Skip to content

fix(deps): bump the npm_and_yarn group across 2 directories with 7 updates#3519

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/docs/site/npm_and_yarn-dafe336c3c
Closed

fix(deps): bump the npm_and_yarn group across 2 directories with 7 updates#3519
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/docs/site/npm_and_yarn-dafe336c3c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 3 updates in the /docs/site directory: js-yaml, markdown-it and postcss.
Bumps the npm_and_yarn group with 2 updates in the /scripts/cache-inference directory: js-yaml and brace-expansion.

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added a loader option limiting merge sequence length. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates markdown-it from 14.1.1 to 14.2.0

Changelog

Sourced from markdown-it's changelog.

[14.2.0] - 2026-05-24

Added

  • isPunctCharCode to utilities.

Fixed

  • Don't end HTML comment blocks on a blank line, #1155.
  • Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
  • Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
  • More strict entities decode to avoid false positives ;, #1096.
  • Restore block parser state on fail in lheading rule, #1131.

Security

  • Fixed poor smartquotes perfomance on > 70k quotes in single block
  • Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.
Commits

Updates postcss from 8.5.6 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Changelog

Sourced from postcss's changelog.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Commits

Updates linkify-it from 5.0.0 to 5.0.2

Changelog

Sourced from linkify-it's changelog.

5.0.2 / 2026-07-02

  • Fixed DoS in mailto: links (restrict user name to 64 chars).
  • Restricted user/pass part length in links.

5.0.1 / 2026-05-23

  • Fixed DoS in fuzzy links/emails search.
  • Reworked search logic - check each pattern separate, use g regexes instead of slice.
  • Removed internal cache - useless overcomplication.
Commits

Updates yaml from 1.10.2 to 1.10.3

Commits
  • cfe8f04 1.10.3
  • 7abcf45 fix: Catch stack overflow during CST composition
  • a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
  • a5e83b0 style: Apply updates Prettier rules
  • b8ddca0 chore: Refresh lockfile
  • 395f892 ci: Use a different (working) submodule checkout
  • 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
  • See full diff in compare view

Updates js-yaml from 4.1.1 to 4.3.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added a loader option limiting merge sequence length. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates brace-expansion from 1.1.12 to 1.1.15

Release notes

Sourced from brace-expansion's releases.

v1.1.15

  • Backport v5.0.6 change to v1 (#111) 0b09384

juliangruber/brace-expansion@v1.1.14...v1.1.15

Commits

Updates picomatch from 2.3.1 to 4.0.5

Release notes

Sourced from picomatch's releases.

4.0.5

What's Changed

New Contributors

Full Changelog: micromatch/picomatch@4.0.4...4.0.5

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

4.0.3

What's Changed

New Contributors

Full Changelog: micromatch/picomatch@4.0.2...4.0.3

3.0.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@3.0.1...3.0.2

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits
  • 4f41a8e 4.0.5
  • 02cfc1b Update .verb.md and run verb to generate README documentation
  • cc52ff6 Only run the upload code coverage step for 1 matrix permutation
  • 6d426d7 Allow workflow to continue if the code coverage step to fails
  • a00b954 Merge branch 'codeql-coverage'
  • 9680381 Merge pull request #183 from MerlijnW70/fix/matchbase-windows-basename
  • 648b4f2 Merge pull request #182 from MerlijnW70/fix/repeated-extglob-drops-branches
  • 70e6485 Configure code coverage upload for CodeQL
  • ab8bc4d fix: honor the windows option when matching basenames
  • 6289307 fix: preserve all branches when rewriting risky repeated extglobs
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

…dates

Bumps the npm_and_yarn group with 3 updates in the /docs/site directory: [js-yaml](https://github.com/nodeca/js-yaml), [markdown-it](https://github.com/markdown-it/markdown-it) and [postcss](https://github.com/postcss/postcss).
Bumps the npm_and_yarn group with 2 updates in the /scripts/cache-inference directory: [js-yaml](https://github.com/nodeca/js-yaml) and [brace-expansion](https://github.com/juliangruber/brace-expansion).


Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.2.0)

Updates `markdown-it` from 14.1.1 to 14.2.0
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@14.1.1...14.2.0)

Updates `postcss` from 8.5.6 to 8.5.10
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.6...8.5.10)

Updates `linkify-it` from 5.0.0 to 5.0.2
- [Changelog](https://github.com/markdown-it/linkify-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/linkify-it@5.0.0...5.0.2)

Updates `yaml` from 1.10.2 to 1.10.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v1.10.2...v1.10.3)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.2.0)

Updates `brace-expansion` from 1.1.12 to 1.1.15
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.15)

Updates `picomatch` from 2.3.1 to 4.0.5
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...4.0.5)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: markdown-it
  dependency-version: 14.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: linkify-it
  dependency-version: 5.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 1.10.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.15
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 4.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests related to dependencies javascript Pull requests that update javascript code labels Jul 7, 2026
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor
PR Preview Action v1.8.1
Preview removed because the pull request was closed.
2026-07-08 21:07 UTC

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

📋 afdocs check results

URL: https://MystenLabs.github.io/walrus/pr-preview/pr-3519/

Running checks on mystenlabs.github.io/walrus/pr-preview/pr-3519/...

Agent-Friendly Docs Check: https://MystenLabs.github.io/walrus/pr-preview/pr-3519/
Timestamp: 7/7/2026, 7:49:09 PM

content-discoverability
  ✓ llms-txt-exists: llms.txt found at https://MystenLabs.github.io/walrus/pr-preview/pr-3519/llms.txt
  ✓ llms-txt-valid: llms.txt follows the proposed structure (H1, blockquote, heading-delimited link sections)
  ⚠ llms-txt-size: llms.txt is 57,966 characters (between 50,000 and 100,000; consider splitting)
      Learn more: https://agentdocsspec.com/spec/#llms-txt-size
  ○ llms-txt-links-resolve: llms.txt contains 169 links, but none are under /walrus/pr-preview/pr-3519
  ○ llms-txt-links-markdown: llms.txt contains 169 links, but none are under /walrus/pr-preview/pr-3519
  ✓ llms-txt-directive-html: llms.txt directive found in HTML of all 176 pages, near the top of content
  ✗ llms-txt-directive-md: Could not fetch markdown for any of 176 pages; 176 had no markdown version
      Learn more: https://agentdocsspec.com/spec/#llms-txt-directive-md

markdown-availability
  ✗ markdown-url-support: No pages support .md URLs (0/176 tested)
      Learn more: https://agentdocsspec.com/spec/#markdown-url-support
  ✗ content-negotiation: Server ignores Accept: text/markdown header (0/176 pages return markdown)
      Learn more: https://agentdocsspec.com/spec/#content-negotiation

page-size
  ✓ rendering-strategy: All 176 pages contain server-rendered content
  ○ page-size-markdown: Skipped: dependency check did not pass
  ✓ page-size-html: All 176 pages under 50K chars (median 42K HTML → 9K markdown (80% boilerplate))
  ✗ content-start-position: 26 of 176 pages have content starting past 50% (worst 74%)
      Learn more: https://agentdocsspec.com/spec/#content-start-position

content-structure
  ✓ tabbed-content-serialization: 53 tab group(s) across 30 of 176 pages; all serialize under 50K chars
  ✓ section-header-quality: 2 page(s) with tab headers checked; headers include variant context
  ✓ markdown-code-fence-validity: All 0 code fences properly closed across 1 pages

url-stability
  ✓ http-status-codes: All 176 pages return proper error codes for bad URLs
  ✓ redirect-behavior: No redirects detected across 176 pages

observability
  ✗ llms-txt-coverage: llms.txt covers 0/168 sitemap doc pages (0%); 168 missing
      Learn more: https://agentdocsspec.com/spec/#llms-txt-coverage
  ○ markdown-content-parity: Skipped: dependency check did not pass
  ✓ cache-header-hygiene: All 177 endpoints have appropriate cache headers

authentication
  ✓ auth-gate-detection: All 176 pages are publicly accessible
  ○ auth-alternative-access: All docs pages are publicly accessible; no alternative access paths needed

Summary
  12 passed, 1 warnings, 5 failed, 5 skipped (23 total)

Full spec: https://agentdocsspec.com/spec/

@dependabot @github

dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #3522.

@dependabot dependabot Bot closed this Jul 8, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/docs/site/npm_and_yarn-dafe336c3c branch July 8, 2026 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests related to dependencies javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants