chore(deps-dev): bump the npm-dependencies group with 35 updates

[dependabot]

Bumps the npm-dependencies group with 35 updates:

Package	From	To
@apidevtools/json-schema-ref-parser	11.9.3	15.3.5
@bazel/bazelisk	1.26.0	1.28.1
@bazel/ibazel	0.25.0	0.28.0
@redocly/cli	1.34.0	2.31.6
@semantic-release/exec	6.0.3	7.1.0
@semantic-release/npm	9.0.2	13.1.5
@types/node	17.0.45	25.9.1
@types/unist	2.0.11	3.0.3
axios	0.27.2	1.17.0
dir-compare	4.2.0	5.0.0
glob	8.1.0	13.0.6
js-yaml	4.1.1	4.2.0
jsonpath-plus	6.0.1	10.4.0
mdast-util-from-markdown	0.8.5	2.0.3
mdast-util-gfm	0.1.2	3.1.0
micromark-extension-gfm	0.3.3	3.0.0
openapi-examples-validator	6.0.3	7.1.0
openapi-to-postmanv2	5.7.0	6.0.1
postman-code-generators	1.14.2	2.1.1
postman-collection	4.5.0	5.3.0
prettier	2.8.8	3.8.3
query-string	7.1.3	9.4.0
remark-gfm	1.0.0	4.0.1
remark-html	13.0.2	16.0.1
remark-parse	9.0.0	11.0.0
remark-stringify	9.0.1	11.0.0
rimraf	6.1.2	6.1.3
slugify	1.6.6	1.6.9
tar	6.2.1	7.5.16
tar-stream	3.1.7	3.2.0
tmp	0.2.5	0.2.7
typescript	5.6.2	6.0.3
unified	9.2.2	11.0.5
yaml	2.8.2	2.9.0
yargs	17.7.2	18.0.0

Updates @apidevtools/json-schema-ref-parser from 11.9.3 to 15.3.5

Release notes

Sourced from @​apidevtools/json-schema-ref-parser's releases.

v15.3.5

15.3.5 (2026-03-30)

Bug Fixes

• edge: fix some edge cases and add more tests (df7967e)

v15.3.4

15.3.4 (2026-03-27)

Reverts

• Revert "fix: support 2020-12 anchors and ref siblings" (f26d8c7)

v15.3.3

15.3.3 (2026-03-26)

Bug Fixes

• support 2020-12 anchors and ref siblings (f3f7e35), closes #145 #419

v15.3.2

15.3.2 (2026-03-23)

Bug Fixes

• ref: pass original ref (889e69e)

v15.3.1

15.3.1 (2026-02-28)

Bug Fixes

• resolve multiple open issues (#349, #355, #392) and add regression tests (#415) (6e19cd9), closes #384 #403

v15.3.0

15.3.0 (2026-02-28)

Bug Fixes

• resolve ESLint errors (#410) (0fd077b)
• resolve multiple dereference and bundle issues (#338, #370, #395) (#409) (cd9737c)

... (truncated)

Commits

• fddef8a versions and tests
• ecea9d5 test
• c81b48f normalize path
• df7967e fix(edge): fix some edge cases and add more tests
• f249657 only test on lts and current
• ba43eb8 chore(deps): deps bump
• f26d8c7 Revert "fix: support 2020-12 anchors and ref siblings"
• f3f7e35 fix: support 2020-12 anchors and ref siblings
• c355f09 fix tests
• 889e69e fix(ref): pass original ref
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​apidevtools/json-schema-ref-parser since your current version.

Updates @bazel/bazelisk from 1.26.0 to 1.28.1

Release notes

Sourced from @​bazel/bazelisk's releases.

v1.28.1

Bazelisk v1.28.1 comes with a bug fix:

Bug Fixes & Improvements (Go)

• Fix selection of wrapper scripts on Windows (bazelbuild/bazelisk#762).

We’d like to thank our amazing contributor @​valco1994!

v1.28.0

Bazelisk v1.28.0 comes with a new feature and several improvements:

New Features (Go)

• Bazelisk now supports OS/architecture-specific Bazel wrappers (bazelbuild/bazelisk#696).

Bug Fixes & Improvements (Go)

• Properly handle $PATH values containing a = (bazelbuild/bazelisk#720).
• $BAZELISK_BASE_URL: append rc suffix for release candidates (bazelbuild/bazelisk#722).
• Fixed handling of powershell and batch wrappers (bazelbuild/bazelisk#732).
• Updated completion script filename for fish shell (bazelbuild/bazelisk#733).
• $BAZELISK_BASE_URL: added a regression test (bazelbuild/bazelisk#734).
• Docs now mention installation via mise (bazelbuild/bazelisk#739).
• Properly detect rolling release version in a rare edge case. (bazelbuild/bazelisk#745).
• Improved error when completion command is not supported (bazelbuild/bazelisk#747).
• Report a proper exit code when Bazel is terminated by a signal and use exec for bazelisk run on Unix (bazelbuild/bazelisk#757).

Bug Fixes & Improvements (JavaScript)

• Wait for graceful exit of child process during shutdown (bazelbuild/bazelisk#730).

We’d like to thank our amazing contributors @​cerisier, @​chrisirhc, @​hagl, @​jmmv, @​jwnimmer-tri, @​jylenhof, @​oxidase and @​valco1994!

v1.27.0

Bazelisk v1.27.0 comes with a few improvements:

New Features (Go)

• Bazelisk now offers the bazelisk completion bash/fish command to print shell completion scripts for the current Bazel version (bazelbuild/bazelisk#706).

Bug Fixes & Improvements (Go)

• Allow --bisect to be interrupted (bazelbuild/bazelisk#692).

We’d like to thank our amazing contributors @​chenrui333, @​fmeum, @​jln-ho, @​kolloch and @​thii!

Commits

• 1e6aaf1 Fix wrappers issues in Bazelisk 1.28.0 on Windows (#762)
• 166e156 Report a proper exit code when Bazel is terminated by signal and use exec o...
• b1bce1b Upgrade bazel_dep dependencies and .bazelversion (#752)
• c10812c Improve error when completion is not supported (#747)
• d502081 docs(installation): add mise alternative method installation (#739)
• 239f342 Correctly detect rolling release in rare edge case (#745)
• 1fe6057 Bump golang.org/x/term from 0.36.0 to 0.37.0 (#740)
• 49f0b12 Properly handle powershell and batch wrappers (#732)
• ffde42c Change completion script name from 'gh' to 'bazel' (#733)
• 6dde358 Add BAZELISK_BASE_URL regression test (#734)
• Additional commits viewable in compare view

Updates @bazel/ibazel from 0.25.0 to 0.28.0

Updates @redocly/cli from 1.34.0 to 2.31.6

Release notes

Sourced from @​redocly/cli's releases.

@​redocly/cli@​2.31.6

Patch Changes

• Fixed lint --format=checkstyle to produce a single combined XML document when multiple APIs are passed to the command, instead of concatenated per-file documents.
• Updated redoc to v2.5.3, styled-components to v6.4.2, and react to v19.2.7.
• Updated @​redocly/openapi-core to v2.31.6.

@​redocly/cli@​2.31.5

Patch Changes

• Updated the no-unused-components rule to validate unused security schemes.

• Pinned the official Docker image base to node:24-alpine.

• Fixed the remove-unused-components decorator to remove unused security schemes.

  Warning: The bundler may now remove more unused components than before.

• Updated @​redocly/openapi-core to v2.31.5.

@​redocly/cli@​2.31.4

Patch Changes

• Updated @​redocly/openapi-core to v2.31.4.

@​redocly/cli@​2.31.3

Patch Changes

• Fixed an issue where the Respect command did not honor the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables when loading remote source descriptions or resolving external $refs. Proxy settings are consistently applied during reference resolution as well.
• Updated @​redocly/openapi-core to v2.31.3.

@​redocly/cli@​2.31.2

Patch Changes

• Fixed the remove-unused-components decorator to remove unused components containing allOf keyword.

  Warning: The bundler may now remove more unused components than before.

• Fixed the no-unused-components rule to highlight unused schemas containing allOf keyword.

• Updated @​redocly/openapi-core to v2.31.2.

@​redocly/cli@​2.31.1

Patch Changes

• Updated @​redocly/openapi-core to v2.31.1.

