Skip to content

Bump js-yaml, eslint-plugin-office-addins and eslint in /Samples/excel-copilot-agent#1449

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/Samples/excel-copilot-agent/multi-75bafc1b1c
Open

Bump js-yaml, eslint-plugin-office-addins and eslint in /Samples/excel-copilot-agent#1449
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/Samples/excel-copilot-agent/multi-75bafc1b1c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor

Bumps js-yaml to 4.2.0 and updates ancestor dependencies js-yaml, eslint-plugin-office-addins and eslint. These dependencies need to be updated together.

Updates js-yaml from 3.14.2 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).
Commits

Updates eslint-plugin-office-addins from 2.1.8 to 4.0.9

Commits
  • b14f560 Publish
  • da50e18 Merge pull request #995 from OfficeDev/cache-clearing-tool
  • 529b1ae Change build message to test for office-addin-cache
  • 2f4c37b updated individual build yaml and fixed typo in one
  • 53b6176 log force close failures in verbose mode
  • 3386fb3 Merge branch 'master' into cache-clearing-tool
  • b7443c3 Merge pull request #994 from OfficeDev/user/millerds/distiquish-cert-errors
  • 10d6afe Add a cache clearing tool
  • 7fb3d38 Check for script errors when installing dev certs.
  • 5c226ad Merge pull request #993 from OfficeDev/user/millerds/remove-usage-data-logging
  • Additional commits viewable in compare view

Updates eslint from 7.32.0 to 9.39.4

Release notes

Sourced from eslint's releases.

v9.39.4

Bug Fixes

  • f18f6c8 fix: update dependency minimatch to ^3.1.5 (#20564) (Milos Djermanovic)
  • a3c868f fix: update dependency @​eslint/eslintrc to ^3.3.4 (#20554) (Milos Djermanovic)
  • 234d005 fix: minimatch security vulnerability patch for v9.x (#20549) (Andrej Beles)
  • b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#20538) (루밀LuMir)

Documentation

  • 4675152 docs: add deprecation notice partial (#20520) (Milos Djermanovic)

Chores

  • b8b4eb1 chore: update dependencies for ESLint v9.39.4 (#20596) (Francesco Trotta)
  • 71b2f6b chore: package.json update for @​eslint/js release (Jenkins)
  • 1d16c2f ci: pin Node.js 25.6.1 (#20563) (Milos Djermanovic)

v9.39.3

Bug Fixes

  • 791bf8d fix: restore TypeScript 4.0 compatibility in types (#20504) (sethamus)

Chores

  • 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#20529) (Milos Djermanovic)
  • 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
  • af498c6 chore: ignore /docs/v9.x in link checker (#20453) (Milos Djermanovic)

v9.39.2

Bug Fixes

  • 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

  • 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

  • 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)
  • c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
  • 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

v9.39.1

Bug Fixes

  • 650753e fix: Only pass node to JS lang visitor methods (#20283) (Nicholas C. Zakas)

Documentation

  • 51b51f4 docs: add a section on when to use extends vs cascading (#20268) (Tanuj Kanti)
  • b44d426 docs: Update README (GitHub Actions Bot)

Chores

  • 92db329 chore: update @eslint/js version to 9.39.1 (#20284) (Francesco Trotta)
  • c7ebefc chore: package.json update for @​eslint/js release (Jenkins)
  • 61778f6 chore: update eslint-config-eslint dependency @​eslint/js to ^9.39.0 (#20275) (renovate[bot])
  • d9ca2fc ci: Add rangeStrategy to eslint group in renovate config (#20266) (唯然)
  • 009e507 test: fix version tests for ESLint v10 (#20274) (Milos Djermanovic)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by eslintbot, a new releaser for eslint since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump js-yaml, eslint-plugin-office-addins and eslint
435add9 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) to 4.2.0 and updates ancestor dependencies [js-yaml](https://github.com/nodeca/js-yaml), [eslint-plugin-office-addins](https://github.com/OfficeDev/Office-Addin-Scripts) and [eslint](https://github.com/eslint/eslint). These dependencies need to be updated together.


Updates `js-yaml` from 3.14.2 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/commits)

Updates `eslint-plugin-office-addins` from 2.1.8 to 4.0.9
- [Release notes](https://github.com/OfficeDev/Office-Addin-Scripts/releases)
- [Commits](https://github.com/OfficeDev/Office-Addin-Scripts/compare/eslint-plugin-office-addins@2.1.8...eslint-plugin-office-addins@4.0.9)

Updates `eslint` from 7.32.0 to 9.39.4
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v7.32.0...v9.39.4)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: indirect
- dependency-name: eslint-plugin-office-addins
  dependency-version: 4.0.9
  dependency-type: direct:development
- dependency-name: eslint
  dependency-version: 9.39.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants