Bump YamlDotNet from 16.3.0 to 17.1.0

[dependabot]

Updated YamlDotNet from 16.3.0 to 17.1.0.

Release notes

Sourced from YamlDotNet's releases.

17.1.0

What's Changed

• Security improvements by @​EdwardCooke in Security improvements aaubry/YamlDotNet#1102
  There was a potential breaking change for large yaml files in the MergingParser. You may need to specify the optional parameter for maximum events to be processed. It default to 100k events which is a very large yaml file.

Full Changelog: aaubry/YamlDotNet@v17.0.0...v17.1.0

17.0.0

What's Changed

• Clean-up the "IsKey" logic by @​aaubry in Clean-up the "IsKey" logic aaubry/YamlDotNet#1073
• Fix for gitversion and pinning it so it doesnt break...again. by @​EdwardCooke in Fix for gitversion and pinning it so it doesnt break...again. aaubry/YamlDotNet#1074
• Add max depth handling to StaticDeserializerBuilder (builds on #​1072) by @​skdishansachin in Add max depth handling to StaticDeserializerBuilder (builds on #1072) aaubry/YamlDotNet#1082
• Allow specifying a maximum recursion for the deserializer by @​aaubry in Allow specifying a maximum recursion for the deserializer aaubry/YamlDotNet#1072
• Fix NullReferenceException when serializing null System.Type properties by @​fdcastel in Fix NullReferenceException when serializing null System.Type properties aaubry/YamlDotNet#1091
• Reduce code duplication in converters and event emitters by @​fdcastel in Reduce code duplication in converters and event emitters aaubry/YamlDotNet#1090
• Use pre-compiled static Regex instances in ScalarNodeDeserializer by @​fdcastel in Use pre-compiled static Regex instances in ScalarNodeDeserializer aaubry/YamlDotNet#1088
• Fix infinite loop in source generator exception handler by @​fdcastel in Fix infinite loop in source generator exception handler aaubry/YamlDotNet#1087
• Fix TODOs, typos, and add missing tests by @​fdcastel in Fix TODOs, typos, and add missing tests aaubry/YamlDotNet#1086
• Fix YamlException.ToString() to include stack trace by @​skdishansachin in Fix YamlException.ToString() to include stack trace aaubry/YamlDotNet#1084
• Fix remaining spec cases during parsing: L383, C2SP by @​am11 in Fix remaining spec cases during parsing: L383, C2SP aaubry/YamlDotNet#1081
• Improve type fidelity in UnquotedStringTypeDeserialization test by @​jhgbrt in Improve type fidelity in UnquotedStringTypeDeserialization test aaubry/YamlDotNet#1076
• CodeQL Advanced Workflow by @​aluty in CodeQL Advanced Workflow aaubry/YamlDotNet#1067
• Nullable fixes in non-public code by @​Kielek in Nullable fixes in non-public code aaubry/YamlDotNet#1064
• Use string interning by @​simonthum in Use string interning aaubry/YamlDotNet#1055
• Fix grammar in comments in DefaultValuesHandling.cs by @​209jkjkjk in Fix grammar in comments in DefaultValuesHandling.cs aaubry/YamlDotNet#1041
• fix #​1031 by @​dogdie233 in fix #1031 aaubry/YamlDotNet#1033
• Improve Native AOT Support (Closes #​1085) by @​fdcastel in Improve Native AOT Support (Closes #1085) aaubry/YamlDotNet#1092

New Contributors

• @​skdishansachin made their first contribution in Add max depth handling to StaticDeserializerBuilder (builds on #1072) aaubry/YamlDotNet#1082
• @​fdcastel made their first contribution in Fix NullReferenceException when serializing null System.Type properties aaubry/YamlDotNet#1091
• @​jhgbrt made their first contribution in Improve type fidelity in UnquotedStringTypeDeserialization test aaubry/YamlDotNet#1076
• @​aluty made their first contribution in CodeQL Advanced Workflow aaubry/YamlDotNet#1067
• @​Kielek made their first contribution in Nullable fixes in non-public code aaubry/YamlDotNet#1064
• @​simonthum made their first contribution in Use string interning aaubry/YamlDotNet#1055
• @​209jkjkjk made their first contribution in Fix grammar in comments in DefaultValuesHandling.cs aaubry/YamlDotNet#1041
• @​dogdie233 made their first contribution in fix #1031 aaubry/YamlDotNet#1033

Full Changelog: aaubry/YamlDotNet@v16.3.0...v17.0.0

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Summary by cubic

Upgrade YamlDotNet from 16.3.0 to 17.1.0 in PacsRefetch to pick up security fixes and safer parsing defaults. This major bump may affect very large or deeply nested YAML.

• Migration
  • If using the MergingParser with large files, set the max events parameter as needed (default is 100k).
  • Review recursion depth limits for deeply nested YAML and adjust configuration if required.

^{Written for commit 2930c3d. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 1 file