Bump js-yaml from 4.1.0 to 4.2.0 (#2461 )

Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.2.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/commits) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bump flatted from 3.3.1 to 3.4.2 (#2460 )
2026-06-16 16:59:41 +00:00 · 2026-06-16 12:44:07 -04:00 · 2026-06-16 12:43:32 -04:00 · 2026-06-16 12:33:25 -04:00
5 changed files with 28 additions and 16 deletions
@@ -17,4 +17,4 @@ jobs:
        uses: actions/checkout@v6
      - name: Publish
        id: publish
-        uses: actions/publish-immutable-action@0.0.3
+        uses: actions/publish-immutable-action@v0.0.4
@@ -2833,9 +2833,9 @@ function assertSafePrCheckout(input) {
    throw new Error(`Refusing to check out fork pull request code from a '${eventName}' workflow. ` +
        `This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch ` +
        `cache scope, and runner access. Fetching and executing a fork's code in that trusted ` +
-        `context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks ` +
-        `at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' ` +
-        `on the actions/checkout step.`);
+        `context commonly leads to "pwn request" vulnerabilities. To opt in after reviewing ` +
+        `the risks at https://gh.io/securely-using-pull_request_target, set ` +
+        `'allow-unsafe-pr-checkout: true' on the actions/checkout step.`);
 }
 function pushIfSha(target, value) {
    if (typeof value === 'string' && value.length > 0) {
@@ -28,7 +28,7 @@
        "eslint-plugin-jest": "^28.8.2",
        "jest": "^29.7.0",
        "jest-circus": "^29.7.0",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.2.0",
        "prettier": "^3.3.3",
        "ts-jest": "^29.2.5",
        "typescript": "^5.5.4"
@@ -3590,10 +3590,11 @@
      }
    },
    "node_modules/flatted": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz",
-      "integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==",
-      "dev": true
+      "version": "3.4.2",
+      "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+      "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
+      "dev": true,
+      "license": "ISC"
    },
    "node_modules/for-each": {
      "version": "0.3.3",
@@ -5186,10 +5187,21 @@
      "license": "MIT"
    },
    "node_modules/js-yaml": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+      "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/puzrin"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/nodeca"
+        }
+      ],
+      "license": "MIT",
      "dependencies": {
        "argparse": "^2.0.1"
      },
@@ -47,7 +47,7 @@
    "eslint-plugin-jest": "^28.8.2",
    "jest": "^29.7.0",
    "jest-circus": "^29.7.0",
-    "js-yaml": "^4.1.0",
+    "js-yaml": "^4.2.0",
    "prettier": "^3.3.3",
    "ts-jest": "^29.2.5",
    "typescript": "^5.5.4"
@@ -75,9 +75,9 @@ export function assertSafePrCheckout(input: IUnsafePrCheckoutInput): void {
    `Refusing to check out fork pull request code from a '${eventName}' workflow. ` +
      `This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch ` +
      `cache scope, and runner access. Fetching and executing a fork's code in that trusted ` +
-      `context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks ` +
-      `at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' ` +
-      `on the actions/checkout step.`
+      `context commonly leads to "pwn request" vulnerabilities. To opt in after reviewing ` +
+      `the risks at https://gh.io/securely-using-pull_request_target, set ` +
+      `'allow-unsafe-pr-checkout: true' on the actions/checkout step.`
  )
 }