This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-website.git
The following commit(s) were added to refs/heads/main by this push:
new d4d3977e chore: upgrade glob and js-yaml to fix security advisories
(#1660)
d4d3977e is described below
commit d4d3977e62ebf760101b74a90af37bee55b61e29
Author: Claus Ibsen <[email protected]>
AuthorDate: Mon Jun 15 21:04:33 2026 +0200
chore: upgrade glob and js-yaml to fix security advisories (#1660)
* chore: upgrade glob and js-yaml to fix security advisories
Co-Authored-By: Claude Opus 4.6 <[email protected]>
* chore: update antora-ui-camel yarn.lock for js-yaml 4.x
Co-Authored-By: Claude Opus 4.6 <[email protected]>
* chore: dedupe js-yaml and minipass in lockfiles
Co-Authored-By: Claude Opus 4.6 <[email protected]>
---------
Co-authored-by: Claude Opus 4.6 <[email protected]>
---
.../gulp.d/tasks/build-preview-pages.js | 2 +-
antora-ui-camel/package.json | 2 +-
antora-ui-camel/yarn.lock | 12 +--
package.json | 4 +-
yarn.lock | 116 ++++++++++-----------
5 files changed, 63 insertions(+), 73 deletions(-)
diff --git a/antora-ui-camel/gulp.d/tasks/build-preview-pages.js
b/antora-ui-camel/gulp.d/tasks/build-preview-pages.js
index e6dd5444..1737c141 100644
--- a/antora-ui-camel/gulp.d/tasks/build-preview-pages.js
+++ b/antora-ui-camel/gulp.d/tasks/build-preview-pages.js
@@ -75,7 +75,7 @@ module.exports = (src, previewSrc, previewDest, sink = () =>
map()) => (done) =>
)
function loadSampleUiModel (src) {
- return fs.readFile(ospath.join(src, 'ui-model.yml'), 'utf8').then((contents)
=> yaml.safeLoad(contents))
+ return fs.readFile(ospath.join(src, 'ui-model.yml'), 'utf8').then((contents)
=> yaml.load(contents))
}
function registerPartials (src) {
diff --git a/antora-ui-camel/package.json b/antora-ui-camel/package.json
index 034535c6..47527ce7 100644
--- a/antora-ui-camel/package.json
+++ b/antora-ui-camel/package.json
@@ -51,7 +51,7 @@
"gulp-terser": "^1.2.0",
"handlebars": "^4.7.9",
"highlight.js": "~11",
- "js-yaml": "~3.14.2",
+ "js-yaml": "^4.2.0",
"merge-stream": "~2.0",
"plugin-error": "~1.0",
"postcss-calc": "~7.0",
diff --git a/antora-ui-camel/yarn.lock b/antora-ui-camel/yarn.lock
index 83bf4db9..fb6d2648 100644
--- a/antora-ui-camel/yarn.lock
+++ b/antora-ui-camel/yarn.lock
@@ -1017,7 +1017,7 @@ __metadata:
gulp-terser: "npm:^1.2.0"
handlebars: "npm:^4.7.9"
highlight.js: "npm:~11"
- js-yaml: "npm:~3.14.2"
+ js-yaml: "npm:^4.2.0"
merge-stream: "npm:~2.0"
plugin-error: "npm:~1.0"
postcss-calc: "npm:~7.0"
@@ -7467,7 +7467,7 @@ __metadata:
languageName: node
linkType: hard
-"js-yaml@npm:^3.13.0, js-yaml@npm:^3.13.1, js-yaml@npm:^3.9.0,
js-yaml@npm:~3.14.2":
+"js-yaml@npm:^3.13.0, js-yaml@npm:^3.13.1, js-yaml@npm:^3.9.0":
version: 3.14.2
resolution: "js-yaml@npm:3.14.2"
dependencies:
@@ -7479,14 +7479,14 @@ __metadata:
languageName: node
