Skip to content

chore(deps): bump js-yaml and sanity#452

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-c936b2bad1
Open

chore(deps): bump js-yaml and sanity#452
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-c936b2bad1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown
Contributor

Bumps js-yaml to 4.3.0 and updates ancestor dependency sanity. These dependencies need to be updated together.

Updates js-yaml from 4.1.1 to 4.3.0

Changelog

Sourced from js-yaml's changelog.

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.

... (truncated)

Commits
  • 33d05b5 4.3.0 released
  • 663bfab Drop demo publish, to not override new v5 one.
  • 1cb8c7b Add v4-legacy tag for publish
  • 02f27af Restore umd builds back to es5
  • 8be84ed Fix es5 compatibility
  • 59423c6 Replace maxMergeSeqLength option with maxTotalMergeKeys (more robust). Ba...
  • 6842ef6 doc polish
  • 590dbab 4.2.0 released
  • f944dc5 Add package.json funding field
  • f692719 Changelog update
  • Additional commits viewable in compare view

Updates sanity from 5.24.0 to 5.31.1

Release notes

Sourced from sanity's releases.

v5.31.1

Sanity Studio v5.31.1

For the complete changelog with all details, please visit: www.sanity.io/docs/changelog/5e41ca5a-489c-4390-a9e8-f3712b30bf37

Install or upgrade Sanity Studio

To upgrade to this version, run:

npm install sanity@latest

To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.

📓 Full changelog

Author Message Commit
@​stipsan fix(core): revert use schema preview selection for search (#13029) ec87ab7a3c
@​stipsan fix(core): exclude dereference paths from groq2024 score boosts (#13027) ca4657e67f
@​bjoerge ci(release): add commit log and working compare link to v5 release pr (#13028) 75a443d1be
@​bjoerge ci(release): block v5 release pr when commits would cause a major bump 0b8f8e3423
@​bjoerge ci(release): keep pnpm install output out of v5 release pr description 451b07b092
@​bjoerge chore(ci): set up release automation for v5 65d0a0c10f
squiggler-app[bot] chore(release): publish v5.31.1 (#13022) 1cd4e22012

v5.31.0

Sanity Studio v5.31.0

This release includes various improvements and bug fixes.

For the complete changelog with all details, please visit: www.sanity.io/changelog/studio-NS4zMC4w

Install or upgrade Sanity Studio

To upgrade to this version, run:

npm install sanity@latest

To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.

📓 Full changelog

Author Message Commit

... (truncated)

Changelog

Sourced from sanity's changelog.

5.31.1 (2026-06-10)

Bug Fixes

  • core: exclude dereference paths from groq2024 score boosts (#13027) (ca4657e)
  • core: revert use schema preview selection for search (#13029) (ec87ab7)

5.31.0 (2026-06-10)

Features

  • core: adds document level presence (#12918) (735c095)
  • core: use schema preview selection for search (#12925) (78f227e)
  • core: warn when no login providers are available (#12957) (967a62d)
  • presentation: add tab bar to switch panes at narrow viewports (#12977) (434efa6)

Bug Fixes

  • core: increase AuthenticateScreen width (#12935) (163d020)
  • core: react strict-mode improvements (#12964) (fcd6dac)
  • core: support modal width in Enhanced dialog (#12955) (37d9ece)
  • deps: update dependency @​sanity/cli to ^6.7.2 (#12939) (f43f22e)
  • deps: update dependency @​sanity/insert-menu to v3.0.8 (#12941) (dd02d30)
  • deps: update dependency @​sanity/preview-url-secret to ^4.0.7 (#12942) (e5fd7f4)
  • deps: update dependency groq-js to ^1.30.2 (#12899) (5551206)
  • deps: update dependency motion to ^12.40.0 (#13001) (88044db)
  • deps: Update sentry-javascript monorepo to ^8.55.2 (#13002) (0fe037d)
  • deps: Update tanstack-virtual monorepo to ^3.14.2 (#13005) (01f7bd1)
  • deps: Update xstate monorepo (#12882) (1ec6335)
  • form: apply default width to annotation edit popover when modal has no width (#12975) (d13c400)
  • form: keep edit dialog open on cmd+up inside text editors (#12972) (7752b10)
  • presentation: ChildLink now renders missing docs (#12958) (8cadf11)
  • sanity: set touch-action: none on array drag handle (#12931) (#12932) (365bd6d)
  • studio: hide add-to-release option for archived scheduled drafts (#12628) (1c3a0c6)

5.30.0 (2026-06-03)

Bug Fixes

  • authStore: resolve dual-mode SSO login loop (#12933) (2ae1370)
  • deps: update dependency @​sanity/cli to ^6.7.1 (#12928) (df8fc74)

5.29.0 (2026-06-02)

Features

Bug Fixes

  • core: respect parent array field initialValue over member fields (#12914) (46f9caa)
  • deps: update dependency @​sanity/cli to ^6.7.0 (#12924) (3fa8dc5)
  • form: revert dataset aclMode check for plain asset previews (#12913) (34982cf)

... (truncated)

Commits
  • 1cd4e22 chore(release): publish v5.31.1 (#13022)
  • ec87ab7 fix(core): revert use schema preview selection for search (#13029)
  • ca4657e fix(core): exclude dereference paths from groq2024 score boosts (#13027)
  • 0d909dd chore(release): publish v5.31.0 (#12936)
  • 009b7e0 chore(deps): update dependency vitest-package-exports to ^1.2.0 (#12995)
  • 9bb4386 test(form): align modal width helper test with new default width (#13004)
  • 0fe037d fix(deps): Update sentry-javascript monorepo to ^8.55.2 (#13002)
  • 88044db fix(deps): update dependency motion to ^12.40.0 (#13001)
  • 29317c1 chore(deps): update testing-library monorepo to ^16.3.2 (#12998)
  • 4759a41 chore(deps): update dependency tsx to ^4.22.4 (#12993)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [js-yaml](https://github.com/nodeca/js-yaml) to 4.3.0 and updates ancestor dependency [sanity](https://github.com/sanity-io/sanity/tree/HEAD/packages/sanity). These dependencies need to be updated together.


Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `sanity` from 5.24.0 to 5.31.1
- [Release notes](https://github.com/sanity-io/sanity/releases)
- [Changelog](https://github.com/sanity-io/sanity/blob/v5.31.1/packages/sanity/CHANGELOG.md)
- [Commits](https://github.com/sanity-io/sanity/commits/v5.31.1/packages/sanity)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: sanity
  dependency-version: 5.31.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants