • Moved browser builds to the js-yaml/browser export.

... (truncated)

Commits
  • f1e45cd 5.1.0 released
  • 53b22be Fix constructor coverage
  • a1eaa2b Fix quote style options and restore forceQuotes
  • 0532e7d Add finalizers for immutable collection tags
  • 9f00b91 tests: drop the rest of issues tests, move a small fraction of useful checks ...
  • 6be5d46 tests: drop not actual or duplicating issue tests (covered in other places)
  • a7c9766 Fix !!pairs coverage
  • 75148bc 5.0.0 released
  • 704b25d Quote document markers followed by whitespace
  • 42dea28 Support complex !!pairs keys with realMapTag
  • Additional commits viewable in compare view

Updates @types/node from 25.9.3 to 26.0.0

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 22, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 22, 2026 22:14
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 22, 2026
@Tatsinnit Tatsinnit requested a review from Copilot June 23, 2026 06:33

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the project’s npm dependencies for the GitHub Action, bumping js-yaml and @types/node and refreshing the lockfile to match.

Changes:

  • Bump js-yaml from 4.2.0 to 5.1.0.
  • Bump @types/node from ^25.9.3 to ^26.0.0.
  • Update package-lock.json resolution details (including undici-types) consistent with the dependency bumps.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

File Description
package.json Updates js-yaml and @types/node versions.
package-lock.json Refreshes resolved versions/integrity metadata for the updated dependency set.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread package.json
Comment on lines +23 to 27
"js-yaml": "5.1.0",
"minimist": "^1.2.8"
},
"devDependencies": {
"@types/js-yaml": "^4.0.9",
Comment thread package.json
Comment on lines 27 to 30
"@types/js-yaml": "^4.0.9",
"@types/minimist": "^1.2.5",
"@types/node": "^25.9.3",
"@types/node": "^26.0.0",
"esbuild": "^0.28",

@bosesuneha bosesuneha left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@bosesuneha bosesuneha enabled auto-merge (squash) June 23, 2026 07:00
Bumps the actions group with 2 updates in the / directory: [js-yaml](https://github.com/nodeca/js-yaml) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `js-yaml` from 4.2.0 to 5.1.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.2.0...5.1.0)

Updates `@types/node` from 25.9.3 to 26.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 26.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: js-yaml
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the actions group with 2 updates Bump the actions group across 1 directory with 2 updates Jun 23, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/actions-800da858a2 branch from 26d1a41 to c392ac9 Compare June 23, 2026 07:02
@bosesuneha

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 29, 2026
auto-merge was automatically disabled June 29, 2026 22:13

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/actions-800da858a2 branch June 29, 2026 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants