Bump js-yaml and mocha #38

Open

dependabot[bot] wants to merge 1 commit from dependabot/npm_and_yarn/multi-f14266366f into master

pull from: dependabot/npm_and_yarn/multi-f14266366f

merge into: quodatum:master

quodatum:master

quodatum:dependabot/npm_and_yarn/braces-3.0.3

quodatum:dependabot/npm_and_yarn/multi-90047ba03a

quodatum:dev

quodatum:gh-pages

Conversation 0 Commits 1 Files changed 1 +590 -346

dependabot[bot] commented 2025-11-15 10:34:12 +00:00 (Migrated from github.com)

Copy link

Bumps js-yaml to 4.1.1 and updates ancestor dependency mocha. These dependencies need to be updated together.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates mocha from 10.2.0 to 11.7.5

Release notes

Sourced from mocha's releases.

v11.7.5

11.7.5 (2025-11-04)

🩹 Fixes

• swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

• run tests on PRs for and pushes to v11.x (#5525) (8b21b38)
• setup release-please for v11 (#5522) (663fff4)

v11.7.4

11.7.4 (2025-10-01)

🩹 Fixes

• watch mode using chokidar v4 (#5379) (c2667c3)

📚 Documentation

• migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

• remove trailing spaces (#5475) (7f68e5c)

v11.7.3

11.7.3 (2025-09-30)

🩹 Fixes

• use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

• add security escalation policy (#5466) (4122c7d)
• fix duplicate global leak documentation (#5461) (1164b9d)
• migrate third party UIs wiki page to docs (#5434) (6654704)
• update maintainer release notes for release-please (#5453) (185ae1e)

🤖 Automation

... (truncated)

Changelog

Sourced from mocha's changelog.

11.7.5 (2025-11-04)

🩹 Fixes

• swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

• run tests on PRs for and pushes to v11.x (#5525) (8b21b38)
• setup release-please for v11 (#5522) (663fff4)

11.7.4 (2025-10-01)

🩹 Fixes

• watch mode using chokidar v4 (#5379) (c2667c3)

📚 Documentation

• migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

• remove trailing spaces (#5475) (7f68e5c)

11.7.3 (2025-09-30)

🩹 Fixes

• use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

• add security escalation policy (#5466) (4122c7d)
• fix duplicate global leak documentation (#5461) (1164b9d)
• migrate third party UIs wiki page to docs (#5434) (6654704)
• update maintainer release notes for release-please (#5453) (185ae1e)

🤖 Automation

• deps: bump actions/setup-node in the github-actions group (#5459) (48c6f40)

... (truncated)

