Skip to content

Bump yaml from 1.9.2 to 1.10.3#3

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/yaml-1.10.3
Open

Bump yaml from 1.9.2 to 1.10.3#3
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/yaml-1.10.3

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 27, 2026

Bumps yaml from 1.9.2 to 1.10.3.

Release notes

Sourced from yaml's releases.

v1.10.2

  • prettier/prettier#10510

v1.10.1

This release backports the following non-breaking fixes made during the work on yaml@2 on top of yaml@1.10.0:

  • Support for __proto__ as mapping key & anchor identifier (#192)
  • Fix broken TS type for BigInt toggle
  • Dump long keys properly (#195)
  • When folding highly indented lines, require at least minContentWidth chars on the first line (#196)
  • Fix YAML.stringify() for certain null values (#197)
  • Do not break escaped chars with escaped newlines (#237, awslabs/cdk8s8)
  • Set type: "module" within browser/dist/ (#208)
  • Use CommonJS for the browser endpoints yaml/types & yaml/util (#208)
  • Always stringify non-Node object keys using explicit notation (#218)
  • Specify node type of Document.Parsed.contents (#221)
  • Add missing type for CST Node.rangeAsLinePos (#222)
  • Prefer literal over folded block scalar when lineWidth=0 is set (#232)
  • Allow for empty lines after node props (#242)
  • Update dev dependencies

v1.10.0

This will probably be the last minor release of yaml@1. I'm aiming to release yaml@2 within a few months; prereleases of that will be published using the next dist-tag on npm. Patch releases for 1.10 may still happen, if necessary.

New Features

  • Use Rollup for Node.js & browser builds (#165)
    • This removes most of the internal dist/ paths from the release. If you want/need to use a class or function that is no longer public, please file an issue and we can add it to the exports.
    • Drop dependency on @babel/runtime. After this, the package has 0 runtime dependencies. 🎉
    • Add exports { Alias, Collection, Merge, Node } to 'yaml/types'
  • Document Schema.createPair() & make its ctx arg optional (#157)
  • Always indent top-level scalars with lines starting with document markers or % directives (#162)
  • Use double-space when forcing top-level block scalar indent, for clarity (#162)
  • Add getNodes(): string[] method to Anchors (#166)
  • Refactor Jest config, adding tests for compiled dist/ endpoints
  • Rename & refactor source files. This should have no effect on the results, but lots of stuff moved around

Improved Errors & Warnings

  • Throw more helpful error when setting Pair.commentBefore incorrectly (#157)
  • Better errors for bad indents (#169)
  • Drop incorrect error for flow mapping keys with length > 1024 chars
  • Add errors for plain scalars that start with reserved indicators
  • Add more explicit errors for block scalar values with bad indents
  • Enable log prints during npm start debugging

Improved TypeScript declarations

  • Fix/simplify export mapping of 'yaml/types' and 'yaml/util'
  • Fix types, dropping AST.{AstNode,ScalarNode,CollectionNode} (#160)
  • Add missing toString() methods to AST nodes (#159)
  • Add directivesEndMarker to Document type (#167)

... (truncated)

Commits
  • cfe8f04 1.10.3
  • 7abcf45 fix: Catch stack overflow during CST composition
  • a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
  • a5e83b0 style: Apply updates Prettier rules
  • b8ddca0 chore: Refresh lockfile
  • 395f892 ci: Use a different (working) submodule checkout
  • 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
  • 4cdcde6 1.10.2
  • 7c0e083 Allow for unindented comment after node props (#242)
  • 8ef0157 1.10.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump yaml from 1.9.2 to 1.10.3
0dfda28 
Bumps [yaml](https://github.com/eemeli/yaml) from 1.9.2 to 1.10.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v1.9.2...v1.10.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 1.10.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants