Skip to content

Bump js-yaml from 4.1.0 to 4.1.1#36

Merged
neetogit-bot[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/js-yaml-4.1.1
Apr 17, 2026
Merged

Bump js-yaml from 4.1.0 to 4.1.1#36
neetogit-bot[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/js-yaml-4.1.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Nov 15, 2025
edited
Loading

Bumps js-yaml from 4.1.0 to 4.1.1.

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file patch javascript Pull requests that update javascript code labels Nov 15, 2025
@yedhink
Copy link
Copy Markdown

yedhink commented Apr 2, 2026

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/js-yaml-4.1.1 branch from 6d7efe5 to 942c41c Compare April 2, 2026 12:38
@neetogit-bot
Copy link
Copy Markdown

neetogit-bot Bot commented Apr 2, 2026

NeetoGit is monitoring this dependabot PR (js-yaml 4.1.0 → 4.1.1). Once CI completes, this PR will be auto-merged if all checks pass, or a reviewer will be assigned if CI fails.

This comment was auto-generated by NeetoGit.

@yedhink
Copy link
Copy Markdown

yedhink commented Apr 2, 2026

@dependabot recreate

@dependabot
Bump js-yaml from 4.1.0 to 4.1.1
234d13e 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/js-yaml-4.1.1 branch from 942c41c to 234d13e Compare April 2, 2026 12:45
@neetogit-bot
Copy link
Copy Markdown

neetogit-bot Bot commented Apr 2, 2026

NeetoGit is monitoring this dependabot PR (js-yaml 4.1.0 → 4.1.1). Once CI completes, this PR will be auto-merged if all checks pass, or a reviewer will be assigned if CI fails.

This comment was auto-generated by NeetoGit.

@neetogit-bot neetogit-bot Bot added the mergepr label Apr 2, 2026
@neeto-dev-bot neeto-dev-bot Bot added mergepr and removed mergepr labels Apr 17, 2026
@neetogit-bot neetogit-bot Bot merged commit 3ffd865 into main Apr 17, 2026
@neetogit-bot neetogit-bot Bot deleted the dependabot/npm_and_yarn/js-yaml-4.1.1 branch April 17, 2026 07:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code mergepr patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yedhink