Commits

• 9a6a5db chore(v11.x): release 11.7.5 (#5523)
• 8b21b38 chore: run tests on PRs for and pushes to v11.x (#5525)
• 663fff4 chore: setup release-please for v11 (#5522)
• 8d97220 Update release-please to include v11.x and use Node ^22
• d89dbaf fix: swallow more require errors from *ts files (#5498)
• 8649f39 chore(main): release 11.7.4 (#5473)
• c2667c3 fix: watch mode using chokidar v4 (#5379)
• 7f68e5c chore: remove trailing spaces (#5475)
• bff9166 Docs: migrate remaining legacy wiki pages to main documentation (#5465)
• c805327 chore(main): release 11.7.3 (#5455)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [js-yaml](https://github.com/nodeca/js-yaml) to 4.1.1 and updates ancestor dependency [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together. Updates `js-yaml` from 4.1.0 to 4.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (&lt;&lt;) operator.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a"><code>cc482e7</code></a> 4.1.1 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f"><code>50968b8</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b"><code>d092d86</code></a> lint fix</li> <li><a href="https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"><code>383665f</code></a> fix prototype pollution in merge (&lt;&lt;)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976"><code>0d3ca7a</code></a> README.md: HTTP =&gt; HTTPS (<a href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b"><code>49baadd</code></a> doc: 'empty' style option for !!null</li> <li><a href="https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce"><code>ba3460e</code></a> Fix demo link (<a href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare view</a></li> </ul> </details> <br /> Updates `mocha` from 10.2.0 to 11.7.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mochajs/mocha/releases">mocha's releases</a>.</em></p> <blockquote> <h2>v11.7.5</h2> <h2><a href="https://github.com/mochajs/mocha/compare/v11.7.4...v11.7.5">11.7.5</a> (2025-11-04)</h2> <h3>🩹 Fixes</h3> <ul> <li>swallow more <code>require</code> errors from *ts files (<a href="https://redirect.github.com/mochajs/mocha/issues/5498">#5498</a>) (<a href="https://github.com/mochajs/mocha/commit/d89dbaf23d093c22ab72e124dcaed110f3b0228d">d89dbaf</a>)</li> </ul> <h3>🧹 Chores</h3> <ul> <li>run tests on PRs for and pushes to v11.x (<a href="https://redirect.github.com/mochajs/mocha/issues/5525">#5525</a>) (<a href="https://github.com/mochajs/mocha/commit/8b21b3820e99d8c50c024ad1fbac8b78a3293d8d">8b21b38</a>)</li> <li>setup release-please for v11 (<a href="https://redirect.github.com/mochajs/mocha/issues/5522">#5522</a>) (<a href="https://github.com/mochajs/mocha/commit/663fff4b06ed3a1c70483c6ed8911ff0b89fa7b5">663fff4</a>)</li> </ul> <h2>v11.7.4</h2> <h2><a href="https://github.com/mochajs/mocha/compare/v11.7.3...v11.7.4">11.7.4</a> (2025-10-01)</h2> <h3>🩹 Fixes</h3> <ul> <li>watch mode using chokidar v4 (<a href="https://redirect.github.com/mochajs/mocha/issues/5379">#5379</a>) (<a href="https://github.com/mochajs/mocha/commit/c2667c3b3fca33c21306f59a1cca55bb7e1dac1f">c2667c3</a>)</li> </ul> <h3>📚 Documentation</h3> <ul> <li>migrate remaining legacy wiki pages to main documentation (<a href="https://redirect.github.com/mochajs/mocha/issues/5465">#5465</a>) (<a href="https://github.com/mochajs/mocha/commit/bff91660733b71b124aad939538dee7747cfbeb8">bff9166</a>)</li> </ul> <h3>🧹 Chores</h3> <ul> <li>remove trailing spaces (<a href="https://redirect.github.com/mochajs/mocha/issues/5475">#5475</a>) (<a href="https://github.com/mochajs/mocha/commit/7f68e5c1565606bcebeb715b8591c52973d00dff">7f68e5c</a>)</li> </ul> <h2>v11.7.3</h2> <h2><a href="https://github.com/mochajs/mocha/compare/v11.7.2...v11.7.3">11.7.3</a> (2025-09-30)</h2> <h3>🩹 Fixes</h3> <ul> <li>use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (<a href="https://redirect.github.com/mochajs/mocha/issues/5408">#5408</a>) (<a href="https://github.com/mochajs/mocha/commit/ebdbc487693254498de62068c59e3e43d078eff1">ebdbc48</a>)</li> </ul> <h3>📚 Documentation</h3> <ul> <li>add security escalation policy (<a href="https://redirect.github.com/mochajs/mocha/issues/5466">#5466</a>) (<a href="https://github.com/mochajs/mocha/commit/4122c7d13d0941be451365397fbf43e1f3103027">4122c7d</a>)</li> <li>fix duplicate global leak documentation (<a href="https://redirect.github.com/mochajs/mocha/issues/5461">#5461</a>) (<a href="https://github.com/mochajs/mocha/commit/1164b9da895e56cf745acda2792e634080018ff6">1164b9d</a>)</li> <li>migrate third party UIs wiki page to docs (<a href="https://redirect.github.com/mochajs/mocha/issues/5434">#5434</a>) (<a href="https://github.com/mochajs/mocha/commit/66547045cb9bd2fa8209b34c36da2a5ef49d23fc">6654704</a>)</li> <li>update maintainer release notes for release-please (<a href="https://redirect.github.com/mochajs/mocha/issues/5453">#5453</a>) (<a href="https://github.com/mochajs/mocha/commit/185ae1eabe5c1e92c758bdfb398f7f47b6ef9483">185ae1e</a>)</li> </ul> <h3>🤖 Automation</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mochajs/mocha/blob/v11.7.5/CHANGELOG.md">mocha's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/mochajs/mocha/compare/v11.7.4...v11.7.5">11.7.5</a> (2025-11-04)</h2> <h3>🩹 Fixes</h3> <ul> <li>swallow more <code>require</code> errors from *ts files (<a href="https://redirect.github.com/mochajs/mocha/issues/5498">#5498</a>) (<a href="https://github.com/mochajs/mocha/commit/d89dbaf23d093c22ab72e124dcaed110f3b0228d">d89dbaf</a>)</li> </ul> <h3>🧹 Chores</h3> <ul> <li>run tests on PRs for and pushes