This update for perl-YAML-Syck fixes the following issues:

updated to 1.450.0 (1.45) see /usr/share/doc/packages/perl-YAML-Syck/Changes

* 1.45 Apr 23 2026

    [Bug Fixes]

    - Fix: use syck_base64_free() to fix Windows "Free to wrong pool" crash
      in base64 encode/decode buffers; also plugs a memory leak (PR #189)
    - Fix: clear type tag on blessed scalar alias early-return so the stale
      tag no longer leaks onto the next emitted item (GH #193, PR #194)
    - Fix: negative float#base60 values produce wrong results; strip sign
      before accumulating and avoid negative zero for portable
      stringification (PR #191)
    - Fix: prevent memory leaks when Load/LoadJSON croak on parse errors
      (PR #192)

    [Maintenance]

    - Test: add coverage for SortKeys and JSON MaxDepth (PR #188)
    - Test: add error handling coverage for LoadFile/DumpFile (PR #190)
    - Update README

updated to 1.440.0 (1.44) see /usr/share/doc/packages/perl-YAML-Syck/Changes

* 1.44 Apr 02 2026

    [Bug Fixes]

    - Fix: positive hex and octal values parsed as 0 with ImplicitTyping
      (PR #187)
    - Fix: resolve uintptr_t redefinition error on Win64 MinGW
      (PR #186)

* 1.43 Apr 01 2026

    [Bug Fixes]

    - Fix: prevent resource leaks on croak/early-return paths in Dump
      (PR #161)
    - Fix: prevent output SV leaks on croak in Dump/DumpFile callers
      (PR #163)
    - Fix: Load() in list context returns empty list for empty/undef input;
      also applies to LoadBytes and LoadUTF8 (GH #164, PR #165)
    - Fix: DumpCode serializes prototype string instead of code body
      (PR #168)
    - Fix: memory leak in !perl/scalar Load newRV_inc should be
      newRV_noinc (PR #170)
    - Fix: add pTHX_ to SAVEDESTRUCTOR_X callback for threaded Perl
      (GH #175, PR #176)
    - Fix: add TODO guard for eval_pv leak on Perl < 5.14
      (GH #179, PR #180)
    - Fix: negative hex and octal values parsed as 0 with ImplicitTyping
      (PR #183)
    - Fix: negative int#base60 values produce unsigned wraparound (PR #185)

    [Improvements]

    - Modernize META_MERGE for CPANTS compliance (PR #162)
    - Fix hash table size handling and remove compile warnings in syck_st
      (PR #174)

    [Maintenance]

    - Restore TODO guard for Dump code leak test on Perl < 5.26 (PR #167)
    - Resolve 2010 TODO in perl_json_postprocess with test coverage
      (PR #166)
    - CI: upgrade actions to resolve Node.js 20 deprecation warnings
      (PR #177)

* 1.42 Mar 27 2026

    [Bug Fixes]

    - Fix: replace strtok() with strpbrk() and fix sign-compare warnings in
      perl_syck.h (PR #145)
    - Fix: terminate plain scalars at document boundaries --- and ... (PR #150)
    - Fix: skip %TAG and %YAML directives in document header (PR #151)
    - Fix: plug SV leak when eval_pv croaks on bad perl/code blocks (PR #153)
    - Fix: allow non-specific tag '!' before block scalars (GH #27, PR #102)
    - Fix: remove spurious %type <nodeId> for indent_open in gram.y
      (GH #157, PR #158)
    - Fix: use modern bison %define api.prefix directive (GH #159, PR #160)

    [Improvements]

    - Implement YAML merge key (<<) support (PR #149)

    [Maintenance]

    - Remove dead Perl 5.6/5.8 version guards from test files (PR #146)
    - Add YAML 1.0 spec compliance audit and coverage tests (PR #148)
    - Add comprehensive round-trip tests for YAML 1.0 spec features (PR #152)
    - Remove unneeded TODO in t/json-basic.t (PR #154)
    - Add regex Dump/Load/round-trip tests to perl tag scheme (PR #155)
    - Do not require a .y file to build YAML::Syck; add brew support for bison
    - Don't ship docs/ directory in tarball

* 1.41 Mar 22 2026

    [Bug Fixes]

    - Fix float parsing on -Dusequadmath perls: use Perl's Atof() instead of
      strtod() so that floats like -3.14 are not corrupted by double-precision
      rounding artifacts (GH #140, PR #141)

* 1.39 Mar 21 2026

    [Bug Fixes]

    - Fix t/yaml-implicit-typing.t failure with -Duselongdouble perls (GH #138, PR #139)

* 1.38 Mar 20 2026

    [Bug Fixes]

    - Fix: escape solidus (/) as \/ in JSON::Syck::Dump for XSS safety (GH #125, PR #130)
    - Fix: anchor tracking for blessed scalar refs in Dump (GH #126, PR #131)
    - Fix: prevent buffer underflow in base60 (sexagesimal) parsing (PR #133)
    - Fix: guard against NULL type from strtok in tag parsing (PR #135)
    - Fix: correct copy-paste bug in syck_seq_assign() ASSERT macros (PR #137)

    [Improvements]

    - Resolve TODO tests for empty/invalid YAML to match actual behavior (GH #127, PR #129)

    [Maintenance]

    - Remove dead Perl 5.6 TODOs and convert 5.8 TODO to SKIP (PR #129)
    - Add comprehensive implicit type resolution test suite (PR #137)
    - Update MANIFEST to include all unit tests
    - Clean up test names to remove unnecessary numbering

* 1.37 Mar 18 2026

    [Features]

    - Add LoadBytes, LoadUTF8, DumpBytes, DumpUTF8 functions (GH #51)

    [Fixes]

    - Fix heap buffer overflow in the YAML emitter - CVE-2026-4177 (GH #67)
      boo#1259757
    - Fix DumpFile with tied filehandles (IO::String, IO::Scalar) (GH #22)
    - Fix _is_glob to recognize IO::Handle subclasses (GH #23)
    - Fix memory leak when dumping filehandles (GH #42)
    - Fix dumping of tied hashes (GH #31)
    - Fix dumping strings starting with '...' as unquoted plain scalars (GH #34)
    - Fix dumping strings with tabs and carriage returns as plain scalars (GH #59)
    - Fix double-dash YAML parsing (GH #35)
    - Fix extra newline after empty arrays/hashes in YAML output (GH #36)
    - Remove trailing whitespace from YAML output lines (GH #37, #38, #39)
    - Fix quoting of \r and \t in YAML output instead of emitting raw bytes (GH #40)
    - Fix growing !!perl/regexp objects in roundtrips (GH #43)
    - Fix quoted '=' being transformed into 'str' (GH #45)
    - Fix backslash-space escape in double-quoted YAML strings (GH #61)
    - Fix flow sequence comma separator not recognized without trailing space (GH #60)
    - Fix wide character warning in DumpFile (GH #28)
    - Fix inline arrays without space after comma (GH #25)
    - Fix: quote strings matching YAML implicit types to prevent roundtrip failures (GH #26)
    - Fix JSON::Syck::Dump to use JSON-valid \uXXXX escapes in output (GH #21)
    - Fix JSON::Syck::Load decoding of \/ and \uXXXX escape sequences (GH #30)
    - Fix: apply JSON postprocessing to JSON::Syck::DumpFile output (GH #104)
    - Fix: add tied-filehandle fallback to JSON::Syck::DumpFile (GH #98)
    - Fix: handle JSON escape sequences in SingleQuote mode Load (GH #99)
    - Fix: restore Perl 5.8 compatibility in test suite (GH #121)
    - Fix: correct copy-paste error in Makefile.PL clean target (GH #101)
    - Fix: correct $SortKeys POD default from false to true (GH #100)
    - Fix: correct POD documentation errors (GH #103)

    [Maintenance]

    - Add C23-compatible function prototypes for GCC 15 compatibility (GH #112)
    - Silence macOS compiler warnings (GH #92)
    - Guard stdint.h include for portability (HP-UX 11.11) (GH #33)
    - Guard stdint.h include in syck_st.h for portability (GH #24)
    - Update ppport.h to 3.68
    - Add regression tests for magical variable dumping (GH #32)
    - CI: modernize GitHub Actions workflow (GH #123, #124)
    - CI: add disttest job to validate MANIFEST completeness

updated to 1.360.0 (1.36) see /usr/share/doc/packages/perl-YAML-Syck/Changes

* 1.36 Oct 10 2025

  - Address memory corruption leading to 'str' value being set on empty keys
    Thanks @timlegge
    CVE-2025-11683 boo#1252111

* 1.35 Oct 9 2025

  - Address parsing error related to string detection on read for empty strings.