Skip to content

Bump js-yaml to 4.2.0, apply npm audit fix, and add undici override for 0 vulnerabilities#943

Merged
HarithaVattikuti merged 5 commits into
mainfrom
dependabot/npm_and_yarn/js-yaml-4.2.0
Jul 6, 2026
Merged

Bump js-yaml to 4.2.0, apply npm audit fix, and add undici override for 0 vulnerabilities#943
HarithaVattikuti merged 5 commits into
mainfrom
dependabot/npm_and_yarn/js-yaml-4.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Summary

Bumps js-yaml from 4.1.1 to 4.2.0, applies npm audit fix, and adds a undici override to achieve 0 known vulnerabilities.

Changes

js-yaml 4.1.14.2.0

undici override

  • Pinned undici to 6.27.0 via overrides in package.json
  • Removes vulnerable undici@5.29.0 and consolidates to a single secure version
  • Removes obsolete @fastify/busboy dependency (no longer needed by undici@6)

npm audit fix

  • Applied npm audit fix — bumped transitive dev dependencies (@babel/*, browserslist, brace-expansion, etc.) to their latest safe versions
  • Removed obsolete license files for @fastify/busboy and old undici@6.25.0; added updated undici license file

Security

npm audit reports 0 vulnerabilities after these changes.

Dependabot compatibility score

Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.2.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 19, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 19, 2026 15:23
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 19, 2026
priya-kinthali
priya-kinthali previously approved these changes Jun 22, 2026
@chiranjib-swain chiranjib-swain dismissed stale reviews from priya-kinthali and themself via e7c2e4b July 1, 2026 04:22
@chiranjib-swain chiranjib-swain changed the title Bump js-yaml from 4.1.1 to 4.2.0 Bump js-yaml to 4.2.0, apply npm audit fix, and add undici override for 0 vulnerabilities Jul 2, 2026
@HarithaVattikuti HarithaVattikuti merged commit 53affe8 into main Jul 6, 2026
7 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/js-yaml-4.2.0 branch July 6, 2026 16:54
eleboucher pushed a commit to eleboucher/homelab that referenced this pull request Jul 9, 2026
…v6.1.0 ➔ v6.2.0) (#1478)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://github.com/actions/labeler](https://github.com/actions/labeler) | action | minor | `v6.1.0` → `v6.2.0` |

---

### Release Notes

<details>
<summary>actions/labeler (https://github.com/actions/labeler)</summary>

### [`v6.2.0`](https://github.com/actions/labeler/releases/tag/v6.2.0)

[Compare Source](actions/labeler@v6.1.0...v6.2.0)

#### What's Changed

##### Bug Fix

- Improve PR number validation and warning messages in input handling by [@&#8203;chiranjib-swain](https://github.com/chiranjib-swain) in [#&#8203;939](actions/labeler#939)

##### Dependency Updates

- Bump js-yaml to 4.2.0, apply npm audit fix, and add undici override  by [@&#8203;dependabot](https://github.com/dependabot) in [#&#8203;943](actions/labeler#943)
- Bump [@&#8203;typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/eslint-plugin) from 8.59.1 to 8.61.1 by [@&#8203;dependabot](https://github.com/dependabot) in [#&#8203;942](actions/labeler#942)

**Full Changelog**: <actions/labeler@v6.1.0...v6.2.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDEuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEwMS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9naXRodWItYWN0aW9uIiwidHlwZS9taW5vciJdfQ==-->

Reviewed-on: https://git.erwanleboucher.dev/eleboucher/homelab/pulls/1478
hbjydev pushed a commit to hbjydev/phoebe that referenced this pull request Jul 9, 2026
…v6.1.0 → v6.2.0) (#234)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://github.com/actions/labeler](https://github.com/actions/labeler) | action | minor | `v6.1.0` → `v6.2.0` |

---

### Release Notes

<details>
<summary>actions/labeler (https://github.com/actions/labeler)</summary>

### [`v6.2.0`](https://github.com/actions/labeler/releases/tag/v6.2.0)

[Compare Source](actions/labeler@v6.1.0...v6.2.0)

#### What's Changed

##### Bug Fix

- Improve PR number validation and warning messages in input handling by [@&#8203;chiranjib-swain](https://github.com/chiranjib-swain) in [#&#8203;939](actions/labeler#939)

##### Dependency Updates

- Bump js-yaml to 4.2.0, apply npm audit fix, and add undici override  by [@&#8203;dependabot](https://github.com/dependabot) in [#&#8203;943](actions/labeler#943)
- Bump [@&#8203;typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/eslint-plugin) from 8.59.1 to 8.61.1 by [@&#8203;dependabot](https://github.com/dependabot) in [#&#8203;942](actions/labeler#942)

**Full Changelog**: <actions/labeler@v6.1.0...v6.2.0>

</details>

---

### Configuration

📅 **Schedule**: (in timezone Europe/London)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9naXRodWItYWN0aW9uIiwidHlwZS9taW5vciJdfQ==-->

Reviewed-on: https://forgejo.hayden.moe/hayden/phoebe/pulls/234
doonga pushed a commit to greyrock-labs/home-ops that referenced this pull request Jul 9, 2026
…v6.1.0 ➔ v6.2.0) (#490)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://github.com/actions/labeler](https://github.com/actions/labeler) | action | minor | `v6.1.0` → `v6.2.0` |

---

### Release Notes

<details>
<summary>actions/labeler (https://github.com/actions/labeler)</summary>

### [`v6.2.0`](https://github.com/actions/labeler/releases/tag/v6.2.0)

[Compare Source](actions/labeler@v6.1.0...v6.2.0)

#### What's Changed

##### Bug Fix

- Improve PR number validation and warning messages in input handling by [@&#8203;chiranjib-swain](https://github.com/chiranjib-swain) in [#&#8203;939](actions/labeler#939)

##### Dependency Updates

- Bump js-yaml to 4.2.0, apply npm audit fix, and add undici override  by [@&#8203;dependabot](https://github.com/dependabot) in [#&#8203;943](actions/labeler#943)
- Bump [@&#8203;typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/eslint-plugin) from 8.59.1 to 8.61.1 by [@&#8203;dependabot](https://github.com/dependabot) in [#&#8203;942](actions/labeler#942)

**Full Changelog**: <actions/labeler@v6.1.0...v6.2.0>

</details>

---

### Configuration

📅 **Schedule**: (in timezone America/New_York)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNTIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjI1Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9naXRodWItYWN0aW9uIiwicmVub3ZhdGUvZ2l0aHViLXJlbGVhc2UiLCJ0eXBlL21pbm9yIl19-->

Reviewed-on: https://git.greyrock.io/greyrock-labs/home-ops/pulls/490
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants