Bump js-yaml, husky, mocha, serverless and standard

[dependabot]

Bumps js-yaml to 4.1.1 and updates ancestor dependencies js-yaml, husky, mocha, serverless and standard. These dependencies need to be updated together.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates husky from 3.0.1 to 9.1.7

Release notes

Sourced from husky's releases.

v9.1.7

What's Changed

• fix: add husky label to deprecated warning by @​smackfu in typicode/husky#1538

New Contributors

• @​smackfu made their first contribution in typicode/husky#1538

Full Changelog: typicode/husky@v9.1.6...v9.1.7

v9.1.6

What's Changed

• Fix issue where example pre-commit file is generated incorrectly by @​dexmlee in typicode/husky#1519

New Contributors

• @​OlegKipchatov made their first contribution in typicode/husky#1495
• @​Byron2016 made their first contribution in typicode/husky#1499
• @​dexmlee made their first contribution in typicode/husky#1519

Full Changelog: typicode/husky@v9.1.5...v9.1.6

v9.1.5

What's Changed

• fixes #1494, support pre-merge-commit hook by @​RainMeoCat in typicode/husky#1497

New Contributors

• @​RainMeoCat made their first contribution in typicode/husky#1497

Full Changelog: typicode/husky@v9.1.4...v9.1.5

v9.1.4

• Improve deprecation notice

v9.1.3

• fix: better handle space in PATH

v9.1.2

Show a message instead of automatically removing deprecated code.

This only concerns projects that still have the following code in their hooks:

- #!/usr/bin/env sh # <- This is deprecated, remove it
- . "$(dirname -- "$0")/_/husky.sh"  # <- This is deprecated, remove it
Rest of your hook code

Hooks with these lines will fail in v10.0.0

v9.1.1

... (truncated)

Commits

• 799e84b 9.1.7
• 30f2049 fix: add husky label to deprecated warning (#1538)
• a2d942a 9.1.6
• b4465ed fix: add parens around the null coalescing operator to fix issues when npm_co...
• 3b3e7f1 docs(spanish): improve spanish translation (#1504)
• dcf3aed dosc: repair support Spanish sponsors links (#1500)
• c3afd5f docs: support Spanish documentation (#1499)
• c5f4f48 docs: support Russian documentation (#1495)
• 2fee8d2 9.1.5
• 397e7f0 fixes #1494 support pre-merge-commit hook
• Additional commits viewable in compare view

Updates mocha from 10.2.0 to 10.8.2

Release notes

Sourced from mocha's releases.

v10.8.2

10.8.2 (2024-10-30)

🩹 Fixes

• support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
• test link in html reporter (#5224) (f054acc)

📚 Documentation

• indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

• fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

• deps: bump the github-actions group with 1 update (#5132) (e536ab2)

v10.8.1

10.8.1 (2024-10-29)

🩹 Fixes

• handle case of invalid package.json with no explicit config (#5198) (f72bc17)
• Typos on mochajs.org (#5237) (d8ca270)
• use accurate test links in HTML reporter (#5228) (68803b6)

v10.8.0

10.8.0 (2024-10-29)

🌟 Features

• highlight browser failures (#5222) (8ff4845)

🩹 Fixes

• remove :is() from mocha.css to support older browsers (#5225) (#5227) (0a24b58)

📚 Documentation

... (truncated)

Changelog

Sourced from mocha's changelog.

10.8.2 (2024-10-30)

🩹 Fixes

• support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
• test link in html reporter (#5224) (f054acc)

📚 Documentation

• indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

• fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

• deps: bump the github-actions group with 1 update (#5132) (e536ab2)

10.8.1 (2024-10-29)

🩹 Fixes

• handle case of invalid package.json with no explicit config (#5198) (f72bc17)
• Typos on mochajs.org (#5237) (d8ca270)
• use accurate test links in HTML reporter (#5228) (68803b6)

10.8.0 (2024-10-29)

🌟 Features

• highlight browser failures (#5222) (8ff4845)

🩹 Fixes

• remove :is() from mocha.css to support older browsers (#5225) (#5227) (0a24b58)

📚 Documentation

• add SECURITY.md pointing to Tidelift (#5210) (bd7e63a)
• adopt Collective Funds Guidelines 0.1 (#5199) (2b03d86)
• update README, LICENSE and fix outdated (#5197) (1203e0e)

🧹 Chores

• fix npm scripts on windows (#5219) (1173da0)
• remove trailing whitespace in SECURITY.md (7563e59)

10.7.3 (2024-08-09)

... (truncated)

Commits

• 05097db chore(main): release 10.8.2 (#5239)
• 14e640e docs: indicate 'exports' interface does not work in browsers (#5181)
• 881e3b0 chore: fix docs builds by re-adding eleventy and ignoring gitignore again (#5...
• f054acc fix: test link in html reporter (#5224)
• e536ab2 build(deps): bump the github-actions group with 1 update (#5132)
• ba0fefe fix: support errors with circular dependencies in object values with --parall...
• f44f71b chore(main): release 10.8.1 (#5238)
• f72bc17 fix: handle case of invalid package.json with no explicit config (#5198)
• 68803b6 fix: use accurate test links in HTML reporter (#5228)
• d8ca270 fix: Typos on mochajs.org (#5237)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Updates serverless from 2.72.4 to 4.23.0

Release notes

Sourced from serverless's releases.

4.23.0

Features

• Serverless Framework
  • Added new IAM permission required for Lambda functions triggered by Function URLs (serverless/serverless#13147) (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html)
  • Improved CLI reliability when encountering internal Serverless API errors

Bux Fixes

• Serverless Framework
  • Fixed logging of packager output in cases where external dependency installation fails when using the built-in esbuild (serverless/serverless#13149)

Maintenance

• Serverless Framework
  • Improved authentication performance
  • Improved and cleaned up debug logs

4.22.0

Features

• Serverless Framework
  • serverless-python-requirements plugin is now included in the Serverless Framework. You can remove it from the plugins list in your configuration file and from your package.json. The integration activates automatically whenever custom.pythonRequirements is present, so keep or add that block. It is fully backward-compatible and comes with uv support! Learn more in the docs.

Bug Fixes

• Serverless Framework
  • Unused stages are now pruned from the service config (serverless/serverless#13138)
  • Fixed an issue where a null app name was sent during authentication
  • Improved input validation
  • Ensured the print command returns a config without $ref references when no cycles exist

Maintenance

• Serverless Framework
  • The WebSocket module is now lazy-loaded to reduce startup dependencies

4.21.1

Bug Fixes

• Serverless Framework
  • Added support for the --config flag in version pinning (frameworkVersion property)
  • Added handling for the 403 Forbidden error during Docker authentication (#13116) (serverless/serverless#12895)
  • Fixed invoke local when using Docker and lambda/provided AWS Lambda images; added log capture and proper exit codes for function errors (#12921)
  • Replaced manual path manipulation with path.basename to improve Windows support (#13120)
  • Fixed an issue where named AWS resolver properties were not resolved before the resolver was instantiated (serverless/serverless#13133)
  • Improved error logging for easier debugging (#13121)

4.21.0

Features

... (truncated)

Commits

• 3110342 add recent features to readme
• e2681bd chore: update readme to include serverless MCP and container framework
• 1003a32 docs: update SECURITY.md (#13026)
• ec4957f chore: automate CLA signing (#13019)
• c4cebae chore: automate CLA signing
• 87b4f5b docs: read license key from aws ssm (#12986)
• 3f37cba docs(dev-mode): added note regarding vpc (#12977)
• d262ac3 feat: add support for ap-southeast-5 and ca-west-1 (#12981)
• 2aea99d fix: correctly resolve layer package artifact and docker image paths (#12972)
• 3704754 fix(esbuild): track files added to the zip file (#12966)
• Additional commits viewable in compare view

Updates standard from 16.0.3 to 17.1.2

Release notes

Sourced from standard's releases.

v17.1.2

• Unpin and bump eslint-plugin-react(#1976) 004e63b

standard/standard@v17.1.1...v17.1.2

v17.1.1

• Pin eslint-plugin-react to 7.35.2 (#1976) d535d98

standard/standard@v17.1.0...v17.1.1

v17.1.0

• Update dependencies and prepare release 17.1.0 (#1908) a4049f8
• Add version-guard to silent failure on old node (#1829) 7dc2ab0 85316d1 26efe34 f635e4e 6dd2162

standard/standard@v17.0.0...v17.1.0

v17.0.0

We're super excited to announce standard 17!

