Skip to content

chore(deps-dev): bump the dev-dependencies group across 1 directory with 4 updates#1004

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-57fd0af0d2
Open

chore(deps-dev): bump the dev-dependencies group across 1 directory with 4 updates#1004
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-57fd0af0d2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026
edited
Loading

Bumps the dev-dependencies group with 4 updates in the / directory: dependency-cruiser, js-yaml, knip and lefthook.

Updates dependency-cruiser from 17.4.2 to 17.4.3

Release notes

Sourced from dependency-cruiser's releases.

v17.4.3

👷 maintenance

  • fbea056c build(npm): updates external dependencies
Commits

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates knip from 6.14.2 to 6.15.0

Release notes

Sourced from knip's releases.

Release 6.15.0

  • Report exported type used only in inferred-return function body (resolve #1765) (2413408753f7abc7a9dfdba520990afd18c53ee0)
  • Work that EXPORTS.md again (7e13451fab7ad85362fb63a4715ea450690aedef)
  • Update npmx ecosystem snapshot (dfc401145a880f156c66eb83ea1622a99540304a)
  • Link dependencies key with notes (closes #1764) (e3e66cea9e946558940bf8705129efea3f23b3ba)
  • Resolve tsconfig paths when loading plugin configs (#1762) (0177c7466559e2ae99b5e1cd1e3a8043ca494edc) - thanks @​jakeleventhal!
  • Avoid caching failed plugin config loads (#1768) (5e201cde9b1ba2568ead2ae790ab888c966828ae) - thanks @​jakeleventhal!
  • Resolve extensionless .sass imports in SCSS compiler (#1770) (30c22835383b2355787cc2a871b22de80ff75544) - thanks @​sebacardello!
  • fix(vite): detect inline module script entry points in index.html (#1772) (51f4eddc9e1b2fed1ba25e81fc596e9fb514ce01) - thanks @​lucas-spin!
  • Harden vite inline module script import detection (b8abcfd2f4f5486aea08a934514bc55de86be030)
  • Use RecordableHistogram for timerified function stats (d575c6905704af1b0b4620edd874fc09bc86ed28)
  • Add orval plugin (resolves #1751) (4c82aa82c2a02fbda27a316389f210d11621f8cb)
  • Add treatTagHintsAsErrors and --no-tag-hints (resolves #1767) (4b6a573e0c1e0daf65c76c32f7336ea71db6bb64)
  • Add nano-spawn plugin (resolves #1769) (b2cad06dfd9958485537c5545c6c497fc8823ac3)
  • Simplify glob cache validation and ignore-list assembly (df1a9603a5ea8ed7bad9588bf13672cedf37c90e)
  • Dedupe ignore-pattern collection and dependency fixing (d49b626ad6736d7123d44568ef8c42a3e1d28aa3)
  • Simplify installed-binaries collection in manifest metadata (55143941eebbc8dac12c79b77c1f65a8b61dfbef)
  • Flatten control flow in ConfigurationChief (010d5709b0f9a3adc5ebe6e7169b9f5c4f29abc5)
  • Inline trivial installed-binaries and types-included accessors (b5afb9f29e3474eee4bf276c1de83cb0682a5663)
  • Format (eb4b178d5d90a719cdc576d644766f8f95a47876)
  • Replace @​wdio/types dev dep with inline types (a3747d61ee0e594854e5da0ca6cb7597e0096b99)
  • Bump dependencies (822ab3905cb7b5a216404231607a7820105930a2)
  • Work AGENTS.md, etcetera (361bd4803934a01e01b08170565f8374e4e49eb2)
  • Remove rootDirs workaround resolved by oxc-resolver 11.20.0 (e190a9fec22db41975cf9568a31970a05c86e66b)
  • Add nuxt no-root-tsconfig fixture guarding alias resolution (e3e5bc94d5f7b6ffdbc89b18d7c8d5acbb5a9008)
  • Allow extra args for release-it (f9c59952fa2c8c4c13bd42edc0935610900d1980)
  • Add @​vercel as platinum sponsor (c4c06a9149c986680f0d1aa74b57a46ff1f88601)
  • Overhaul & improve --trace functionailty (60df0b05f364c8d841c0f784a06bab2a3215a32f)
  • Re-gen plugins.md (0f9d044d312053154498a562e3a9422a4f44afe6)
Commits
  • 3f3769e Release knip@6.15.0
  • 60df0b0 Overhaul & improve --trace functionailty
  • e3e5bc9 Add nuxt no-root-tsconfig fixture guarding alias resolution
  • e190a9f Remove rootDirs workaround resolved by oxc-resolver 11.20.0
  • 822ab39 Bump dependencies
  • a3747d6 Replace @​wdio/types dev dep with inline types
  • eb4b178 Format
  • b5afb9f Inline trivial installed-binaries and types-included accessors
  • 010d570 Flatten control flow in ConfigurationChief
  • 5514394 Simplify installed-binaries collection in manifest metadata
  • Additional commits viewable in compare view

Updates lefthook from 2.1.8 to 2.1.9

Release notes

Sourced from lefthook's releases.

v2.1.9

Changelog

  • 1d35cbabe1ebaf2a5ed4d2186caa0402de6448e2 chore: add pretty gradient (#1432)
  • 22be6c50e1412c748f3c6b60e9c61cd056dc693b deps: May 2026 (#1415)
  • 1bae568f03dfb88af9185031fa44e9fee285e917 fix: update hooks path after resetting (#1431)
Changelog

Sourced from lefthook's changelog.

2.1.9 (2026-05-29)

Commits

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jun 1, 2026

Labels

The following labels could not be found: dependencies, supply-chain. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot changed the title chore(deps-dev): bump the dev-dependencies group with 4 updates chore(deps-dev): bump the dev-dependencies group across 1 directory with 4 updates Jun 2, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-57fd0af0d2 branch 2 times, most recently from bda1f1a to aa824e1 Compare June 2, 2026 04:21
@dependabot
chore(deps-dev): bump the dev-dependencies group across 1 directory w…
771d0dd 
…ith 4 updates

Bumps the dev-dependencies group with 4 updates in the / directory: [dependency-cruiser](https://github.com/sverweij/dependency-cruiser), [js-yaml](https://github.com/nodeca/js-yaml), [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) and [lefthook](https://github.com/evilmartians/lefthook).


Updates `dependency-cruiser` from 17.4.2 to 17.4.3
- [Release notes](https://github.com/sverweij/dependency-cruiser/releases)
- [Changelog](https://github.com/sverweij/dependency-cruiser/blob/main/CHANGELOG.md)
- [Commits](sverweij/dependency-cruiser@v17.4.2...v17.4.3)

Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

Updates `knip` from 6.14.2 to 6.15.0
- [Release notes](https://github.com/webpro-nl/knip/releases)
- [Commits](https://github.com/webpro-nl/knip/commits/knip@6.15.0/packages/knip)

Updates `lefthook` from 2.1.8 to 2.1.9
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](evilmartians/lefthook@v2.1.8...v2.1.9)

---
updated-dependencies:
- dependency-name: dependency-cruiser
  dependency-version: 17.4.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: knip
  dependency-version: 6.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: lefthook
  dependency-version: 2.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-57fd0af0d2 branch from aa824e1 to 771d0dd Compare June 2, 2026 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants