Skip to content

build(deps): bump js-yaml from 4.2.0 to 5.2.0 in /storm-webapp#8855

Merged
rzo1 merged 3 commits into
masterfrom
dependabot/npm_and_yarn/storm-webapp/js-yaml-5.2.0
Jul 2, 2026
Merged

build(deps): bump js-yaml from 4.2.0 to 5.2.0 in /storm-webapp#8855
rzo1 merged 3 commits into
masterfrom
dependabot/npm_and_yarn/storm-webapp/js-yaml-5.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps js-yaml from 4.2.0 to 5.2.0.

Changelog

Sourced from js-yaml's changelog.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.
  • Reduced the set of exported schemas:
    • YAML 1.2 schemas: CORE_SCHEMA (loader default), JSON_SCHEMA, FAILSAFE_SCHEMA.
    • YAML11_SCHEMA, a combination of all YAML 1.1 tags (YAML 1.1 does not specify a schema, only "types").

... (truncated)

Commits
  • c28ed5e 5.2.0 released
  • 125cd5a Add maxAliases option
  • 3105455 Replace maxMergeSeqLengthoption with maxTotalMergeKeys (more robust)
  • 39d00d6 numbers: Drop boxed numbers support, simplify .identify() checks, clarify rou...
  • eb5cb5b fix: round-trip integers that stringify in exponential notation (#771)
  • 89024c4 Update migration info, close #770
  • f1e45cd 5.1.0 released
  • 53b22be Fix constructor coverage
  • a1eaa2b Fix quote style options and restore forceQuotes
  • 0532e7d Add finalizers for immutable collection tags
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026
@rzo1 rzo1 added this to the 3.0.0 milestone Jul 1, 2026
@rzo1

rzo1 commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/storm-webapp/js-yaml-5.2.0 branch from 227c9a8 to 9eddaf0 Compare July 1, 2026 11:25
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.2.0 to 5.2.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.2.0...5.2.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/storm-webapp/js-yaml-5.2.0 branch from 9eddaf0 to da91a64 Compare July 1, 2026 12:37
dependabot Bot and others added 2 commits July 1, 2026 15:45
Bumps `netty-tcnative.version` from 2.0.77.Final to 2.0.80.Final.

Updates `io.netty:netty-tcnative` from 2.0.77.Final to 2.0.80.Final
- [Release notes](https://github.com/netty/netty-tcnative/releases)
- [Commits](netty/netty-tcnative@netty-tcnative-parent-2.0.77.Final...netty-tcnative-parent-2.0.80.Final)

Updates `io.netty:netty-tcnative-boringssl-static` from 2.0.77.Final to 2.0.80.Final
- [Release notes](https://github.com/netty/netty-tcnative/releases)
- [Commits](netty/netty-tcnative@netty-tcnative-parent-2.0.77.Final...netty-tcnative-parent-2.0.80.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-tcnative
  dependency-version: 2.0.80.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-tcnative-boringssl-static
  dependency-version: 2.0.80.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
js-yaml 5.x changed load('') to throw a YAMLException ('expected a
document, but the input is empty') instead of returning undefined (see
js-yaml migrate_v4_to_v5). The Flux Topology Viewer calls
parseAndRender() on page load while the textarea holds only a comment
(# YAML Definition), so jsyaml.load() now throws before the existing
if(doc==null) guard, surfacing as an uncaught exception that fails the
cypress-e2e suite (flux-page.cy.js).

Wrap the load in try/catch and treat empty/comment-only or malformed
input as 'no document'. Also broaden cypress-tests.yml to run on 2.x so
this class of webapp regression is exercised there too (2.x already
shipped js-yaml 5.2.0 and carries the same latent bug).
@rzo1 rzo1 merged commit da2eeca into master Jul 2, 2026
13 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/storm-webapp/js-yaml-5.2.0 branch July 2, 2026 11:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant