Skip to content

build(deps): Bump yaml from 2.8.3 to 2.8.4#102

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/yaml-2.8.4
Open

build(deps): Bump yaml from 2.8.3 to 2.8.4#102
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/yaml-2.8.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026
edited
Loading

Bumps yaml from 2.8.3 to 2.8.4.

Release notes

Sourced from yaml's releases.

v2.8.4

  • Disable alias resolution with maxAliasCount:0 (#677)
  • Handle invalid unicode escapes (e1a1a77)
  • Apply minFractionDigits only to decimal strings (#676)
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 8, 2026
@dependabot dependabot Bot requested a review from jmcte as a code owner May 8, 2026 17:48
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 8, 2026
athena-omt
athena-omt previously approved these changes May 8, 2026
View reviewed changes
Copy link
Copy Markdown

@athena-omt athena-omt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. I verified the branch diff is limited to the yaml dependency bump and corresponding pnpm lockfile updates. The new yaml@2.8.4 package remains compatible with the repo's Node engine, and the PR's CI/status checks are green, including tests and runner contract checks. I do not see a correctness or merge-readiness blocker for this Dependabot patch update.

jmcte
jmcte previously approved these changes May 8, 2026
View reviewed changes
@jmcte jmcte enabled auto-merge (squash) May 8, 2026 20:36
@dependabot dependabot Bot dismissed stale reviews from jmcte and athena-omt via 20fc0d4 May 8, 2026 20:37
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/yaml-2.8.4 branch from aecde29 to 20fc0d4 Compare May 8, 2026 20:37
@dependabot
build(deps): Bump yaml from 2.8.3 to 2.8.4
a5a79ff 
Bumps [yaml](https://github.com/eemeli/yaml) from 2.8.3 to 2.8.4.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.3...v2.8.4)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 2.8.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/yaml-2.8.4 branch from 20fc0d4 to a5a79ff Compare May 8, 2026 20:38
athena-omt
athena-omt approved these changes May 8, 2026
View reviewed changes
Copy link
Copy Markdown

@athena-omt athena-omt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. I re-synced the worker worktree to the actual PR head (a5a79ffc) after noticing the local branch was stale, then compared it against current origin/main. The effective diff is limited to package.json and pnpm-lock.yaml, updating yaml to 2.8.4 and the associated lockfile peer-resolution strings. The package still supports this repo's Node range (>=14.6 upstream), and I do not see a correctness, scope, or architecture blocker. Live checks were still partly queued/in progress during review, so merge should still wait for required CI to finish green.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@athena-omt athena-omt athena-omt approved these changes

@jmcte jmcte jmcte left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jmcte @athena-omt