chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates#231
Conversation
dependabot
Bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
@dependabot[bot] I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
![oz-for-oss[bot]](https://avatars.githubusercontent.com/in/3450139?s=60&v=4){kind=small}
There was a problem hiding this comment.
Overview
This PR updates the lockfile entries for js-yaml from 4.1.1 to 4.2.0 and tar from 7.5.11 to 7.5.16, along with npm lockfile metadata churn for peer dependency markers. The updated packages remain sourced from the npm registry with pinned integrity hashes, and the changes include security-relevant fixes upstream without introducing new dependency sources or broader version ranges.
Concerns
- No blocking correctness, documentation, spec-drift, or security concerns were found in the annotated diff.
Verdict
Found: 0 critical, 0 important, 0 suggestions
Approve
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
…dates Bumps the npm_and_yarn group with 2 updates in the / directory: [js-yaml](https://github.com/nodeca/js-yaml) and [tar](https://github.com/isaacs/node-tar). Updates `js-yaml` from 4.1.1 to 4.2.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.1...4.2.0) Updates `tar` from 7.5.11 to 7.5.17 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.11...v7.5.17) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: indirect - dependency-name: tar dependency-version: 7.5.16 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/npm_and_yarn-2dcc24fad2
branch
from
f736eda to
80e7afa
Compare
# Conflicts: # package-lock.json
hongyi-chen
left a comment
hongyi-chen
left a comment
There was a problem hiding this comment.
Verified locally: rebased onto latest main, preserved the group bump (js-yaml 4.2.0, tar 7.5.17) via the lockfile. Full npm run build passes (340 pages).
3 participants
Rebasing might not happen immediately, so don't worry if this takes some time.
Note: if you make any changes to this PR yourself, they will take precedence over the rebase.
Bumps the npm_and_yarn group with 2 updates in the / directory: js-yaml and tar.
Updates
js-yamlfrom 4.1.1 to 4.2.0Changelog
Sourced from js-yaml's changelog.
Commits
590dbab4.2.0 releasedf944dc5Add package.json funding fieldf692719Changelog update9971a06Fix digits in YAML named tag handles464a5b8Fix flow scalar trailing whitespace folding, close #3071fda4f7Tests for #567, #565031ad07Stop resolving numbers with underscores as numeric scalars, #627e46d223CI config update9023feeAdd lockfile990e6f4Docs updateUpdates
tarfrom 7.5.11 to 7.5.17Commits
9cbdb317.5.177a635c2terminate pax strings on nul bytescf213387.5.1621a8220do not apply PAX header fields to meta entries52632cfupdate project deps302f51ffix inconsequential typo in PENDINGLINKS symbol name55dbb99remove some uses of mutate-fs87cc3097.5.157aef486fix: regression in pending links detection6244eb37.5.14