Skip to content

Bump js-yaml from 4.1.0 to 4.1.1#38

Merged
marcos-iov merged 1 commit intomasterfrom
dependabot/npm_and_yarn/js-yaml-4.1.1
Apr 14, 2026
Merged

Bump js-yaml from 4.1.0 to 4.1.1#38
marcos-iov merged 1 commit intomasterfrom
dependabot/npm_and_yarn/js-yaml-4.1.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Nov 15, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps js-yaml from 4.1.0 to 4.1.1.

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 15, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 15, 2025 11:09
@dependabot dependabot bot added the javascript Pull requests that update javascript code label Nov 15, 2025
@github-actions
Copy link
Copy Markdown

github-actions bot commented Nov 15, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 3b7f9be.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/js-yaml 4.1.1 🟢 3.8
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 4security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • package-lock.json

@marcos-iov
Copy link
Copy Markdown
Contributor

marcos-iov commented Apr 14, 2026

@dependabot rebase

@dependabot
Bump js-yaml from 4.1.0 to 4.1.1
3b7f9be 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-4.1.1 branch from 21c4ed0 to 3b7f9be Compare April 14, 2026 13:44
@marcos-iov marcos-iov merged commit 770d48a into master Apr 14, 2026
4 checks passed
@marcos-iov marcos-iov deleted the dependabot/npm_and_yarn/js-yaml-4.1.1 branch April 14, 2026 13:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcos-iov marcos-iov marcos-iov approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcos-iov