Skip to content

fix: update yaml parser dependencies#2062

Merged
aaronpowell merged 1 commit into
github:stagedfrom
ProfTrader:codex/awesome-copilot-yaml-advisories
Jun 22, 2026
Merged

fix: update yaml parser dependencies#2062
aaronpowell merged 1 commit into
github:stagedfrom
ProfTrader:codex/awesome-copilot-yaml-advisories

Conversation

@ProfTrader

@ProfTrader ProfTrader commented Jun 19, 2026

Copy link
Copy Markdown

Summary

  • update direct js-yaml dependency to ^4.2.0
  • refresh package-lock.json so transitive yaml resolves to a non-vulnerable version
  • clears the production npm audit --omit=dev advisories for js-yaml and yaml

Verification

  • npm audit --omit=dev --json reports 0 vulnerabilities
  • npm run build
  • npm run skill:validate
  • git diff --check

Note: npm run plugin:validate still fails on existing plugin catalog path-format issues unrelated to this dependency update.

@ProfTrader ProfTrader requested a review from aaronpowell as a code owner June 19, 2026 14:40
@github-actions github-actions Bot added the targets-main PR targets main instead of staged label Jun 19, 2026
github-actions[bot]
github-actions Bot requested changes Jun 19, 2026
View reviewed changes

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ This PR targets main, but PRs should target staged.

The main branch is auto-published from staged and should not receive direct PRs.
Please close this PR and re-open it against the staged branch.

You can change the base branch using the Edit button at the top of this PR,
or run: gh pr edit 2062 --base staged

@ProfTrader ProfTrader changed the base branch from main to staged June 19, 2026 14:46
github-actions[bot]
github-actions Bot previously approved these changes Jun 19, 2026
View reviewed changes

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Base branch is now set correctly.

Removing the prior block because this PR no longer targets main.

@github-actions github-actions Bot added branched-main PR appears to include plugin files materialized from main external-plugin PR updates plugins/external.json ready-for-review Submission passed intake validation and is ready for maintainer review and removed targets-main PR targets main instead of staged labels Jun 19, 2026
@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

✅ External plugin PR checks passed

  • Changed entries detected: 0
  • Workflow state label: ready-for-review

Per-plugin quality summary

Plugin skill-validator install smoke test overall source tree
none not_run not_run not_run n/a

No changed external plugin entries were detected in this PR.

@ProfTrader ProfTrader force-pushed the codex/awesome-copilot-yaml-advisories branch from 1bfacd2 to a5ed8e4 Compare June 19, 2026 14:49
@github-actions github-actions Bot removed branched-main PR appears to include plugin files materialized from main external-plugin PR updates plugins/external.json labels Jun 19, 2026
@aaronpowell aaronpowell merged commit f072375 into github:staged Jun 22, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aaronpowell aaronpowell aaronpowell approved these changes

@github-actions github-actions[bot] github-actions[bot] left review comments

@VeVarunSharma VeVarunSharma Awaiting requested review from VeVarunSharma

@DUBSOpenHub DUBSOpenHub Awaiting requested review from DUBSOpenHub

Assignees

No one assigned

Labels

ready-for-review Submission passed intake validation and is ready for maintainer review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ProfTrader @aaronpowell