[PR #166] [MERGED] Bump js-yaml from 3.12.0 to 3.13.1 #215

New issue

Closed

opened 2026-03-03 16:06:03 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 16:06:03 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/mthenw/frontail/pull/166
Author: @dependabot[bot]
Created: 6/4/2019
Status: ✅ Merged
Merged: 6/5/2019
Merged by: @mthenw

Base: master ← Head: dependabot/npm_and_yarn/js-yaml-3.13.1

---

📝 Commits (1)

• 3c74d30 Bump js-yaml from 3.12.0 to 3.13.1

📊 Changes

1 file changed (+4 additions, -4 deletions)

View changed files

📝 package-lock.json (+4 -4)

📄 Description

Bumps js-yaml from 3.12.0 to 3.13.1.

Changelog

Sourced from js-yaml's changelog.

3.13.1 / 2019-04-05

• Fix possible code execution in (already unsafe) .load(), #480.

3.13.0 / 2019-03-20

• Security fix: safeLoad() can hang when arrays with nested refs
  used as key. Now throws exception for nested arrays. #475.

3.12.2 / 2019-02-26

• Fix noArrayIndent option for root level, #468.

3.12.1 / 2019-01-05

• Added noArrayIndent option, #432.

Commits

• 665aadd 3.13.1 released
• da8ecf2 Browser files rebuild
• b2f9e88 Merge pull request #480 from nodeca/toString
• e18afbf Fix possible code execution in (already unsafe) load()
• 9d4ce5e 3.13.0 released
• f64c673 Browser files rebuild
• a567ef3 Restrict data types for object keys
• 59b6e76 Fix test name
• e4267fc 3.12.2 released
• 7231a49 Browser files rebuild
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/mthenw/frontail/pull/166 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 6/4/2019 **Status:** ✅ Merged **Merged:** 6/5/2019 **Merged by:** [@mthenw](https://github.com/mthenw) **Base:** `master` ← **Head:** `dependabot/npm_and_yarn/js-yaml-3.13.1` --- ### 📝 Commits (1) - [`3c74d30`](https://github.com/mthenw/frontail/commit/3c74d3004027c3122ed26b210ea46d94a1801972) Bump js-yaml from 3.12.0 to 3.13.1 ### 📊 Changes **1 file changed** (+4 additions, -4 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+4 -4) </details> ### 📄 Description Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.12.0 to 3.13.1. <details> <summary>Changelog</summary> *Sourced from [js-yaml's changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md).* > 3.13.1 / 2019-04-05 > ------------------- > > - Fix possible code execution in (already unsafe) `.load()`, [#480](https://github-redirect.dependabot.com/nodeca/js-yaml/issues/480). > > > 3.13.0 / 2019-03-20 > ------------------- > > - Security fix: `safeLoad()` can hang when arrays with nested refs > used as key. Now throws exception for nested arrays. [#475](https://github-redirect.dependabot.com/nodeca/js-yaml/issues/475). > > > 3.12.2 / 2019-02-26 > ------------------- > > - Fix `noArrayIndent` option for root level, [#468](https://github-redirect.dependabot.com/nodeca/js-yaml/issues/468). > > > 3.12.1 / 2019-01-05 > ------------------- > > - Added `noArrayIndent` option, [#432](https://github-redirect.dependabot.com/nodeca/js-yaml/issues/432). </details> <details> <summary>Commits</summary> - [`665aadd`](https://github.com/nodeca/js-yaml/commit/665aadda42349dcae869f12040d9b10ef18d12da) 3.13.1 released - [`da8ecf2`](https://github.com/nodeca/js-yaml/commit/da8ecf24b63d2307015e75ee8bd1da1977071e35) Browser files rebuild - [`b2f9e88`](https://github.com/nodeca/js-yaml/commit/b2f9e882397660da37c5c5bb92e8ccc7bb9eb668) Merge pull request [#480](https://github-redirect.dependabot.com/nodeca/js-yaml/issues/480) from nodeca/toString - [`e18afbf`](https://github.com/nodeca/js-yaml/commit/e18afbf1edcafb7add2c4c7b22abc8d6ebc2fa61) Fix possible code execution in (already unsafe) load() - [`9d4ce5e`](https://github.com/nodeca/js-yaml/commit/9d4ce5e2895365c943d2bdf7e7c8ac1be3ec51a3) 3.13.0 released - [`f64c673`](https://github.com/nodeca/js-yaml/commit/f64c6737dbe24d110f53152d142d01e64520a193) Browser files rebuild - [`a567ef3`](https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb01235) Restrict data types for object keys - [`59b6e76`](https://github.com/nodeca/js-yaml/commit/59b6e76b712350e9e6aad7773e7375a1de009cf9) Fix test name - [`e4267fc`](https://github.com/nodeca/js-yaml/commit/e4267fc733452d074a3e494fb5cab2a07c7e6b87) 3.12.2 released - [`7231a49`](https://github.com/nodeca/js-yaml/commit/7231a491788ecb289cee52e854574e7271c34350) Browser files rebuild - Additional commits viewable in [compare view](https://github.com/nodeca/js-yaml/compare/3.12.0...3.13.1) </details> <br /> [](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 16:06:03 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/npm_and_yarn/qs-6.5.3

dependabot/npm_and_yarn/socket.io-parser-4.0.5

dependabot/npm_and_yarn/jsdom-16.5.0

dependabot/npm_and_yarn/engine.io-4.1.2

dependabot/npm_and_yarn/path-parse-1.0.7

dependabot/npm_and_yarn/ws-5.2.3

dependabot/npm_and_yarn/hosted-git-info-2.8.9

v4.9.2

v4.9.1

v4.9.0

v4.8.0

v4.7.0

v4.6.0

v4.5.4

v4.5.3

v4.5.2

v4.5.1

v4.5.0

v4.4.0

v4.3.3

v4.3.2

v4.2.2

v4.2.1

4.2.0

v4.1.1

v4.1.0

v4.0.4

v4.0.3

4.0.2

v4.0.1

v4.0.0

v3.1.2

v3.1.1

v3.1.0

v3.0.0

v2.3.0

v2.2.1

v2.2.0

2.1.2

v2.1.1

v2.1.0

v2.0.0

v1.4.1

v1.4.0

v1.3.0

v1.2.1

v1.2.0

v1.1.0

v1.0.0

v0.7.0

v0.6.0

v0.5.0

v0.4.2

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.0

Labels

Clear labels   

accepted

  

bug

  

discussion

  

documentation

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

accepted

bug

discussion

documentation

enhancement

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/frontail#215

No description provided.