linkType: hard
-"js-yaml@npm:^4.1.0, js-yaml@npm:^4.1.1":
- version: 4.1.1
- resolution: "js-yaml@npm:4.1.1"
+"js-yaml@npm:^4.1.0, js-yaml@npm:^4.1.1, js-yaml@npm:^4.2.0":
+ version: 4.2.0
+ resolution: "js-yaml@npm:4.2.0"
dependencies:
argparse: "npm:^2.0.1"
bin:
js-yaml: bin/js-yaml.js
- checksum:
10/a52d0519f0f4ef5b4adc1cde466cb54c50d56e2b4a983b9d5c9c0f2f99462047007a6274d7e95617a21d3c91fde3ee6115536ed70991cd645ba8521058b78f77
+ checksum:
10/51de2067a2b44b07ba5206132e56005f8b568ff279bb4d2f645068958c56fa4827d40a6841c983234671fa0a134bf094d0b0717873c2a3d319185297af145a6d
languageName: node
linkType: hard
diff --git a/package.json b/package.json
index 25909278..ce431610 100644
--- a/package.json
+++ b/package.json
@@ -51,14 +51,14 @@
"chalk": "5.3.0",
"del": "^6.0.0",
"escape-string-regexp": "~2.0",
- "glob": "^11.1.0",
+ "glob": "^13.0.6",
"gulp": "~4.0",
"gulp-cheerio": "~1.0",
"gulp-htmlmin": "~5.0",
"gulp-inject": "^5.0.2",
"html-validate": "^8.9.1",
"hugo-extended": "^0.121.2",
- "js-yaml": "~4.1.1",
+ "js-yaml": "^4.2.0",
"jsdom": "^27.1.0",
"netlify-cli": "17.26.3",
"node-html-parser": "^7.0.1",
diff --git a/yarn.lock b/yarn.lock
index 6fa61da7..60f01c8f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1348,22 +1348,6 @@ __metadata:
languageName: node
linkType: hard
-"@isaacs/balanced-match@npm:^4.0.1":
- version: 4.0.1
- resolution: "@isaacs/balanced-match@npm:4.0.1"
- checksum:
10/102fbc6d2c0d5edf8f6dbf2b3feb21695a21bc850f11bc47c4f06aa83bd8884fde3fe9d6d797d619901d96865fdcb4569ac2a54c937992c48885c5e3d9967fe8
- languageName: node
- linkType: hard
-
-"@isaacs/brace-expansion@npm:^5.0.0":
- version: 5.0.0
- resolution: "@isaacs/brace-expansion@npm:5.0.0"
- dependencies:
- "@isaacs/balanced-match": "npm:^4.0.1"
- checksum:
10/cf3b7f206aff12128214a1df764ac8cdbc517c110db85249b945282407e3dfc5c6e66286383a7c9391a059fc8e6e6a8ca82262fc9d2590bd615376141fbebd2d
- languageName: node
- linkType: hard
-
"@isaacs/cliui@npm:^8.0.2":
version: 8.0.2
resolution: "@isaacs/cliui@npm:8.0.2"
@@ -3820,7 +3804,7 @@ __metadata:
gulp-terser: "npm:^1.2.0"
handlebars: "npm:^4.7.9"
highlight.js: "npm:~11"
- js-yaml: "npm:~3.14.2"
+ js-yaml: "npm:^4.2.0"
merge-stream: "npm:~2.0"
plugin-error: "npm:~1.0"
postcss-calc: "npm:~7.0"
@@ -3892,14 +3876,14 @@ __metadata:
chalk: "npm:5.3.0"
del: "npm:^6.0.0"
escape-string-regexp: "npm:~2.0"
- glob: "npm:^11.1.0"
+ glob: "npm:^13.0.6"
gulp: "npm:~4.0"
gulp-cheerio: "npm:~1.0"
gulp-htmlmin: "npm:~5.0"
gulp-inject: "npm:^5.0.2"
html-validate: "npm:^8.9.1"
hugo-extended: "npm:^0.121.2"
- js-yaml: "npm:~4.1.1"
+ js-yaml: "npm:^4.2.0"
jsdom: "npm:^27.1.0"
netlify-cli: "npm:17.26.3"
node-html-parser: "npm:^7.0.1"
@@ -4555,6 +4539,13 @@ __metadata:
languageName: node
linkType: hard
+"balanced-match@npm:^4.0.2":
+ version: 4.0.4
+ resolution: "balanced-match@npm:4.0.4"
