Skip to content

Comments

Bump js-yaml, mocha, remark-cli and rewire#2

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-6abe89909f
Open

Bump js-yaml, mocha, remark-cli and rewire#2
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-6abe89909f

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 15, 2025

Bumps js-yaml to 4.1.1 and updates ancestor dependencies js-yaml, mocha, remark-cli and rewire. These dependencies need to be updated together.

Updates js-yaml from 3.14.1 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.
  • Added replacer option (similar to option in JSON.stringify), #339.
  • Custom Tag can now handle all tags or multiple tags with the same prefix, #385.

Fixed

... (truncated)

Commits

Updates mocha from 9.2.2 to 11.7.5

Release notes

Sourced from mocha's releases.

v11.7.5

11.7.5 (2025-11-04)

🩹 Fixes

  • swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

v11.7.4

11.7.4 (2025-10-01)

🩹 Fixes

📚 Documentation

  • migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

v11.7.3

11.7.3 (2025-09-30)

🩹 Fixes

  • use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

🤖 Automation

... (truncated)

Changelog

Sourced from mocha's changelog.

11.7.5 (2025-11-04)

🩹 Fixes

  • swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

11.7.4 (2025-10-01)

🩹 Fixes

📚 Documentation

  • migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

11.7.3 (2025-09-30)

🩹 Fixes

  • use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

🤖 Automation

  • deps: bump actions/setup-node in the github-actions group (#5459) (48c6f40)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.


Updates remark-cli from 9.0.0 to 12.0.1

Release notes

Sourced from remark-cli's releases.

remark-cli@12.0.1

  • a185821b Update internal import-meta-resolve

Full Changelog: https://github.com/remarkjs/remark/compare/remark-cli@12.0.0...remark-cli@12.0.1

remark-cli@12.0.0

(see 15.0.0)

remark-cli@11.0.0

  • 145019c4 Update unified-args breaking: remove support for Node 12 tiny chance of breaking: this adheres properly to YAML 1.2 tiny chance of breaking: this matches modern node in how to resolve plugins by @​remcohaszing in remarkjs/remark#1008

Full Changelog: https://github.com/remarkjs/remark/compare/14.0.2...remark-cli@11.0.0

remark-cli@10.0.1

See remark@14.0.2

Commits
  • 84a2c41 remark-cli: 12.0.1
  • 884e14d Fix build by downgrading Node
  • f9c1a41 Update Actions
  • 1d706ed Add remark-custom-header-id to list of plugins
  • a185821 cli: update import-meta-resolve
  • 95a6156 Update dev-dependencies
  • 6e0a70b Add remark-github-blockquote-alert to list of plugins
  • d0886dc Add remark-github-admonitions-to-directives to list of plugins
  • 618a9ad Add remark-hexo to list of plugins
  • 5017a27 15.0.1
  • Additional commits viewable in compare view

Updates rewire from 5.0.0 to 9.0.1

Release notes

Sourced from rewire's releases.

v9.0.1

  • Fix: Use pirates for proper load extensions install/uninstall handling #219

v9.0.0

  • Breaking: Update ESLint runtime dependency to v9 #218. This is most likely not a breaking change for rewire users but we can't know for certain.

v8.0.0

  • Breaking: Remove official Node v18 support. There is no known issue but our CI won't test against it anymore.
  • Fix Node v22 issues

v7.0.0

v6.0.0

  • Breaking: Remove Node v8 support. We had to do this because one of our dependencies had security issues and the version with the fix dropped Node v8 as well.
  • Update dependencies #193
  • Fix Modifying globals within module leaks to global with Node >=10 #167
  • Fixed import errors on modules with shebang declarations #179
Changelog

Sourced from rewire's changelog.

9.0.1

  • Fix: Use pirates for proper load extensions install/uninstall handling #219

9.0.0

  • Breaking: Update ESLint runtime dependency to v9 #218. This is most likely not a breaking change for rewire users but we can't know for certain.

8.0.0

  • Breaking: Remove official Node v18 support. There is no known issue but our CI won't test against it anymore.
  • Fix Node v22 issues

7.0.0

6.0.0

  • Breaking: Remove Node v8 support. We had to do this because one of our dependencies had security issues and the version with the fix dropped Node v8 as well.
  • Update dependencies #193
  • Fix Modifying globals within module leaks to global with Node >=10 #167
  • Fixed import errors on modules with shebang declarations #179
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump js-yaml, mocha, remark-cli and rewire
273dec9 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) to 4.1.1 and updates ancestor dependencies [js-yaml](https://github.com/nodeca/js-yaml), [mocha](https://github.com/mochajs/mocha), [remark-cli](https://github.com/remarkjs/remark) and [rewire](https://github.com/jhnns/rewire). These dependencies need to be updated together.


Updates `js-yaml` from 3.14.1 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...4.1.1)

Updates `mocha` from 9.2.2 to 11.7.5
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/v11.7.5/CHANGELOG.md)
- [Commits](mochajs/mocha@v9.2.2...v11.7.5)

Updates `remark-cli` from 9.0.0 to 12.0.1
- [Release notes](https://github.com/remarkjs/remark/releases)
- [Changelog](https://github.com/remarkjs/remark/blob/main/changelog.md)
- [Commits](https://github.com/remarkjs/remark/compare/remark-cli@9.0.0...remark-cli@12.0.1)

Updates `rewire` from 5.0.0 to 9.0.1
- [Release notes](https://github.com/jhnns/rewire/releases)
- [Changelog](https://github.com/jhnns/rewire/blob/master/CHANGELOG.md)
- [Commits](jhnns/rewire@v5.0.0...v9.0.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
- dependency-name: mocha
  dependency-version: 11.7.5
  dependency-type: direct:development
- dependency-name: remark-cli
  dependency-version: 12.0.1
  dependency-type: direct:development
- dependency-name: rewire
  dependency-version: 9.0.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants