Skip to content

Bump js-yaml #194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump js-yaml #194

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 17, 2025

Bumps js-yaml to 4.1.1 and updates ancestor dependency . These dependencies need to be updated together.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump js-yaml
1ee2318 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) to 4.1.1 and updates ancestor dependency . These dependencies need to be updated together.


Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: direct:development
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 17, 2025
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Nov 17, 2025
@github-actions
Copy link

github-actions bot commented Nov 17, 2025

GraalVM Native Image Build Report

helloworld generated in 43.1s as part of the 'test-action-native-image-musl' job in run #297.

Environment

Java version 21.0.9+7-LTS Vendor version Oracle GraalVM 21.0.9+7.1
Graal compiler optimization level: 2, target machine: x86-64-v3, PGO: ML-inferred
C compiler x86_64-linux-musl-gcc (linux, x86_64, 10.3.0)
Garbage collector G1 GC

Analysis Results

Category Types in % Fields in % Methods in %
Reachable 2,029 60.083% 1,896 44.940% 8,293 34.997%
Reflection 732 21.676% 37 0.877% 287 1.211%
JNI 49 1.451% 33 0.782% 48 0.203%
Loaded 3,377 100.000% 4,219 100.000% 23,696 100.000%

Image Details

Category Size in % Details
Code area 3.35MB 33.949% 3,823 compilation units
Image heap 3.64MB 36.884% 52,355 objects, 120.00B for 29 resources
Other data 2.88MB 29.167%
Total 9.88MB 100.000%

Resource Usage

Garbage collection 2.29s (5.324% of total time) in 344 GCs
Peak RSS 746.17MB (4.665% of 15.62GB system memory)
CPU load 3.563 (89.079% of 4 CPU cores)

Report generated by setup-graalvm.

@github-actions
Copy link

github-actions bot commented Nov 17, 2025

GraalVM Native Image Build Report

helloworld generated in 53.0s as part of the 'test-action-native-image-musl' job in run #297.

Environment

Java version 25.0.1+8-LTS Vendor version Oracle GraalVM 25.0.1+8.1
Graal compiler optimization level: 2, target machine: x86-64-v3, PGO: ML-inferred
C compiler x86_64-linux-musl-gcc (linux, x86_64, 10.3.0)
Garbage collector G1 GC

Analysis Results

Category Types in % Fields in % Methods in %
Reachable 2,043 55.820% 1,840 36.508% 8,211 32.707%
Reflection 753 20.574% 35 0.694% 284 1.131%
JNI 49 1.339% 35 0.694% 48 0.191%
Loaded 3,660 100.000% 5,040 100.000% 25,105 100.000%

Image Details

Category Size in % Details
Code area 3.13MB 30.729% 3,831 compilation units
Image heap 4.11MB 40.327% 59,283 objects, 0.00B for 52 resources
Other data 2.95MB 28.945%
Total 10.18MB 100.000%

Resource Usage

Garbage collection 2.15s (4.064% of total time) in 443 GCs
Peak RSS 995.95MB (6.226% of 15.62GB system memory)
CPU load 3.669 (91.716% of 4 CPU cores)

Report generated by setup-graalvm.

@github-actions
Copy link

github-actions bot commented Nov 17, 2025

GraalVM Native Image Build Report

helloworld generated in 51.1s as part of the 'test-action-native-image-windows-msvc' job in run #297.

Environment

Java version 17.0.12+8-LTS Vendor version Oracle GraalVM 17.0.12+8.1
Graal compiler optimization level: 2, target machine: x86-64-v3, PGO: ML-inferred
C compiler cl.exe (microsoft, x64, 19.44.35219)
Garbage collector Serial GC

Analysis Results

Category Types in % Fields in % Methods in %
Reachable 1,809 59.311% 1,684 45.587% 7,635 35.820%
Reflection 618 20.262% 0 0.000% 282 1.323%
JNI 53 1.738% 30 0.812% 48 0.225%
Loaded 3,050 100.000% 3,694 100.000% 21,315 100.000%

Image Details

Category Size in % Details
Code area 2.77MB 43.931% 3,464 compilation units
Image heap 3.45MB 54.709% 48,653 objects, 108.00B for 1 resources
Other data 87.84KB 1.361%
Total 6.30MB 100.000%

Resource Usage

Garbage collection 1.64s (3.211% of total time) in 125 GCs
Peak RSS 973.97MB (5.945% of 16.00GB system memory)
CPU load 3.209 (80.235% of 4 CPU cores)

Report generated by setup-graalvm.

@github-actions
Copy link

github-actions bot commented Nov 17, 2025

GraalVM Native Image Build Report

helloworld generated in 46.0s as part of the 'test-action-extensive' job in run #297.

Environment

Java version 17.0.8+9-LTS Vendor version Oracle GraalVM 17.0.8+9.1
Graal compiler optimization level: 2, target machine: x86-64-v3, PGO: ML-inferred
C compiler gcc (linux, x86_64, 13.3.0)
Garbage collector Serial GC

Analysis Results

Category Types in % Fields in % Methods in %
Reachable 1,853 59.145% 1,737 46.369% 7,712 35.613%
Reflection 638 20.364% 0 0.000% 281 1.298%
JNI 49 1.564% 32 0.854% 48 0.222%
Loaded 3,133 100.000% 3,746 100.000% 21,655 100.000%

Image Details

Category Size in % Details
Code area 2.75MB 23.178% 3,484 compilation units
Image heap 3.46MB 29.167% 48,932 objects, 108.00B for 1 resources
Debug info 5.33MB 44.900%
Other data 335.21KB 2.756%
Total 11.88MB 100.000%

Resource Usage

Garbage collection 2.02s (4.402% of total time) in 198 GCs
Peak RSS 994.77MB (6.219% of 15.62GB system memory)
CPU load 3.615 (90.372% of 4 CPU cores)

Report generated by setup-graalvm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants