Skip to content

Bump js-yaml, sanity and next-sanity#57

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-178a2ecb4c
Open

Bump js-yaml, sanity and next-sanity#57
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-178a2ecb4c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps js-yaml to 4.3.0 and updates ancestor dependencies js-yaml, sanity and next-sanity. These dependencies need to be updated together.

Updates js-yaml from 4.1.1 to 4.3.0

Changelog

Sourced from js-yaml's changelog.

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.

... (truncated)

Commits
  • 33d05b5 4.3.0 released
  • 663bfab Drop demo publish, to not override new v5 one.
  • 1cb8c7b Add v4-legacy tag for publish
  • 02f27af Restore umd builds back to es5
  • 8be84ed Fix es5 compatibility
  • 59423c6 Replace maxMergeSeqLength option with maxTotalMergeKeys (more robust). Ba...
  • 6842ef6 doc polish
  • 590dbab 4.2.0 released
  • f944dc5 Add package.json funding field
  • f692719 Changelog update
  • Additional commits viewable in compare view

Updates sanity from 4.22.0 to 6.4.0

Release notes

Sourced from sanity's releases.

v6.4.0

Sanity Studio v6.4.0

This release includes various improvements and bug fixes.

For the complete changelog with all details, please visit: www.sanity.io/changelog/studio-Ni4zLjA

Install or upgrade Sanity Studio

To upgrade to this version, run:

npm install sanity@latest

To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.

📓 Full changelog

Author Message Commit
squiggler-app[bot] chore(deps): update dependency @​sanity/visual-editing-csm to ^3.0.10 (#13417) 1038d73d3cd917266b982adb8b0c88a3811b0b46
squiggler-app[bot] chore(deps): update dependency @​sanity/functions to v1.4.0 (#13423) 7a8c0dd73665b96a9f7c753586c6cee3b7b16660
squiggler-app[bot] fix(deps): update portabletext (#13441) 064bb1115686aaefd77bab4bca33bb0b21077756
squiggler-app[bot] chore(deps): update dependency turbo to ^2.10.1 (#13425) f8ae2cf503a1c25b12bff324c3721c9b87f69bc4
squiggler-app[bot] fix(deps): update linters (#13422) e512bbbb07fc7eff1ec9e255eb2b2891bd9ab344
@​pedrobonamin fix(core): updates array i18n efps test to use langauge (#13436) b716a60913da69c1c185cf0579c7c961179f48a0
@​stipsan fix(core): allow pasting references to documents that only exist in a release (#13399) 8072fbc714fcc924928d76f71fcb54c86ff33853
@​bjoerge fix(sanity): delegate document pair snapshot fetch failures to the re… (#13432) 03cf5d0127838b9d5ca0a0a287e9ef586912179f
@​pedrobonamin refactor(variants): use sanity::partOfVariant for document queries (#13430) d4a12a831e56799651c993cf47536f0b82defada
@​stipsan refactor(sanity): replace classnames with clsx (#13415) 20d3e7263ca21b3aa14a4bb58e4e427dc3009de0
@​juice49 test(efps): improve caret handling (#13435) af7d569f2b7ebbdb480994bd6ed17b4209d820dd
@​juice49 test(efps): improve pte measurement stability (#13435) aef1605a16633d1ac2dfb7219a97b5181cab434e
@​juice49 test(efps): harden event matching when measuring fps in input and pte (#13435) de3416b91f903981d3e0eeaf61f6a7a103dbd8f2
@​juice49 chore(sanity): expose agent bundle store directly (#13388) a9f60796d77d24305796babedab740cd3f29144f
@​juice49 chore(sanity): correct type name (#13388) 5b995f61ade803286b8b335d0810e6d1926e74d2
@​juice49 chore(sanity): add agent bundle data to document group inventory machine (#13388) ad42526e389f17471e8bc5b5a66dd23aa2570899
@​juice49 chore(sanity): filter agent bundles in document group inventory (#13388) 2a8e8d7b28ac53121d1d74d0ae8047ba78d597da
@​juice49 chore(sanity): include user's most recent agent bundle in document group inventory (#13388) 0487621abd4870217216c651b95972592a30d9c1
@​bjoerge fix(sanity): delegate grants request errors to request error handler (#13427) f1a0341952300b91d6daed1049c7d057cc82555f
@​juice49 test(sanity): mock timers in observeVersionDocumentIds to fix flakiness (#13431) 88d60cbec4d5f4fab76e8439d7b5d276ae16e11f
@​stipsan fix(core): draw change connector when hovering image and file diffs (#13428) 028ff9373c285197ca00e591358c0fd6baa1676d
squiggler-app[bot] chore(deps): dedupe pnpm-lock.yaml (#13416) 2af7031277d70ba8646a8c5904e72be2149737c0
squiggler-app[bot] chore(deps): update dependency @​sanity/media-library-types to ^1.5.0 (#13413) f253ff7dd65f374a5e9d77994e2889855c823b84
squiggler-app[bot] chore(deps): update dependency @​vanilla-extract/css to ^1.21.1 (#13412) ce7caccdd691de11ad469a0780f95f1f5f392f70
@​stipsan fix(sanity): clear change connectors when review changes panel closes (#13402) b1c42e45cf45693d1d2ffc87e11995953dd0d829
@​bjoerge fix(releases): make virtualized table rows visible in Safari (#13414) e83ba05367f834306ea0b70ca6ad58cf66770e79
@​bjoerge fix(core): only cancel commits for known-terminal client errors (#13396) e38afdcb3198b6cc6b7184068be7143a537f4f39
squiggler-app[bot] chore(deps): dedupe pnpm-lock.yaml (#13385) 0e0ad3dedea513b6254009acc66f619e52af9521

... (truncated)

Changelog

Sourced from sanity's changelog.

