Update dependency js-toml to v1.1.2 #25

Merged

MarkerBot merged 1 commit from renovate/js-toml-1.x-lockfile into main

2026-05-28 00:01:20 -07:00

MarkerBot commented

2026-05-28 00:00:58 -07:00

Member

This PR contains the following updates:

Package	Change	Age	Confidence
js-toml	`1.1.1` → `1.1.2`

Release Notes

sunnyadn/js-toml (js-toml)

`v1.1.2`

Compare Source

Security

Fix silent acceptance of duplicate keys whose prior value is a falsy primitive (false, 0, 0.0, -0.0, nan, "") (GHSA-m34p-749j-x6m6, CWE-697). The interpreter used a truthy existence check (if (object[key])) instead of key in object, so a later table, dotted-key sub-table, or array-of-tables sharing the same name silently overwrote the falsy value instead of raising a duplicate-key error. Reported by @CosmicCrusader23.

Fixed

Reject array-of-tables headers ([[a.b]]) that descend into a statically-defined array. getOrCreateArray lacked the immutability guard that createTable had, so such input either threw an uncaught TypeError or silently mutated the static array instead of raising SyntaxParseError.

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [js-toml](https://github.com/sunnyadn/js-toml) | [`1.1.1` → `1.1.2`](https://renovatebot.com/diffs/npm/js-toml/1.1.1/1.1.2) | ![age](https://developer.mend.io/api/mc/badges/age/npm/js-toml/1.1.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/js-toml/1.1.1/1.1.2?slim=true) | --- ### Release Notes <details> <summary>sunnyadn/js-toml (js-toml)</summary> ### [`v1.1.2`](https://github.com/sunnyadn/js-toml/blob/HEAD/CHANGELOG.md#112---2026-05-28) [Compare Source](https://github.com/sunnyadn/js-toml/compare/v1.1.1...v1.1.2) ##### Security - Fix silent acceptance of duplicate keys whose prior value is a falsy primitive (`false`, `0`, `0.0`, `-0.0`, `nan`, `""`) ([GHSA-m34p-749j-x6m6](https://github.com/sunnyadn/js-toml/security/advisories/GHSA-m34p-749j-x6m6), CWE-697). The interpreter used a truthy existence check (`if (object[key])`) instead of `key in object`, so a later table, dotted-key sub-table, or array-of-tables sharing the same name silently overwrote the falsy value instead of raising a duplicate-key error. Reported by [@CosmicCrusader23](https://github.com/CosmicCrusader23). ##### Fixed - Reject array-of-tables headers (`[[a.b]]`) that descend into a statically-defined array. `getOrCreateArray` lacked the immutability guard that `createTable` had, so such input either threw an uncaught `TypeError` or silently mutated the static array instead of raising `SyntaxParseError`. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

MarkerBot added 1 commit

2026-05-28 00:00:58 -07:00

Update dependency js-toml to v1.1.2

ci/woodpecker/push/build Pipeline was successful

Details

ci/woodpecker/pr/build Pipeline was successful

Details

ci/woodpecker/pull_request_closed/build Pipeline was successful

Details

bc31d5fb53

MarkerBot scheduled this pull request to auto merge when all checks succeed

2026-05-28 00:00:58 -07:00