+ checksum:
10/fb07bb66a0959c2843fc055838047e2a95ccebb837c519614afb067ebfdf2fa967ca8d712c35ced07f2cd26fc6f07964230b094891315ad74f11eba3d53178a0
+ languageName: node
+ linkType: hard
+
"base64-js@npm:^1.0.2, base64-js@npm:^1.3.1":
version: 1.5.1
resolution: "base64-js@npm:1.5.1"
@@ -4845,6 +4836,15 @@ __metadata:
languageName: node
linkType: hard
+"brace-expansion@npm:^5.0.5":
+ version: 5.0.6
+ resolution: "brace-expansion@npm:5.0.6"
+ dependencies:
+ balanced-match: "npm:^4.0.2"
+ checksum:
10/a7acf120fefa79e9d7c9c92898114f57c07596a3920197f3c5917e6a628b04220a5f7f9618c30bdd973a6576a32113b99f9c3f1c8245ccc399dd2a9a718d81d8
+ languageName: node
+ linkType: hard
+
"braces@npm:^2.3.1, braces@npm:^2.3.2":
version: 2.3.2
resolution: "braces@npm:2.3.2"
@@ -10386,7 +10386,7 @@ __metadata:
languageName: node
linkType: hard
-"foreground-child@npm:^3.1.0, foreground-child@npm:^3.3.1":
+"foreground-child@npm:^3.1.0":
version: 3.3.1
resolution: "foreground-child@npm:3.3.1"
dependencies:
@@ -11033,19 +11033,14 @@ __metadata:
languageName: node
linkType: hard
-"glob@npm:^11.1.0":
- version: 11.1.0
- resolution: "glob@npm:11.1.0"
+"glob@npm:^13.0.6":
+ version: 13.0.6
+ resolution: "glob@npm:13.0.6"
dependencies:
- foreground-child: "npm:^3.3.1"
- jackspeak: "npm:^4.1.1"
- minimatch: "npm:^10.1.1"
- minipass: "npm:^7.1.2"
- package-json-from-dist: "npm:^1.0.0"
- path-scurry: "npm:^2.0.0"
- bin:
- glob: dist/esm/bin.mjs
- checksum:
10/da4501819633daff8822c007bb3f93d5c4d2cbc7b15a8e886660f4497dd251a1fb4f53a85fba1e760b31704eff7164aeb2c7a82db10f9f2c362d12c02fe52cf3
+ minimatch: "npm:^10.2.2"
+ minipass: "npm:^7.1.3"
+ path-scurry: "npm:^2.0.2"
+ checksum:
10/201ad69e5f0aa74e1d8c00a481581f8b8c804b6a4fbfabeeb8541f5d756932800331daeba99b58fb9e4cd67e12ba5a7eba5b82fb476691588418060b84353214
languageName: node
linkType: hard
@@ -13688,15 +13683,6 @@ __metadata:
languageName: node
linkType: hard
-"jackspeak@npm:^4.1.1":
- version: 4.1.1
- resolution: "jackspeak@npm:4.1.1"
- dependencies:
- "@isaacs/cliui": "npm:^8.0.2"
- checksum:
10/ffceb270ec286841f48413bfb4a50b188662dfd599378ce142b6540f3f0a66821dc9dcb1e9ebc55c6c3b24dc2226c96e5819ba9bd7a241bd29031b61911718c7
- languageName: node
- linkType: hard
-
"jest-get-type@npm:^27.5.1":
version: 27.5.1
resolution: "jest-get-type@npm:27.5.1"
@@ -13773,7 +13759,7 @@ __metadata:
languageName: node
linkType: hard
-"js-yaml@npm:^3.13.0, js-yaml@npm:^3.13.1, js-yaml@npm:~3.14.2":
+"js-yaml@npm:^3.13.0, js-yaml@npm:^3.13.1":
version: 3.14.2
resolution: "js-yaml@npm:3.14.2"
dependencies:
@@ -13785,7 +13771,18 @@ __metadata:
languageName: node
linkType: hard
-"js-yaml@npm:^4.0.0, js-yaml@npm:^4.1.0, js-yaml@npm:^4.1.1, js-yaml@npm:~4.1,
js-yaml@npm:~4.1.1":
+"js-yaml@npm:^4.0.0, js-yaml@npm:^4.1.0, js-yaml@npm:^4.1.1,
js-yaml@npm:^4.2.0":
+ version: 4.2.0
+ resolution: "js-yaml@npm:4.2.0"
+ dependencies:
+ argparse: "npm:^2.0.1"
+ bin:
+ js-yaml: bin/js-yaml.js
+ checksum:
10/51de2067a2b44b07ba5206132e56005f8b568ff279bb4d2f645068958c56fa4827d40a6841c983234671fa0a134bf094d0b0717873c2a3d319185297af145a6d
+ languageName: node
+ linkType: hard
+
+"js-yaml@npm:~4.1":
version: 4.1.1
resolution: "js-yaml@npm:4.1.1"
dependencies:
@@ -15300,12 +15297,12 @@ __metadata:
languageName: node
linkType: hard
-"minimatch@npm:^10.1.1":
- version: 10.1.1
- resolution: "minimatch@npm:10.1.1"
+"minimatch@npm:^10.2.2":
+ version: 10.2.5
+ resolution: "minimatch@npm:10.2.5"
dependencies:
- "@isaacs/brace-expansion": "npm:^5.0.0"
- checksum:
10/110f38921ea527022e90f7a5f43721838ac740d0a0c26881c03b57c261354fb9a0430e40b2c56dfcea2ef3c773768f27210d1106f1f2be19cde3eea93f26f45e
+ brace-expansion: "npm:^5.0.5"
+ checksum:
10/19e87a931aff60ee7b9d80f39f817b8bfc54f61f8356ee3549fbf636dbccacacfec8d803eac73293955c4527cd085247dfc064bce4a5e349f8f3b85e2bf5da0f
languageName: node
linkType: hard
@@ -15431,10 +15428,10 @@ __metadata:
languageName: node
linkType: hard
-"minipass@npm:^5.0.0 || ^6.0.2 || ^7.0.0, minipass@npm:^7.0.2,
minipass@npm:^7.0.3, minipass@npm:^7.1.2":
- version: 7.1.2
- resolution: "minipass@npm:7.1.2"
- checksum:
10/c25f0ee8196d8e6036661104bacd743785b2599a21de5c516b32b3fa2b83113ac89a2358465bc04956baab37ffb956ae43be679b2262bf7be15fce467ccd7950
+"minipass@npm:^5.0.0 || ^6.0.2 || ^7.0.0, minipass@npm:^7.0.2,
minipass@npm:^7.0.3, minipass@npm:^7.1.2, minipass@npm:^7.1.3":
+ version: 7.1.3
+ resolution: "minipass@npm:7.1.3"
+ checksum:
10/175e4d5e20980c3cd316ae82d2c031c42f6c746467d8b1905b51060a0ba4461441a0c25bb67c025fd9617f9a3873e152c7b543c6b5ac83a1846be8ade80dffd6
languageName: node
linkType: hard
@@ -17148,13 +17145,6 @@ __metadata:
languageName: node
linkType: hard
-"package-json-from-dist@npm:^1.0.0":
- version: 1.0.1
- resolution: "package-json-from-dist@npm:1.0.1"
- checksum:
10/58ee9538f2f762988433da00e26acc788036914d57c71c246bf0be1b60cdbd77dd60b6a3e1a30465f0b248aeb80079e0b34cb6050b1dfa18c06953bb1cbc7602
- languageName: node
- linkType: hard
-
"package-json@npm:^8.1.0":
version: 8.1.1
resolution: "package-json@npm:8.1.1"
@@ -17450,13 +17440,13 @@ __metadata:
languageName: node
linkType: hard
-"path-scurry@npm:^2.0.0":
- version: 2.0.1
- resolution: "path-scurry@npm:2.0.1"
+"path-scurry@npm:^2.0.2":
+ version: 2.0.2
+ resolution: "path-scurry@npm:2.0.2"
dependencies:
lru-cache: "npm:^11.0.0"
minipass: "npm:^7.1.2"
- checksum:
10/1e9c74e9ccf94d7c16056a5cb2dba9fa23eec1bc221ab15c44765486b9b9975b4cd9a4d55da15b96eadf67d5202e9a2f1cec9023fbb35fe7d9ccd0ff1891f88b
+ checksum:
10/2b4257422bcb870a4c2d205b3acdbb213a72f5e2250f61c80f79c9d014d010f82bdf8584441612c8e1fa4eb098678f5704a66fa8377d72646bad4be38e57a2c3
languageName: node
linkType: hard