This major release fully focuses on getting in sync with the wider ESLint ecosystem and doesn't in itself introduce any new rules or features.

When you upgrade, consider running standard --fix to automatically format your code to match the current set of rules.

This is the first release by two of our standard co-maintainers @​theoludwig and @​voxpelli. Buy them a cake if you run into them, thanks for getting this release out!

Major changes

• eslint-config-node has been replaced with the up to date fork eslint-config-n. If you have used comments like // eslint-disable-line node/no-deprecated-api you now have to reference the n/ rules instead.
• object-shorthand rule (as warning)
• Use of ESLint 8, which allows for support for all of the latest syntax that ESLint 8 includes, such as top level await #1548 #1775
• --verbose by default

Changed features

• Update eslint from ~7.18.0 to ^8.13.0
• Update eslint-config-standard from 16.0.3 to 17.0.0 to adapt to ESLint 8
• Update eslint-config-standard-jsx from 10.0.0 to ^11.0.0 to adapt to ESLint 8
• Update standard-engine from ^14 to ^15.0.0 to adapt to ESLint 8, see its CHANGELOG
• Move from eslint-plugin-node@~11.1.0 to eslint-plugin-n@^15.1.0 to adapt to ESLint 8
• Update eslint-plugin-import from ~2.24.2 to ^2.26.0
• Update eslint-plugin-promise from ~5.1.0 to ^6.0.0
• Update eslint-plugin-react from ~7.25.1 to ^7.28.0

standard/standard@v16.0.4...v17.0.0

v17.0.0-2

• fix: update eslint-config-standard-jsx to fix #1548 (#1775) c120a60

... (truncated)

Changelog

Sourced from standard's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[17.1.0] - 2023-05-29

• Update eslint-config-standard from 17.0.0 to 17.1.0

[17.0.0] - 2022-04-20

We're super excited to announce standard 17!

This major release fully focuses on getting in sync with the wider ESLint ecosystem and doesn't in itself introduce any new rules or features.

When you upgrade, consider running standard --fix to automatically format your code to match the current set of rules.

This is the first release by two of our standard co-maintainers @​Divlo and @​voxpelli. Buy them a cake if you run into them, thanks for getting this release out!

Major changes

• eslint-config-node has been replaced with the up to date fork eslint-config-n. If you have used comments like // eslint-disable-line node/no-deprecated-api you now have to reference the n/ rules instead.
• object-shorthand rule (as warning)
• Use of ESLint 8, which allows for support for all of the latest syntax that ESLint 8 includes, such as top level await #1548 #1775
• --verbose by default

Changed features

• Update eslint from ~7.18.0 to ^8.13.0
• Update eslint-config-standard from 16.0.3 to 17.0.0 to adapt to ESLint 8
• Update eslint-config-standard-jsx from 10.0.0 to ^11.0.0 to adapt to ESLint 8
• Update standard-engine from ^14 to ^15.0.0 to adapt to ESLint 8, see its CHANGELOG
• Move from eslint-plugin-node@~11.1.0 to eslint-plugin-n@^15.1.0 to adapt to ESLint 8
• Update eslint-plugin-import from ~2.24.2 to ^2.26.0
• Update eslint-plugin-promise from ~5.1.0 to ^6.0.0
• Update eslint-plugin-react from ~7.25.1 to ^7.28.0

[17.0.0-2] - 2022-02-03

• Fix: Follow up to the fix of #1548 in 17.0.0-1 #1775

[17.0.0-1] - 2022-01-31

• Fix: Ensure we support all of the latest syntax that ESLint 8 includes, such as top level await #1548

[17.0.0-0] - 2022-01-31

... (truncated)

Commits

• be62115 17.1.2
• 004e63b Unpin and bump eslint-plugin-react
• 75a1877 17.1.1
• d535d98 Pin eslint-plugin-react to 7.35.2
• 170a02f Deactivate cron on external tests
• 3b3c316 Merge pull request #1962 from SebastjanPrachovskij/feature/add-searchapi-logo
• dbf1142 Add SearchApi logo to users
• 5ff8441 Merge pull request #1936 from poozhu/master
• f40f923 Merge branch 'master' into master
• 3b6f95d Edit Discord badge. (#1954)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for standard since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[khvn26]

@dependabot rebase

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.