6.4.0 (2026-07-07)

Features

Bug Fixes

  • core: allow pasting references to documents that only exist in a release (#13399) (8072fbc)
  • core: draw change connector when hovering image and file diffs (#13428) (028ff93)
  • core: force logout only on 401s tagged as session expiry (#13394) (ef537bc)
  • core: only cancel commits for known-terminal client errors (#13396) (e38afdc)
  • deps: update dependency @​sanity/cli to ^7.5.0 (#13389) (24bce9d)
  • deps: update dependency @​sanity/icons to ^3.7.6 (#13384) (260a282)
  • deps: update dependency @​sanity/icons to v5 (#13409) (f788296)
  • deps: update dependency react-rx to ^4.2.3 (#13405) (10d1a5a)
  • deps: update portabletext (#13441) (064bb11)
  • portable-text: collect form members at any depth (e8af647)
  • portable-text: key the element-ref registry by full path (7ebc0ec)
  • portable-text: resolve render-callback schema types by path (4b785dc)
  • portable-text: track focus into nested-container blocks (4c6e970)
  • releases: make virtualized table rows visible in Safari (#13414) (e83ba05)
  • sanity: clear change connectors when review changes panel closes (#13402) (b1c42e4)
  • sanity: clip document group inventory border (e3e1245)
  • sanity: delegate document pair snapshot fetch failures to the re… (#13432) (03cf5d0)
  • sanity: delegate grants request errors to request error handler (#13427) (f1a0341)

Performance Improvements

6.3.0 (2026-06-30)

Features

  • core: add document delete references telemetry (#13235) (b68b358)
  • core: re-add bundle.css export via conditional exports (#13322) (d0ce99f)
  • portable-text: render Studio PT through the defineX catch-all pipeline (e7c1bf4)

Bug Fixes

... (truncated)

Commits
  • a1db8fa chore(release): publish v6.4.0 (#13379)
  • 1038d73 chore(deps): update dependency @​sanity/visual-editing-csm to ^3.0.10 (#13417)
  • 064bb11 fix(deps): update portabletext (#13441)
  • 8072fbc fix(core): allow pasting references to documents that only exist in a release...
  • 03cf5d0 fix(sanity): delegate document pair snapshot fetch failures to the re… (#13432)
  • d4a12a8 refactor(variants): use sanity::partOfVariant for document queries (#13430)
  • 20d3e72 refactor(sanity): replace classnames with clsx (#13415)
  • 0487621 chore(sanity): include user's most recent agent bundle in document group inve...
  • 2a8e8d7 chore(sanity): filter agent bundles in document group inventory
  • ad42526 chore(sanity): add agent bundle data to document group inventory machine
  • Additional commits viewable in compare view

Updates next-sanity from 11.6.12 to 11.6.13

Release notes

Sourced from next-sanity's releases.

next-sanity@11.6.13

What's Changed

Full Changelog: sanity-io/next-sanity@next-sanity-v11.6.12...next-sanity-v11.6.13

Changelog

Sourced from next-sanity's changelog.

11.6.13 (2026-04-14)

Bug Fixes

Allow sanity v5 as a peer dependency.

Commits
  • 8c717de fix: allow sanity v5 as a peer dependency
  • aa961b7 chore: downgrade to sanity V4
  • 9a0a75c fix(deps)!: update sanity monorepo to v5 (main) (major) (#3077)
  • See full diff in compare view
Attestation changes

This version has no provenance attestation, while the previous version (11.6.12) was attested. Review the package versions before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [js-yaml](https://github.com/nodeca/js-yaml) to 4.3.0 and updates ancestor dependencies [js-yaml](https://github.com/nodeca/js-yaml), [sanity](https://github.com/sanity-io/sanity/tree/HEAD/packages/sanity) and [next-sanity](https://github.com/sanity-io/next-sanity/tree/HEAD/packages/next-sanity). These dependencies need to be updated together.


Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `sanity` from 4.22.0 to 6.4.0
- [Release notes](https://github.com/sanity-io/sanity/releases)
- [Changelog](https://github.com/sanity-io/sanity/blob/main/packages/sanity/CHANGELOG.md)
- [Commits](https://github.com/sanity-io/sanity/commits/v6.4.0/packages/sanity)

Updates `next-sanity` from 11.6.12 to 11.6.13
- [Release notes](https://github.com/sanity-io/next-sanity/releases)
- [Changelog](https://github.com/sanity-io/next-sanity/blob/next-sanity-v11.6.13/packages/next-sanity/CHANGELOG.md)
- [Commits](https://github.com/sanity-io/next-sanity/commits/next-sanity-v11.6.13/packages/next-sanity)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: sanity
  dependency-version: 6.4.0
  dependency-type: direct:production
- dependency-name: next-sanity
  dependency-version: 11.6.13
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants