BuilderIO
chore(deps): bump js-yaml in /examples/angular-universal
Bumps and js-yaml. These dependencies needed to be updated together.
Updates js-yaml from 3.14.0 to 3.14.2
Changelog
Sourced from js-yaml's changelog.
[3.14.2] - 2025-11-15
Security
- Backported v4.1.1 fix to v3
[4.1.1] - 2025-11-12
Security
- Fix prototype pollution issue in yaml merge (<<) operator.
[4.1.0] - 2021-04-15
Added
- Types are now exported as
yaml.types.XXX.- Every type now has
optionsproperty with original arguments kept as they were (seeyaml.types.int.optionsas an example).Changed
Schema.extend()now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered asabcdinstead ofcbad).[4.0.0] - 2021-01-03
Changed
- Check migration guide to see details for all breaking changes.
- Breaking: "unsafe" tags
!!js/function,!!js/regexp,!!js/undefinedare moved to js-yaml-js-types package.- Breaking: removed
safe*functions. Useload,loadAll,dumpinstead which are all now safe by default.yaml.DEFAULT_SAFE_SCHEMAandyaml.DEFAULT_FULL_SCHEMAare removed, useyaml.DEFAULT_SCHEMAinstead.yaml.Schema.create(schema, tags)is removed, useschema.extend(tags)instead.!!binarynow always mapped toUint8Arrayon load.- Reduced nesting of
/libfolder.- Parse numbers according to YAML 1.2 instead of YAML 1.1 (
01234is now decimal,0o1234is octal,1:23is parsed as string instead of base60).dump()no longer quotes:,[,],(,)except when necessary, #470, #557.- Line and column in exceptions are now formatted as
(X:Y)instead ofat line X, column Y(also present in compact format), #332.- Code snippet created in exceptions now contains multiple lines with line numbers.
dump()now serializesundefinedasnullin collections and removes keys withundefinedin mappings, #571.dump()withskipInvalid=truenow serializes invalid items in collections as null.- Custom tags starting with
!are now dumped as!taginstead of!<!tag>, #576.- Custom tags starting with
tag:yaml.org,2002:are now shorthanded using!!, #258.Added
... (truncated)
Commits
Updates js-yaml from 4.1.0 to 4.1.1
Changelog
Sourced from js-yaml's changelog.
[3.14.2] - 2025-11-15
Security
- Backported v4.1.1 fix to v3
[4.1.1] - 2025-11-12
Security
- Fix prototype pollution issue in yaml merge (<<) operator.
[4.1.0] - 2021-04-15
Added
- Types are now exported as
yaml.types.XXX.- Every type now has
optionsproperty with original arguments kept as they were (seeyaml.types.int.optionsas an example).Changed
Schema.extend()now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered asabcdinstead ofcbad).[4.0.0] - 2021-01-03
Changed
- Check migration guide to see details for all breaking changes.
- Breaking: "unsafe" tags
!!js/function,!!js/regexp,!!js/undefinedare moved to js-yaml-js-types package.- Breaking: removed
safe*functions. Useload,loadAll,dumpinstead which are all now safe by default.yaml.DEFAULT_SAFE_SCHEMAandyaml.DEFAULT_FULL_SCHEMAare removed, useyaml.DEFAULT_SCHEMAinstead.yaml.Schema.create(schema, tags)is removed, useschema.extend(tags)instead.!!binarynow always mapped toUint8Arrayon load.- Reduced nesting of
/libfolder.- Parse numbers according to YAML 1.2 instead of YAML 1.1 (
01234is now decimal,0o1234is octal,1:23is parsed as string instead of base60).dump()no longer quotes:,[,],(,)except when necessary, #470, #557.- Line and column in exceptions are now formatted as
(X:Y)instead ofat line X, column Y(also present in compact format), #332.- Code snippet created in exceptions now contains multiple lines with line numbers.
dump()now serializesundefinedasnullin collections and removes keys withundefinedin mappings, #571.dump()withskipInvalid=truenow serializes invalid items in collections as null.- Custom tags starting with
!are now dumped as!taginstead of!<!tag>, #576.- Custom tags starting with
tag:yaml.org,2002:are now shorthanded using!!, #258.Added
... (truncated)
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
[!NOTE] Update
js-yamllockfile entries to latest patch versions (3.14.2 and 4.1.1) inexamples/angular-universal.
- Dependencies:
- Bump
js-yamlinexamples/angular-universal/package-lock.json:
- Root/flat entries:
3.14.0→3.14.2.- Transitive entries (e.g., under
postcss-loader):4.1.0→4.1.1.Written by Cursor Bugbot for commit a0849d01b1114b6c2bb940bdd894c76c6fb6c40e. This will update automatically on new commits. Configure here.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
⚠️ No Changeset found
Latest commit: a0849d01b1114b6c2bb940bdd894c76c6fb6c40e
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
This PR includes no changesets
When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
![changeset-bot[bot] avatar](https://avatars.githubusercontent.com/in/28616?v=4 "Published by a pub.dev verified publisher"){kind=small}
🤖 Nx Cloud AI Fix Eligible
An automatically generated fix could have helped fix failing tasks for this run, but Self-healing CI is disabled for this workspace. Visit workspace settings to enable it and get automatic fixes in future runs.
To disable these notifications, a workspace admin can disable them in workspace settings.
View your CI Pipeline Execution ↗ for commit a0849d01b1114b6c2bb940bdd894c76c6fb6c40e
| Command | Status | Duration | Result |
|---|---|---|---|
nx test @snippet/react-sdk-next-14-app |
❌ Failed | 7m 15s | View ↗ |
nx test @snippet/qwik-city |
❌ Failed | 7m 23s | View ↗ |
nx test @snippet/react-sdk-next-pages |
❌ Failed | 7m 3s | View ↗ |
nx test @snippet/sveltekit |
❌ Failed | 7m 3s | View ↗ |
nx test @snippet/nuxt |
❌ Failed | 2m 25s | View ↗ |
nx test @e2e/qwik-city |
✅ Succeeded | 7m 12s | View ↗ |
nx test @e2e/nextjs-sdk-next-app |
✅ Succeeded | 6m 43s | View ↗ |
nx test @e2e/angular-17 |
✅ Succeeded | 6m 23s | View ↗ |
Additional runs (37) |
✅ Succeeded | ... | View ↗ |
☁️ Nx Cloud last updated this comment at 2025-11-18 19:29:10 UTC
![nx-cloud[bot] avatar](https://avatars.githubusercontent.com/in/80458?v=4 "Published by a pub.dev verified publisher"){kind=small}