fix(deps): bump js-yaml to >=4.2.0 where possible

Desktop only has the v4 copy, so a plain override pins it to >=4.2.0
(resolves alert #245). The frontend also pulls js-yaml v3 via
gray-matter (histoire story tooling), which has no v4-compatible
release, so a scoped 'js-yaml@4' override bumps only the v4 copies
(eslint/cosmiconfig) and leaves gray-matter on 3.14.2. Alert #256
stays open for that dev-only, trusted-input path.
This commit is contained in:
kolaente 2026-06-16 08:33:16 +02:00
parent 9cc47a3da4
commit e13d3f537c
No known key found for this signature in database
4 changed files with 20 additions and 16 deletions

View File

@ -79,7 +79,8 @@
"picomatch": ">=4.0.4",
"tmp": ">=0.2.7",
"ip-address": ">=10.1.1",
"form-data": ">=4.0.6"
"form-data": ">=4.0.6",
"js-yaml": ">=4.2.0"
}
}
}

View File

@ -12,6 +12,7 @@ overrides:
tmp: '>=0.2.7'
ip-address: '>=10.1.1'
form-data: '>=4.0.6'
js-yaml: '>=4.2.0'
importers:
@ -835,8 +836,8 @@ packages:
resolution: {integrity: sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ==}
hasBin: true
js-yaml@4.1.1:
resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==}
js-yaml@4.2.0:
resolution: {integrity: sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==}
hasBin: true
json-buffer@3.0.1:
@ -1739,7 +1740,7 @@ snapshots:
hosted-git-info: 4.1.0
is-ci: 3.0.1
isbinaryfile: 5.0.7
js-yaml: 4.1.1
js-yaml: 4.2.0
lazy-val: 1.0.5
minimatch: 10.2.5
read-config-file: 6.3.2
@ -1781,7 +1782,7 @@ snapshots:
hosted-git-info: 4.1.0
isbinaryfile: 5.0.7
jiti: 2.6.1
js-yaml: 4.1.1
js-yaml: 4.2.0
json5: 2.2.3
lazy-val: 1.0.5
minimatch: 10.2.5
@ -1928,7 +1929,7 @@ snapshots:
http-proxy-agent: 5.0.0
https-proxy-agent: 5.0.1
is-ci: 3.0.1
js-yaml: 4.1.1
js-yaml: 4.2.0
source-map-support: 0.5.21
stat-mode: 1.0.0
temp-file: 3.4.0
@ -1945,7 +1946,7 @@ snapshots:
fs-extra: 10.1.0
http-proxy-agent: 7.0.2
https-proxy-agent: 7.0.5
js-yaml: 4.1.1
js-yaml: 4.2.0
sanitize-filename: 1.6.4
source-map-support: 0.5.21
stat-mode: 1.0.0
@ -2098,7 +2099,7 @@ snapshots:
app-builder-lib: 26.15.2(dmg-builder@26.15.2)(electron-builder-squirrel-windows@24.13.3)
builder-util: 26.15.0
fs-extra: 10.1.0
js-yaml: 4.1.1
js-yaml: 4.2.0
transitivePeerDependencies:
- electron-builder-squirrel-windows
- supports-color
@ -2543,7 +2544,7 @@ snapshots:
jiti@2.6.1: {}
js-yaml@4.1.1:
js-yaml@4.2.0:
dependencies:
argparse: 2.0.1
@ -2800,7 +2801,7 @@ snapshots:
config-file-ts: 0.2.6
dotenv: 9.0.2
dotenv-expand: 5.1.0
js-yaml: 4.1.1
js-yaml: 4.2.0
json5: 2.2.3
lazy-val: 1.0.5

View File

@ -181,7 +181,8 @@
"form-data": ">=4.0.6",
"markdown-it": ">=14.2.0",
"launch-editor": ">=2.14.1",
"@babel/core": ">=7.29.6"
"@babel/core": ">=7.29.6",
"js-yaml@4": ">=4.2.0"
}
}
}

View File

@ -18,6 +18,7 @@ overrides:
markdown-it: '>=14.2.0'
launch-editor: '>=2.14.1'
'@babel/core': '>=7.29.6'
js-yaml@4: '>=4.2.0'
importers:
@ -4558,8 +4559,8 @@ packages:
resolution: {integrity: sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==}
hasBin: true
js-yaml@4.1.1:
resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==}
js-yaml@4.2.0:
resolution: {integrity: sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==}
hasBin: true
jsdom@27.4.0:
@ -8296,7 +8297,7 @@ snapshots:
globals: 14.0.0
ignore: 5.3.2
import-fresh: 3.3.0
js-yaml: 4.1.1
js-yaml: 4.2.0
minimatch: 10.2.4
strip-json-comments: 3.1.1
transitivePeerDependencies:
@ -10260,7 +10261,7 @@ snapshots:
dependencies:
env-paths: 2.2.1
import-fresh: 3.3.0
js-yaml: 4.1.1
js-yaml: 4.2.0
parse-json: 5.2.0
optionalDependencies:
typescript: 5.9.3
@ -11529,7 +11530,7 @@ snapshots:
argparse: 1.0.10
esprima: 4.0.1
js-yaml@4.1.1:
js-yaml@4.2.0:
dependencies:
argparse: 2.0.1