Bump js-yaml from 3.8.4 to 3.14.1#36
Closed
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.8.4 to 3.14.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[3.14.1] - 2020-12-07</h2> <h3>Security</h3> <ul> <li>Fix possible code execution in (already unsafe) <code>.load()</code> (in &anchor).</li> </ul> <h2>[3.14.0] - 2020-05-22</h2> <h3>Changed</h3> <ul> <li>Support <code>safe/loadAll(input, options)</code> variant of call.</li> <li>CI: drop outdated nodejs versions.</li> <li>Dev deps bump.</li> </ul> <h3>Fixed</h3> <ul> <li>Quote <code>=</code> in plain scalars <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/519">#519</a>.</li> <li>Check the node type for <code>!<?></code> tag in case user manually specifies it.</li> <li>Verify that there are no null-bytes in input.</li> <li>Fix wrong quote position when writing condensed flow, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/526">#526</a>.</li> </ul> <h2>[3.13.1] - 2019-04-05</h2> <h3>Security</h3> <ul> <li>Fix possible code execution in (already unsafe) <code>.load()</code>, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/480">#480</a>.</li> </ul> <h2>[3.13.0] - 2019-03-20</h2> <h3>Security</h3> <ul> <li>Security fix: <code>safeLoad()</code> can hang when arrays with nested refs used as key. Now throws exception for nested arrays. <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/475">#475</a>.</li> </ul> <h2>[3.12.2] - 2019-02-26</h2> <h3>Fixed</h3> <ul> <li>Fix <code>noArrayIndent</code> option for root level, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/468">#468</a>.</li> </ul> <h2>[3.12.1] - 2019-01-05</h2> <h3>Added</h3> <ul> <li>Added <code>noArrayIndent</code> option, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/432">#432</a>.</li> </ul> <h2>[3.12.0] - 2018-06-02</h2> <h3>Changed</h3> <ul> <li>Support arrow functions without a block statement, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/421">#421</a>.</li> </ul> <h2>[3.11.0] - 2018-03-05</h2> <h3>Added</h3> <ul> <li>Add arrow functions suport for <code>!!js/function</code>.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix dump in bin/octal/hex formats for negative integers, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/399">#399</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/37caaad57dc37d350d9a4577a5da53f482bb2983"><code>37caaad</code></a> 3.14.1 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/094c0f7a79e6ff9e2b4d50b22686d2586894b58f"><code>094c0f7</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/9586ebe23298427d26b3479979bd6499bf3a14c2"><code>9586ebe</code></a> Avoid calling hasOwnProperty of user-controlled objects</li> <li><a href="https://github.com/nodeca/js-yaml/commit/34e5072f43fd36b08aaaad433da73c10d47c41e5"><code>34e5072</code></a> 3.14.0 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/7b25c83a6dc77097c2bf14bf714e168f60ee199b"><code>7b25c83</code></a> Browser files rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/6f7347396867b8dcfc042722c2aae810dfe4caae"><code>6f73473</code></a> Dev deps bump</li> <li><a href="https://github.com/nodeca/js-yaml/commit/0c293491d903cddcd41b41c165bc45eeb9a8d720"><code>0c29349</code></a> Travis-CI: drop old nodejs versions</li> <li><a href="https://github.com/nodeca/js-yaml/commit/10be97ebbd588e68907e6c67e0b3843a4caab475"><code>10be97e</code></a> fix(loader): Add support for <code>safe/loadAll(input, options)</code></li> <li><a href="https://github.com/nodeca/js-yaml/commit/d6983dd4291849b2854e8d26e1beb302edfd4c76"><code>d6983dd</code></a> Fix issue <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/526">#526</a>: wrong quote position writing condensed flow (<a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/527">#527</a>)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/93fbf7d4ddecea60709c8379397247af28f11e10"><code>93fbf7d</code></a> fix issue 526 (wrong quote position writing condensed flow)</li> <li>Additional commits viewable in <a href="https://github.com/nodeca/js-yaml/compare/3.8.4...3.14.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/STRd6/jadelet/network/alerts). </details>
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by dependabot[bot] and has received 0 comments.
Add a comment
Comment form would go here