Skip to content

chore(deps): bump js-yaml from 4.1.0 to 4.1.1 in /workspaces/orchestrator #1913

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps): bump js-yaml from 4.1.0 to 4.1.1 in /workspaces/orchestrator #1913

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2025
edited
Loading

Bumps js-yaml from 4.1.0 to 4.1.1.

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 8, 2025
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 8, 2025
@rhdh-gh-app
Copy link

rhdh-gh-app bot commented Dec 8, 2025

Missing Changesets

The following package(s) are changed by this PR but do not have a changeset:

  • @red-hat-developer-hub/backstage-plugin-orchestrator-common
  • @red-hat-developer-hub/backstage-plugin-scaffolder-backend-module-orchestrator

See CONTRIBUTING.md for more information about how to add changesets.

Changed Packages

Package Name Package Path Changeset Bump Current Version
@red-hat-developer-hub/backstage-plugin-orchestrator-common workspaces/orchestrator/plugins/orchestrator-common none v3.3.0
@red-hat-developer-hub/backstage-plugin-scaffolder-backend-module-orchestrator workspaces/orchestrator/plugins/scaffolder-backend-module-orchestrator none v1.3.0

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/workspaces/orchestrator/js-yaml-4.1.1 branch from c8b3a2d to 425af47 Compare December 9, 2025 13:13
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/workspaces/orchestrator/js-yaml-4.1.1 branch from 425af47 to 9cfb253 Compare December 18, 2025 11:02
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 18, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 1, 2026

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

@github-actions github-actions bot added the stale label Jan 1, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/workspaces/orchestrator/js-yaml-4.1.1 branch from 9cfb253 to 64d7858 Compare January 5, 2026 13:18
@dependabot
chore(deps): bump js-yaml in /workspaces/orchestrator
69f3aef 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/workspaces/orchestrator/js-yaml-4.1.1 branch from 64d7858 to 69f3aef Compare January 5, 2026 13:19
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 5, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions github-actions bot removed the stale label Jan 5, 2026
@kim-tsao kim-tsao mentioned this pull request Jan 10, 2026
Merged
4 tasks
@kim-tsao
Copy link
Member

kim-tsao commented Jan 10, 2026

Will fix in #2031

@kim-tsao kim-tsao closed this Jan 10, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 10, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/workspaces/orchestrator/js-yaml-4.1.1 branch January 10, 2026 00:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@batzionb batzionb Awaiting requested review from batzionb batzionb is a code owner

@mareklibra mareklibra Awaiting requested review from mareklibra mareklibra is a code owner

@gciavarrini gciavarrini Awaiting requested review from gciavarrini gciavarrini is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kim-tsao