@​redocly/cli@​2.31.0

Patch Changes

... (truncated)

Commits

• 7a26299 chore: 🔖 release new versions (#2847)
• 7b5e572 chore(cli): update redoc to v2.5.3 (#2842)
• 296e029 fix(cli): lint with multiple api files results in invalid output (#2744)
• d7e0b7a chore: add e2e tests for security propagation during join (#2827)
• 1146d8b chore(deps): bump vitest and @​vitest/coverage-istanbul to v4.1.8 (#2846)
• 0b51bad chore: improve performance benchmark (#2816)
• 7d01f5d chore: add reference links for common build-in rules (#2839)
• a87dc62 chore: 🔖 release new versions (#2840)
• 8ac6790 fix: pin specific nodejs version in dockerfile (#2841)
• ba8ac4c fix(core): validate/remove unused securitySchemes and securityDefinitions cor...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​redocly/cli since your current version.

Updates @semantic-release/exec from 6.0.3 to 7.1.0

Release notes

Sourced from @​semantic-release/exec's releases.

v7.1.0

7.1.0 (2025-05-09)

Features

• error: print more useful error for non-process failure (#449) (a285bc5)

v7.0.3

7.0.3 (2025-02-03)

Bug Fixes

• deps: update dependency execa to v9 (643e2eb)

v7.0.2

7.0.2 (2025-02-01)

Bug Fixes

• deps: update dependency @​semantic-release/error to v4 (#353) (471f963)

v7.0.1

7.0.1 (2025-02-01)

Bug Fixes

• deps: update dependency parse-json to v8 (#394) (080440f)

v7.0.0

7.0.0 (2025-01-31)

Features

• ES Module (#411) (b4462db)

BREAKING CHANGES

• the minimum required version of semantic-release to use @semantic-release/exec is now v24.1.0; the warn logger method/function is now available to use in plugin

• @semantic-release/exec is now a native ES Module. It has named exports for each plugin hook (verifyConditions, analyzeCommits, verifyRelease, generateNotes, prepare, publish, addChannel, success, fail)

... (truncated)

Commits

• a285bc5 feat(error): print more useful error for non-process failure (#449)
• aa1a2bc chore(deps): lock file maintenance (#451)
• b0dc7ab chore(deps): update dependency ava to v6.3.0 (#450)
• 93bf408 chore(deps): lock file maintenance (#448)
• 0e70c6f chore(deps): lock file maintenance (#446)
• e643dc3 ci(action): update actions/setup-node action to v4.4.0 (#445)
• a08859e chore(deps): lock file maintenance (#444)
• da1754e chore(deps): lock file maintenance (#443)
• 72668cc chore(deps): lock file maintenance (#442)
• 3c6a8a9 chore(deps): update dependency sinon to v20 (#441)
• Additional commits viewable in compare view

Updates @semantic-release/npm from 9.0.2 to 13.1.5

Release notes

Sourced from @​semantic-release/npm's releases.

v13.1.5

13.1.5 (2026-03-01)

Bug Fixes

• deps: update dependency normalize-url to v9 (#1095) (daec492)

v13.1.4

13.1.4 (2026-02-06)

Bug Fixes

• deps: update dependency @​actions/core to v3 (#1085) (17abfe1)

v13.1.3

13.1.3 (2025-12-12)

Bug Fixes

• deps: update dependency @​actions/core to v2 (#1055) (fa4a3ab)

v13.1.2

13.1.2 (2025-11-14)

Bug Fixes

• deps: update dependency read-pkg to v10 (#1032) (f3f1a00)

v13.1.1

13.1.1 (2025-10-19)

Bug Fixes

• publish-dry-run: temporarily remove the addition of dry-running the publish step (30bd176)

v13.1.0

13.1.0 (2025-10-19)

Features

• trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #958
• trusted-publishing: refine the messages for related errors (316ce21), closes #958
• trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #958
• trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #958
• trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #958

... (truncated)

Commits

• daec492 fix(deps): update dependency normalize-url to v9 (#1095)
• af8362f chore(deps): update dependency strip-ansi to v7.2.0 (#1098)
• 7354e11 chore(deps): update node.js to v24 (#1027)
• 2c4d2c9 chore(deps): update npm to v11.11.0 (#1097)
• 95ba689 chore(deps): update dependency c8 to v11 (#1096)
• 5d32912 chore(deps): update npm to v11.10.1 (#1094)
• 54f908c chore(deps): lock file maintenance (#1093)
• 91e1f14 chore(deps): update npm to v11.10.0 (#1092)
• 0d7d37e chore(deps): lock file maintenance (#1089)
• c5411cc chore(deps): update npm to v11.9.0 (#1088)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​semantic-release/npm since your current version.