to v11.x (<a href="https://redirect.github.com/mochajs/mocha/issues/5525">#5525</a>) (<a href="https://github.com/mochajs/mocha/commit/8b21b3820e99d8c50c024ad1fbac8b78a3293d8d">8b21b38</a>)</li> <li>setup release-please for v11 (<a href="https://redirect.github.com/mochajs/mocha/issues/5522">#5522</a>) (<a href="https://github.com/mochajs/mocha/commit/663fff4b06ed3a1c70483c6ed8911ff0b89fa7b5">663fff4</a>)</li> </ul> <h2><a href="https://github.com/mochajs/mocha/compare/v11.7.3...v11.7.4">11.7.4</a> (2025-10-01)</h2> <h3>🩹 Fixes</h3> <ul> <li>watch mode using chokidar v4 (<a href="https://redirect.github.com/mochajs/mocha/issues/5379">#5379</a>) (<a href="https://github.com/mochajs/mocha/commit/c2667c3b3fca33c21306f59a1cca55bb7e1dac1f">c2667c3</a>)</li> </ul> <h3>📚 Documentation</h3> <ul> <li>migrate remaining legacy wiki pages to main documentation (<a href="https://redirect.github.com/mochajs/mocha/issues/5465">#5465</a>) (<a href="https://github.com/mochajs/mocha/commit/bff91660733b71b124aad939538dee7747cfbeb8">bff9166</a>)</li> </ul> <h3>🧹 Chores</h3> <ul> <li>remove trailing spaces (<a href="https://redirect.github.com/mochajs/mocha/issues/5475">#5475</a>) (<a href="https://github.com/mochajs/mocha/commit/7f68e5c1565606bcebeb715b8591c52973d00dff">7f68e5c</a>)</li> </ul> <h2><a href="https://github.com/mochajs/mocha/compare/v11.7.2...v11.7.3">11.7.3</a> (2025-09-30)</h2> <h3>🩹 Fixes</h3> <ul> <li>use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (<a href="https://redirect.github.com/mochajs/mocha/issues/5408">#5408</a>) (<a href="https://github.com/mochajs/mocha/commit/ebdbc487693254498de62068c59e3e43d078eff1">ebdbc48</a>)</li> </ul> <h3>📚 Documentation</h3> <ul> <li>add security escalation policy (<a href="https://redirect.github.com/mochajs/mocha/issues/5466">#5466</a>) (<a href="https://github.com/mochajs/mocha/commit/4122c7d13d0941be451365397fbf43e1f3103027">4122c7d</a>)</li> <li>fix duplicate global leak documentation (<a href="https://redirect.github.com/mochajs/mocha/issues/5461">#5461</a>) (<a href="https://github.com/mochajs/mocha/commit/1164b9da895e56cf745acda2792e634080018ff6">1164b9d</a>)</li> <li>migrate third party UIs wiki page to docs (<a href="https://redirect.github.com/mochajs/mocha/issues/5434">#5434</a>) (<a href="https://github.com/mochajs/mocha/commit/66547045cb9bd2fa8209b34c36da2a5ef49d23fc">6654704</a>)</li> <li>update maintainer release notes for release-please (<a href="https://redirect.github.com/mochajs/mocha/issues/5453">#5453</a>) (<a href="https://github.com/mochajs/mocha/commit/185ae1eabe5c1e92c758bdfb398f7f47b6ef9483">185ae1e</a>)</li> </ul> <h3>🤖 Automation</h3> <ul> <li><strong>deps:</strong> bump actions/setup-node in the github-actions group (<a href="https://redirect.github.com/mochajs/mocha/issues/5459">#5459</a>) (<a href="https://github.com/mochajs/mocha/commit/48c6f4068b5d22ebc49220900f0b53f8ecdc2b74">48c6f40</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mochajs/mocha/commit/9a6a5db8401dec63ea81093dd862e9e9b13b44d0"><code>9a6a5db</code></a> chore(v11.x): release 11.7.5 (<a href="https://redirect.github.com/mochajs/mocha/issues/5523">#5523</a>)</li> <li><a href="https://github.com/mochajs/mocha/commit/8b21b3820e99d8c50c024ad1fbac8b78a3293d8d"><code>8b21b38</code></a> chore: run tests on PRs for and pushes to v11.x (<a href="https://redirect.github.com/mochajs/mocha/issues/5525">#5525</a>)</li> <li><a href="https://github.com/mochajs/mocha/commit/663fff4b06ed3a1c70483c6ed8911ff0b89fa7b5"><code>663fff4</code></a> chore: setup release-please for v11 (<a href="https://redirect.github.com/mochajs/mocha/issues/5522">#5522</a>)</li> <li><a href="https://github.com/mochajs/mocha/commit/8d972202fe4efd3f55ce35358b840d7ade0a1cf5"><code>8d97220</code></a> Update release-please to include v11.x and use Node ^22</li> <li><a href="https://github.com/mochajs/mocha/commit/d89dbaf23d093c22ab72e124dcaed110f3b0228d"><code>d89dbaf</code></a> fix: swallow more <code>require</code> errors from *ts files (<a href="https://redirect.github.com/mochajs/mocha/issues/5498">#5498</a>)</li> <li><a href="https://github.com/mochajs/mocha/commit/8649f394e469b0ec8612837b84707ac42ad2af62"><code>8649f39</code></a> chore(main): release 11.7.4 (<a href="https://redirect.github.com/mochajs/mocha/issues/5473">#5473</a>)</li> <li><a href="https://github.com/mochajs/mocha/commit/c2667c3b3fca33c21306f59a1cca55bb7e1dac1f"><code>c2667c3</code></a> fix: watch mode using chokidar v4 (<a href="https://redirect.github.com/mochajs/mocha/issues/5379">#5379</a>)</li> <li><a href="https://github.com/mochajs/mocha/commit/7f68e5c1565606bcebeb715b8591c52973d00dff"><code>7f68e5c</code></a> chore: remove trailing spaces (<a href="https://redirect.github.com/mochajs/mocha/issues/5475">#5475</a>)</li> <li><a href="https://github.com/mochajs/mocha/commit/bff91660733b71b124aad939538dee7747cfbeb8"><code>bff9166</code></a> Docs: migrate remaining legacy wiki pages to main documentation (<a href="https://redirect.github.com/mochajs/mocha/issues/5465">#5465</a>)</li> <li><a href="https://github.com/mochajs/mocha/commit/c8053277699b35854eb926ffa7b3b5bebcfbdd44"><code>c805327</code></a> chore(main): release 11.7.3 (<a href="https://redirect.github.com/mochajs/mocha/issues/5455">#5455</a>)</li> <li>Additional commits viewable in <a href="https://github.com/mochajs/mocha/compare/v10.2.0...v11.7.5">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~voxpelli">voxpelli</a>, a new releaser for mocha since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Quodatum/basex-node/network/alerts). </details>

This pull request has changes conflicting with the target branch.

• package-lock.json

View command line instructions

Manual merge helper

Use this merge commit message when completing the merge manually.

Merge commit title Merge pull request 'Bump js-yaml and mocha' (#38) from dependabot/npm_and_yarn/multi-f14266366f into master

Merge commit body Reviewed-on: https://git.quodatum.duckdns.org/quodatum/basex-node/pulls/38

Merge pull request 'Bump js-yaml and mocha' (#38) from dependabot/npm_and_yarn/multi-f14266366f into master Reviewed-on: https://git.quodatum.duckdns.org/quodatum/basex-node/pulls/38 Copy merge commit message

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin dependabot/npm_and_yarn/multi-f14266366f:dependabot/npm_and_yarn/multi-f14266366f

git switch dependabot/npm_and_yarn/multi-f14266366f

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch master

git merge --no-ff dependabot/npm_and_yarn/multi-f14266366f

git switch dependabot/npm_and_yarn/multi-f14266366f

git rebase master

git switch master

git merge --ff-only dependabot/npm_and_yarn/multi-f14266366f

git switch dependabot/npm_and_yarn/multi-f14266366f

git rebase master

git switch master

git merge --no-ff dependabot/npm_and_yarn/multi-f14266366f

git switch master

git merge --squash dependabot/npm_and_yarn/multi-f14266366f

git switch master

git merge --ff-only dependabot/npm_and_yarn/multi-f14266366f

git switch master

git merge dependabot/npm_and_yarn/multi-f14266366f

git push origin master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

dependencies

Pull requests that update a dependency file

  

javascript

Pull requests that update javascript code

No labels

dependencies

javascript

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

quodatum/basex-node!38

No description provided.