chore(deps): bump yaml from 2.8.2 to 2.8.3

[dependabot]

Bumps yaml from 2.8.2 to 2.8.3.

Release notes

Sourced from yaml's releases.

v2.8.3

• Add trailingComma ToString option for multiline flow formatting (#670)
• Catch stack overflow during node composition (1e84ebb)

Commits

• ce14587 2.8.3
• 1e84ebb fix: Catch stack overflow during node composition
• 6b24090 ci: Include Prettier check in lint action
• 9424dee chore: Refresh lockfile
• d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
• 4321509 ci: Drop the branch filter from GitHub PR actions
• 47207d0 chore: Update docs-slate
• 5212fae chore: Update docs-slate
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[github-actions]

✔️ Bundle Size Analysis

Metric	Value
Base	2638.70 KB
PR	2638.70 KB
Diff	0 KB (0%)

Bundle breakdown

156K	dist/auth
80K	dist/automation
4.0K	dist/cli.d.ts
4.0K	dist/cli.d.ts.map
20K	dist/cli.js
12K	dist/cli.js.map
584K	dist/commands
28K	dist/config
4.0K	dist/index.d.ts
4.0K	dist/index.d.ts.map
4.0K	dist/index.js
4.0K	dist/index.js.map
896K	dist/integrations
100K	dist/llm
1.2M	dist/loop
188K	dist/mcp
60K	dist/presets
92K	dist/setup
40K	dist/skills
392K	dist/sources
76K	dist/ui
144K	dist/utils
336K	dist/wizard

[claude]

LGTM — straightforward patch-level dependency bump with no bugs found.

Extended reasoning...

Overview

This PR updates a single entry in pnpm-lock.yaml, bumping yaml from 2.8.2 to 2.8.3. The lockfile changes consistently propagate the new version through all dependent snapshot entries (vite, vitest, @vitest/coverage-v8, @vitest/mocker, listr2). There is also an incidental bump of @sourcegraph/amp to a newer pre-release build, which appears to be a transitive resolution change captured by the lockfile refresh.

Security risks

No security concerns. The yaml 2.8.3 release fixes a stack overflow during node composition (a DoS-class bug improvement) and adds a trailingComma formatting option — both are benign changes with no auth, crypto, or permission implications.

Level of scrutiny

Lockfile-only patch bump generated by Dependabot. This is the lowest-risk category of change: no application logic is modified, the semver increment is patch-level, and the upstream changelog is limited to a bug fix and a minor feature addition.

Other factors

No bugs were reported by the bug hunting system. No prior reviews exist on this PR. The change is entirely mechanical and follows the established Dependabot dependency-update pattern already present in the repo history.