Bump YamlDotNet from 16.3.0 to 17.0.1

[dependabot]

Updated YamlDotNet from 16.3.0 to 17.0.1.

Release notes

Sourced from YamlDotNet's releases.

17.0.0

What's Changed

• Clean-up the "IsKey" logic by @​aaubry in Clean-up the "IsKey" logic aaubry/YamlDotNet#1073
• Fix for gitversion and pinning it so it doesnt break...again. by @​EdwardCooke in Fix for gitversion and pinning it so it doesnt break...again. aaubry/YamlDotNet#1074
• Add max depth handling to StaticDeserializerBuilder (builds on #​1072) by @​skdishansachin in Add max depth handling to StaticDeserializerBuilder (builds on #1072) aaubry/YamlDotNet#1082
• Allow specifying a maximum recursion for the deserializer by @​aaubry in Allow specifying a maximum recursion for the deserializer aaubry/YamlDotNet#1072
• Fix NullReferenceException when serializing null System.Type properties by @​fdcastel in Fix NullReferenceException when serializing null System.Type properties aaubry/YamlDotNet#1091
• Reduce code duplication in converters and event emitters by @​fdcastel in Reduce code duplication in converters and event emitters aaubry/YamlDotNet#1090
• Use pre-compiled static Regex instances in ScalarNodeDeserializer by @​fdcastel in Use pre-compiled static Regex instances in ScalarNodeDeserializer aaubry/YamlDotNet#1088
• Fix infinite loop in source generator exception handler by @​fdcastel in Fix infinite loop in source generator exception handler aaubry/YamlDotNet#1087
• Fix TODOs, typos, and add missing tests by @​fdcastel in Fix TODOs, typos, and add missing tests aaubry/YamlDotNet#1086
• Fix YamlException.ToString() to include stack trace by @​skdishansachin in Fix YamlException.ToString() to include stack trace aaubry/YamlDotNet#1084
• Fix remaining spec cases during parsing: L383, C2SP by @​am11 in Fix remaining spec cases during parsing: L383, C2SP aaubry/YamlDotNet#1081
• Improve type fidelity in UnquotedStringTypeDeserialization test by @​jhgbrt in Improve type fidelity in UnquotedStringTypeDeserialization test aaubry/YamlDotNet#1076
• CodeQL Advanced Workflow by @​aluty in CodeQL Advanced Workflow aaubry/YamlDotNet#1067
• Nullable fixes in non-public code by @​Kielek in Nullable fixes in non-public code aaubry/YamlDotNet#1064
• Use string interning by @​simonthum in Use string interning aaubry/YamlDotNet#1055
• Fix grammar in comments in DefaultValuesHandling.cs by @​209jkjkjk in Fix grammar in comments in DefaultValuesHandling.cs aaubry/YamlDotNet#1041
• fix #​1031 by @​dogdie233 in fix #1031 aaubry/YamlDotNet#1033
• Improve Native AOT Support (Closes #​1085) by @​fdcastel in Improve Native AOT Support (Closes #1085) aaubry/YamlDotNet#1092

New Contributors

• @​skdishansachin made their first contribution in Add max depth handling to StaticDeserializerBuilder (builds on #1072) aaubry/YamlDotNet#1082
• @​fdcastel made their first contribution in Fix NullReferenceException when serializing null System.Type properties aaubry/YamlDotNet#1091
• @​jhgbrt made their first contribution in Improve type fidelity in UnquotedStringTypeDeserialization test aaubry/YamlDotNet#1076
• @​aluty made their first contribution in CodeQL Advanced Workflow aaubry/YamlDotNet#1067
• @​Kielek made their first contribution in Nullable fixes in non-public code aaubry/YamlDotNet#1064
• @​simonthum made their first contribution in Use string interning aaubry/YamlDotNet#1055
• @​209jkjkjk made their first contribution in Fix grammar in comments in DefaultValuesHandling.cs aaubry/YamlDotNet#1041
• @​dogdie233 made their first contribution in fix #1031 aaubry/YamlDotNet#1033

Full Changelog: aaubry/YamlDotNet@v16.3.0...v17.0.0

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Summary by cubic

Upgrade YamlDotNet from 16.3.0 to 17.0.1. This brings bug fixes, perf improvements, and an option to limit deserialization depth.

• Migration
  • Run tests that parse/serialize YAML to catch any behavior changes from the major update.
  • If you configure the deserializer, consider setting a depth limit to guard against deeply nested documents.

^{Written for commit 6f0a0b7. Summary will update on new commits.}

High-level PR Summary

This PR updates the YamlDotNet dependency from version 16.3.0 to 17.0.1, bringing in various improvements including maximum recursion depth handling for the deserializer, bug fixes for null reference exceptions and infinite loops, improved Native AOT support, and performance optimizations such as string interning and pre-compiled regex instances.

⏱️ Estimated Review Time: 5-15 minutes

💡 Review Order Suggestion

Order	File Path
1	Directory.Packages.props

[cubic-dev-ai]

No issues found across 1 file

[recurseml]

Review by RecurseML

🔍 Review performed on c54df5e..6f0a0b7

✨ No bugs found, your code is sparkling clean

✅ Files analyzed, no issues (1)

• Directory.Packages.props