Skip to content

chore(deps-dev): bump js-yaml from 5.0.0 to 5.2.1#401

Merged
aidd-bot[bot] merged 1 commit into
nextfrom
dependabot/npm_and_yarn/next/js-yaml-5.2.1
Jul 7, 2026
Merged

chore(deps-dev): bump js-yaml from 5.0.0 to 5.2.1#401
aidd-bot[bot] merged 1 commit into
nextfrom
dependabot/npm_and_yarn/next/js-yaml-5.2.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps js-yaml from 5.0.0 to 5.2.1.

Changelog

Sourced from js-yaml's changelog.

[5.2.1] - 2026-07-02

Fixed

  • Add Map support to !!omap (should work when realMapTag used)

Security

  • Remove quadratic complexity from !!omap addItem. Regression from v5 (usually not critical, because YAML11_SCHEMA is not default anymore).

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.
Commits
  • ac16b42 5.2.1 released
  • 4a864e5 Deps bump
  • 39f3211 !!omap: add Map support and remove quadratic complexity
  • ff17f1e Changelog update
  • 8ed15f1 deps bump
  • 1a562dc Fix changelog link
  • c28ed5e 5.2.0 released
  • 125cd5a Add maxAliases option
  • 3105455 Replace maxMergeSeqLengthoption with maxTotalMergeKeys (more robust)
  • 39d00d6 numbers: Drop boxed numbers support, simplify .identify() checks, clarify rou...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.0.0 to 5.2.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.0.0...5.2.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@aidd-bot aidd-bot Bot enabled auto-merge (squash) July 6, 2026 20:55

@blafourcade blafourcade left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approving non-major dependabot update to unblock auto-merge.

@aidd-bot aidd-bot Bot merged commit 3a1d1bf into next Jul 7, 2026
7 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/next/js-yaml-5.2.1 branch July 7, 2026 04:34
aidd-bot Bot pushed a commit that referenced this pull request Jul 7, 2026
* ci(framework): stop release-please re-tagging aidd-ui (#394)

Remove the aidd-ui package from release-please-config.json. Its
release-as: 0.1.0-alpha.0 pin forced the same version on every run, so
any change touching aidd-ui made release-please retry the existing
aidd-ui-v0.1.0-alpha.0 tag and fail (Validation Failed: already_exists).
Dropping it from the config freezes aidd-ui at its current alpha while it
is still a scaffold; re-add it with proper prerelease handling when it is
ready to version.


Claude-Session: https://claude.ai/code/session_01WKWd6AVpdYSCmRZWQWAnRt

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* ci(framework): drop the aidd-ui release-as pin, keep it consistent (#395)

Restore the aidd-ui package block in release-please-config.json so it
matches the other seven plugins (package-name + extra-files), but
without the release-as: 0.1.0-alpha.0 pin. The pin forced the same
version every run, retrying the existing aidd-ui-v0.1.0-alpha.0 tag and
failing (already_exists). Supersedes the block removal in #394: aidd-ui
stays release-managed like its siblings; the next change bumps it to a
fresh version instead of colliding.


Claude-Session: https://claude.ai/code/session_01WKWd6AVpdYSCmRZWQWAnRt

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* refactor: remove per-skill README.md mirrors (#302) (#396)

* refactor: remove per-skill README.md mirrors, retarget to SKILL.md

Delete the 39 per-skill README.md files that mirrored their SKILL.md,
merge the genuinely-unique content from the 7 outlier READMEs into
SKILL.md (memory-bank-optional note, install prerequisite, experimental
status), retarget plugin-level README skill tables and CREATE_PLUGIN.md
to SKILL.md, and regenerate every plugin CATALOG.md.

Phase 1 of aidd_docs/tasks/2026_07/2026_07_06_remove-per-skill-readme.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: mark phase 2 done for remove-per-skill-readme plan

All verify-and-guard gates pass: check-markdown-links.js exits 0,
zero plugins/*/skills/*/README.md remain, every affected skill dir
still has SKILL.md, both asset READMEs and all plugin-level/framework
READMEs are intact, sync-readme-counts.mjs --check exits 0, no CATALOG
lists a per-skill README row, and 04-skill-generate scaffolds no
per-skill README.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: mark remove-per-skill-readme plan implemented

Both phases done and validation green (check-markdown-links.js and
sync-readme-counts.mjs --check both exit 0).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: mark remove-per-skill-readme plan reviewed

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* ci(deps): bump github/codeql-action/init from 4.36.2 to 4.36.3 (#398)

Bumps [github/codeql-action/init](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@8aad20d...54f647b)

---
updated-dependencies:
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump js-yaml from 5.0.0 to 5.2.1 (#401)

Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.0.0 to 5.2.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.0.0...5.2.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ci(deps): bump github/codeql-action/autobuild from 4.36.2 to 4.36.3 (#399)

Bumps [github/codeql-action/autobuild](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@8aad20d...54f647b)

---
updated-dependencies:
- dependency-name: github/codeql-action/autobuild
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ci(deps): bump github/codeql-action/analyze from 4.36.2 to 4.36.3 (#400)

Bumps [github/codeql-action/analyze](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@8aad20d...54f647b)

---
updated-dependencies:
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @commitlint/cli from 21.0.2 to 21.2.0

Bumps [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) from 21.0.2 to 21.2.0.
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.2.0/@commitlint/cli)

---
updated-dependencies:
- dependency-name: "@commitlint/cli"
  dependency-version: 21.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Baptiste LAFOURCADE <119650761+blafourcade@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
blafourcade pushed a commit that referenced this pull request Jul 10, 2026
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.0.0 to 5.2.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.0.0...5.2.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
blafourcade added a commit that referenced this pull request Jul 10, 2026
* ci(framework): stop release-please re-tagging aidd-ui (#394)

Remove the aidd-ui package from release-please-config.json. Its
release-as: 0.1.0-alpha.0 pin forced the same version on every run, so
any change touching aidd-ui made release-please retry the existing
aidd-ui-v0.1.0-alpha.0 tag and fail (Validation Failed: already_exists).
Dropping it from the config freezes aidd-ui at its current alpha while it
is still a scaffold; re-add it with proper prerelease handling when it is
ready to version.


Claude-Session: https://claude.ai/code/session_01WKWd6AVpdYSCmRZWQWAnRt

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* ci(framework): drop the aidd-ui release-as pin, keep it consistent (#395)

Restore the aidd-ui package block in release-please-config.json so it
matches the other seven plugins (package-name + extra-files), but
without the release-as: 0.1.0-alpha.0 pin. The pin forced the same
version every run, retrying the existing aidd-ui-v0.1.0-alpha.0 tag and
failing (already_exists). Supersedes the block removal in #394: aidd-ui
stays release-managed like its siblings; the next change bumps it to a
fresh version instead of colliding.


Claude-Session: https://claude.ai/code/session_01WKWd6AVpdYSCmRZWQWAnRt

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* refactor: remove per-skill README.md mirrors (#302) (#396)

* refactor: remove per-skill README.md mirrors, retarget to SKILL.md

Delete the 39 per-skill README.md files that mirrored their SKILL.md,
merge the genuinely-unique content from the 7 outlier READMEs into
SKILL.md (memory-bank-optional note, install prerequisite, experimental
status), retarget plugin-level README skill tables and CREATE_PLUGIN.md
to SKILL.md, and regenerate every plugin CATALOG.md.

Phase 1 of aidd_docs/tasks/2026_07/2026_07_06_remove-per-skill-readme.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: mark phase 2 done for remove-per-skill-readme plan

All verify-and-guard gates pass: check-markdown-links.js exits 0,
zero plugins/*/skills/*/README.md remain, every affected skill dir
still has SKILL.md, both asset READMEs and all plugin-level/framework
READMEs are intact, sync-readme-counts.mjs --check exits 0, no CATALOG
lists a per-skill README row, and 04-skill-generate scaffolds no
per-skill README.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: mark remove-per-skill-readme plan implemented

Both phases done and validation green (check-markdown-links.js and
sync-readme-counts.mjs --check both exit 0).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: mark remove-per-skill-readme plan reviewed

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* ci(deps): bump github/codeql-action/init from 4.36.2 to 4.36.3 (#398)

Bumps [github/codeql-action/init](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@8aad20d...54f647b)

---
updated-dependencies:
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump js-yaml from 5.0.0 to 5.2.1 (#401)

Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.0.0 to 5.2.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.0.0...5.2.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ci(deps): bump github/codeql-action/autobuild from 4.36.2 to 4.36.3 (#399)

Bumps [github/codeql-action/autobuild](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@8aad20d...54f647b)

---
updated-dependencies:
- dependency-name: github/codeql-action/autobuild
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ci(deps): bump github/codeql-action/analyze from 4.36.2 to 4.36.3 (#400)

Bumps [github/codeql-action/analyze](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@8aad20d...54f647b)

---
updated-dependencies:
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @commitlint/cli from 21.0.2 to 21.2.0

Bumps [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) from 21.0.2 to 21.2.0.
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.2.0/@commitlint/cli)

---
updated-dependencies:
- dependency-name: "@commitlint/cli"
  dependency-version: 21.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Baptiste LAFOURCADE <119650761+blafourcade@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@aidd-bot aidd-bot Bot mentioned this pull request Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant