Skip to content

Bump js-yaml from 4.1.0 to 4.1.1 in /tools #7981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 13 commits into from
Closed

Bump js-yaml from 4.1.0 to 4.1.1 in /tools #7981

wants to merge 13 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 15, 2025

Bumps js-yaml from 4.1.0 to 4.1.1.

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

colinloretz and others added 13 commits November 7, 2025 09:17
@colinloretz
Docs Platform Migration (#7938)
1b1f1fe 
* Mintlify migration

* remove checklinks

* Remove old changelog format

* Added Next Gen Docs
@abe-discord
Fix darkmode code blocks (#7939)
6ee5967
@abe-discord
Fix code blocks in anchor links bumping up too high (#7944)
ad6d3a0
@abe-discord
Update how-activities-work.md (#7953)
d9ec137 
Fix the double header and weird nav title
@abe-discord
Fully hide assistant bar on mobile (#7954)
389a912
@spenhand @markmandel
[docs] Add bot token unmerge endpoint documentation (#7886)
f1c0962 
* Add bot token unmerge endpoint documentation

Document the new /provisional-accounts/unmerge/bot endpoint that allows unmerging provisional accounts using just the bot token and external_user_id, without requiring an external auth token. This ensures identities can always be removed even if the external auth token is no longer accessible.

* Review edit

Add "Tip" for being able to recover an account that's lost its auth
token due to data loss or error.

---------

Co-authored-by: Mark Mandel <[email protected]>
@abe-discord
Fix hiding assistant bar by specifying correct class (#7955)
9cfc842
@abe-discord
Fix headers by removing duplicate markdown files (#7965)
889b21c
@abe-discord
Revert "Fix headers by removing duplicate markdown files (#7965)" (#7968
45b226c 
)

This reverts commit 889b21c.
@abe-discord
Fix headers by removing duplicate markdown files (again) (#7969)
a007f67 
* Fix headers by removing duplicate markdown files

* Fix sidebar dropdowns having extra padding
@Paillat-dev
fix: Add ManualAnchor for `interaction-object-application-command-i…
a3561ce 
…nteraction-data-option-structure` (#7975)
@vakiliner
Document PinPermission (#7958)
81e6716
@dependabot
Bump js-yaml from 4.1.0 to 4.1.1 in /tools
99dde01 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 15, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 15, 2025 10:36
@dependabot dependabot bot requested review from markmandel and removed request for a team November 15, 2025 10:36
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 20, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/tools/js-yaml-4.1.1 branch November 20, 2025 23:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markmandel markmandel Awaiting requested review from markmandel markmandel is a code owner automatically assigned from discord/devrel

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@colinloretz @abe-discord @spenhand @Paillat-dev @vakiliner