Updates @types/node from 17.0.45 to 25.9.1

Commits

• See full diff in compare view

Updates @types/unist from 2.0.11 to 3.0.3

Commits

• See full diff in compare view

Updates axios from 0.27.2 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
• Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
• Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
• Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
• Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
• Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

• HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
• Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
• CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
• Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
• Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
• Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​BasixKOR (#6792)
• @​carladams1299-lab (#10861)
• @​LaplaceYoung (#10812)
• @​JamieMagee (#10939)
• @​RonGamzu (#10905)
• @​sapirbaruch (#10891)
• @​nezukoagent (#10901)
• @​devareddy05 (#10929)
• @​Mohammad-Faiz-Cloud-Engineer (#10922)
• @​azandabot (#10931)
• @​niksy (#10896)

Full Changelog

... (truncated)

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
• Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
• Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
• Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
• Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
• Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

• HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
• Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
• CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
• Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
• Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
• Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​BasixKOR (#6792)
• @​carladams1299-lab (#10861)
• @​LaplaceYoung (#10812)
• @​JamieMagee (#10939)
• @​RonGamzu (#10905)
• @​sapirbaruch (#10891)
• @​nezukoagent (#10901)
• @​devareddy05 (#10929)
• @​Mohammad-Faiz-Cloud-Engineer (#10922)
• @​azandabot (#10931)
• @​niksy (#10896)

Full Changelog

... (truncated)

Commits

• 4306df2 chore: add fun 88 sponsorship
• 931cc8f chore(release): prepare release 1.17.0 (#10983)
• 38ba1b3 fix(fetch): support basic auth from URL (#10896)
• 32e2515 fix: replace ternary side effect in script (#10931)
• 030e722 chore(deps): bump axios from 1.15.2 to 1.16.1 in /docs (#10960)
• ec63164 chore: remove openspec (#10958)
• 3dec28f fix(http): preserve TLS options for proxy tunnels (#10957)
• a2390a5 fix: correct isCancel type to narrow to CanceledError<T> (#10952)
• fa01b92 chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /docs (#10954)
• 2d2314a fix: AxiosHeaders toJSON() return types (#10956)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates dir-compare from 4.2.0 to 5.0.0

Release notes

Sourced from dir-compare's releases.

v5.0.0

Breaking changes: * skipSubdirs option has slightly different behavior. More details in #77

Commits

• 5473f4a 5.0.0
• 01e0132 Correct skipSubdirs option #77
• See full diff in compare view

Updates glob from 8.1.0 to 13.0.6

Changelog

Sourced from glob's changelog.

changeglob

13

• Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

• Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

• Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)
• Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.
• Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

• Drop support for node before v20

10.4

• Add includeChildMatches: false option
• Export the Ignore class

10.3

• Add --default -p flag to provide a default pattern
• exclude symbolic links to directories when follow and nodir are both set

10.2

• Add glob cli

10.1

• Return '.' instead of the empty string '' when the current working directory is returned as a match.
• Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

• e80cb38 13.0.6
• 9cdbbff revert tsgo, not ready for test coverage correctness yet
• 89c99ba use tsgo compiler
• b7275d5 update deps, expand engines to include node 18
• 942e360 update workflows, pull taprc out of package.json
• 4a0d53c update tap for mockImport bugfix
• ef94ad2 update tap
• 180c2d4 update docs
• 37993c8 remove stray console.error in test
• 03ae4c2 13.0.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

• Added docs/safety.md with notes about processing untrusted YAML.
• Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
• Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
• Added sourcemaps to dist/ builds.

Changed

• Stop resolving numbers with underscores as numeric scalars, #627.
• Switched dev toolchains to Vite / neostandard.
• Updated demo.
• Reorganized tests.
• dist/ files are no longer kept in the repository.

Fixed

• Fix parsing of properties on the first implicit block mapping key, #62.
• Fix trailing whitespace handling when folding flow scalar lines, #307.
• Reject top-level block scalars without content indentation, #280...

  Description has been truncated

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}