Skip to content

chore(deps): update dependency yamldotnet to 17.1.0#2546

Merged
thomhurst merged 1 commit into
mainfrom
renovate/yamldotnet-17.x
Apr 28, 2026
Merged

chore(deps): update dependency yamldotnet to 17.1.0#2546
thomhurst merged 1 commit into
mainfrom
renovate/yamldotnet-17.x

Conversation

@thomhurst
Copy link
Copy Markdown
Owner

@thomhurst thomhurst commented Apr 28, 2026

This PR contains the following updates:

Package Change Age Confidence
YamlDotNet (source) 17.0.117.1.0 age confidence

Release Notes

aaubry/YamlDotNet (YamlDotNet)

v17.1.0: Release 17.1.0

What's Changed

  • Security improvements by @​EdwardCooke in #​1102
    There was a potential breaking change for large yaml files in the MergingParser. You may need to specify the optional parameter for maximum events to be processed. It default to 100k events which is a very large yaml file.

Full Changelog: aaubry/YamlDotNet@v17.0.0...v17.1.0

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@thomhurst thomhurst added dependencies Pull requests that update a dependency file MINOR renovate-bot labels Apr 28, 2026
@thomhurst thomhurst enabled auto-merge (squash) April 28, 2026 21:28
claude[bot]
claude Bot reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Update Review: YamlDotNet 17.0.1 → 17.1.0

This is a routine Renovate-managed minor version bump. The change looks good overall.

What's in this update

The 17.1.0 release contains security improvements in the MergingParser, which is a welcome upgrade. The release notes flag a potential breaking change: the MergingParser now imposes a default limit of 100k events when processing YAML to guard against large/malicious inputs. Callers that previously processed very large YAML files via MergingParser without specifying a limit may be affected.

Codebase Impact

I checked the codebase — MergingParser is not used anywhere in this repo. The only YamlDotNet usage is via DeserializerBuilder in src/ModularPipelines/Context/Yaml.cs, which is unaffected by this change. No risk of the breaking change applying here.

Verdict

✅ Safe to merge. The security improvement is a net positive with no impact on the existing usage patterns in this repo.

@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented Apr 28, 2026

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric Results
Complexity 0 (≤ 20 complexity)

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@thomhurst thomhurst merged commit 7c11508 into main Apr 28, 2026
12 checks passed
@thomhurst thomhurst deleted the renovate/yamldotnet-17.x branch April 28, 2026 21:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file MINOR renovate-bot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thomhurst @renovate-bot