Build(deps-dev): Bump the development-dependencies group across 1 directory with 2 updates by dependabot[bot] · Pull Request #42491 · twbs/bootstrap

dependabot · 2026-06-09T09:04:12Z

Bumps the development-dependencies group with 2 updates in the / directory: js-yaml and rollup.

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

[4.2.0] - 2026-06-01

Added

Added docs/safety.md with notes about processing untrusted YAML.

Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.

Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.

Added sourcemaps to dist/ builds.

Changed

Stop resolving numbers with underscores as numeric scalars, #627.

Switched dev toolchains to Vite / neostandard.

Updated demo.

Reorganized tests.

dist/ files are no longer kept in the repository.

Fixed

Fix parsing of properties on the first implicit block mapping key, #62.

Fix trailing whitespace handling when folding flow scalar lines, #307.

Reject top-level block scalars without content indentation, #280.

Ensure numbers survive round-trip, #737.

Fix test coverage for issue #221.

Fix flow scalar trailing whitespace folding, #307.

Fix digits in YAML named tag handles.

Security

Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

Backported v4.1.1 fix to v3

Commits

See full diff in compare view

Updates rollup from 4.60.4 to 4.61.0

Release notes

Sourced from rollup's releases.

v4.61.0

4.61.0

2026-06-01

Features

Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

#6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@lukastaegert)

#6378: fix(deps): update minor/patch updates (@renovate[bot])

#6379: chore(deps): update dependency lint-staged to v17 (@renovate[bot], @lukastaegert)

#6380: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6381: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6382: chore(deps): update dependency @types/node to ^20.19.41 (@renovate[bot])

#6386: fix(deps): update minor/patch updates (@renovate[bot])

#6387: chore(deps): update aws-actions/configure-aws-credentials action to v6 (@renovate[bot])

#6388: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6389: chore(deps): lock file maintenance (@renovate[bot])

#6391: Sort entry modules to make chunk hash names deterministic (@TrickyPi)

#6394: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6395: chore(deps): update react monorepo to v19 (@renovate[bot], @lukastaegert)

#6396: fix(deps): update rust crate swc_compiler_base to v57 (@renovate[bot], @lukastaegert)

#6397: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6400: docs: fix broken links (@jiyujie2006)

Changelog

Sourced from rollup's changelog.

4.61.0

2026-06-01

Features

Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

#6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@lukastaegert)

#6378: fix(deps): update minor/patch updates (@renovate[bot])

#6379: chore(deps): update dependency lint-staged to v17 (@renovate[bot], @lukastaegert)

#6380: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6381: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6382: chore(deps): update dependency @types/node to ^20.19.41 (@renovate[bot])

#6386: fix(deps): update minor/patch updates (@renovate[bot])

#6387: chore(deps): update aws-actions/configure-aws-credentials action to v6 (@renovate[bot])

#6388: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6389: chore(deps): lock file maintenance (@renovate[bot])

#6391: Sort entry modules to make chunk hash names deterministic (@TrickyPi)

#6394: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6395: chore(deps): update react monorepo to v19 (@renovate[bot], @lukastaegert)

#6396: fix(deps): update rust crate swc_compiler_base to v57 (@renovate[bot], @lukastaegert)

#6397: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

#6400: docs: fix broken links (@jiyujie2006)

Commits

765167f 4.61.0
0f547eb Sort entry modules to make chunk hash names deterministic (#6391)
5838787 docs: fix broken links (#6400)
cc0f51a chore(deps): update react monorepo to v19 (#6395)
dd30037 fix(deps): update rust crate swc_compiler_base to v57 (#6396)
cb86c3e chore(deps): lock file maintenance (#6397)
db2b6e0 fix(deps): update minor/patch updates (#6394)
c16e493 chore(deps): lock file maintenance (#6389)
65397f1 chore(deps): update aws-actions/configure-aws-credentials action to v6 (#6387)
6817778 fix(deps): update minor/patch updates (#6386)
Additional commits viewable in compare view

julien-deramond · 2026-06-09T19:47:09Z

@dependabot rebase

…ectory with 2 updates Bumps the development-dependencies group with 2 updates in the / directory: [js-yaml](https://github.com/nodeca/js-yaml) and [rollup](https://github.com/rollup/rollup). Updates `js-yaml` from 4.1.1 to 4.2.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/commits) Updates `rollup` from 4.60.4 to 4.61.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.4...v4.61.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: rollup dependency-version: 4.61.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the development-dependencies group with 2 updates in the / directory: [js-yaml](https://github.com/nodeca/js-yaml) and [rollup](https://github.com/rollup/rollup). Updates `js-yaml` from 4.1.1 to 4.2.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/commits) Updates `rollup` from 4.60.4 to 4.61.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.4...v4.61.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: rollup dependency-version: 4.61.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot Bot added dependencies v5 labels Jun 9, 2026

julien-deramond self-requested a review June 9, 2026 19:47

julien-deramond approved these changes Jun 9, 2026

View reviewed changes

dependabot Bot changed the title ~~Build(deps-dev): Bump the development-dependencies group with 2 updates~~ Build(deps-dev): Bump the development-dependencies group across 1 directory with 2 updates Jun 9, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/development-dependencies-6118126e71 branch from 52c6aa9 to 1110e58 Compare June 9, 2026 19:49

julien-deramond merged commit 45b505a into main Jun 9, 2026
9 checks passed

julien-deramond deleted the dependabot/npm_and_yarn/development-dependencies-6118126e71 branch June 9, 2026 20:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Build(deps-dev): Bump the development-dependencies group across 1 directory with 2 updates#42491

Build(deps-dev): Bump the development-dependencies group across 1 directory with 2 updates#42491
julien-deramond merged 1 commit into
mainfrom
dependabot/npm_and_yarn/development-dependencies-6118126e71

dependabot Bot commented on behalf of github Jun 9, 2026 •

edited

Loading

Uh oh!

julien-deramond commented Jun 9, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

[4.2.0] - 2026-06-01

Added

Changed

Fixed

Security

[3.14.2] - 2025-11-15

Security

v4.61.0

4.61.0

Features

Pull Requests

4.61.0

Features

Pull Requests

Uh oh!

julien-deramond commented Jun 9, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Jun 9, 2026 •

edited

Loading