Update dependency js-yaml to v5#1750
Conversation
a67b88b to
49f3f9e
Compare
8d61cfa to
00efb39
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR aims to upgrade js-yaml to version 5, which introduces significant breaking changes. However, the current diff is empty, and no changes have been made to package.json or the source code.
Key risks include the removal of safeLoad and safeDump functions, and a behavioral change where load() now throws an error on empty input instead of returning undefined. These changes require manual code migration and testing to prevent runtime failures. The PR is currently not ready for merging as the implementation is missing.
About this PR
- The upgrade to v5 requires replacing all instances of
safeLoadandsafeDumpwithloadanddump. Additionally, logic handling YAML loading must be updated to account for the fact thatload()now throws on empty input. Failure to address these will lead to application crashes. - The PR does not contain any file changes. A dependency upgrade requires updating the manifest files and addressing any resulting breaking changes in the source code.
Test suggestions
- Verify load() throws an error on empty input as per v5 specification
- Verify YAML dumping with renamed options (e.g., seqNoIndent) works as expected
- Verify that code using previously deprecated and now removed safeLoad/safeDump functions still functions correctly
Prompt proposal for missing tests
Consider implementing these tests if applicable:
1. Verify load() throws an error on empty input as per v5 specification
2. Verify YAML dumping with renamed options (e.g., seqNoIndent) works as expected
3. Verify that code using previously deprecated and now removed safeLoad/safeDump functions still functions correctly
TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 0 |
| Duplication | 0 |
AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.
TIP This summary will be updated as you push new changes.
cf0c144 to
ebce7d8
Compare
ebce7d8 to
e81337e
Compare
This PR contains the following updates:
4.3.0→5.2.1Release Notes
nodeca/js-yaml (js-yaml)
v5.2.1Compare Source
Fixed
Mapsupport to !!omap (should work whenrealMapTagused)Security
addItem. Regression from v5(usually not critical, because YAML11_SCHEMA is not default anymore).
v5.2.0Compare Source
Added
maxTotalMergeKeys(10000) loader option to limit the total number ofkeys processed by YAML merge (
<<) across oneload()/loadAll()call.maxAliases(-1) loader option to limit the number of YAML aliases perdocument.
Removed
maxMergeSeqLengthreplaced withmaxTotalMergeKeysfor limiting YAML mergeprocessing.
Fixed
1e21)v5.1.0Compare Source
Added
different result value.
Changed
quoteStylenow selects the preferred quote style; use therestored
forceQuotesoption to force quoting non-key strings.v5.0.0Compare Source
Added
JSON_SCHEMAandCORE_SCHEMAwith spec-compliant scalar resolutionrules, and added
YAML11_SCHEMA.realMapTagfor lossless mappings with non-string and complex keys.Object-based mappings now reject complex keys instead of stringifying them.
dump()transformoption for changing the generated AST beforerendering.
dump()optionsseqInlineFirst,flowBracketPadding,flowSkipCommaSpace,flowSkipColonSpace,quoteFlowKeys,quoteStyleandtagBeforeAnchor.test set.
Changed
exports.
CORE_SCHEMA(loader default),JSON_SCHEMA,FAILSAFE_SCHEMA.YAML11_SCHEMA, a combination of all YAML 1.1 tags (YAML 1.1 does notspecify a schema, only "types").
load/dumpdefault behaviour is now specified exactly via schemas:loadusesCORE_SCHEMA, without!!mergeby default.dumpusesYAML11_SCHEMA+CORE_SCHEMAfor the quoting check, toguarantee backward compatibility by default.
!!setis now loaded as a JavaScriptSet.TypeAPI with a tags API. Similar, but more precise andsimpler. See examples for details. Tags can be defined via
defineScalarTag(),defineSequenceTag()anddefineMappingTag(), or as aspread + override of an existing tag.
Schema.extend()toSchema.withTags().markers, block keys, multiline scalars, tag syntax and other things.
load()now throws on empty input instead of returningundefined.js-yaml/browserexport.loadAllsignature with an iterator (still works, but is acandidate for removal).
Removed
safeLoad(),safeLoadAll()andsafeDump()exports.DEFAULT_SCHEMAand the nestedtypesexport.onWarning,legacyandlistener.styles,replacer,noCompatMode,condenseFlow,quotingTypeandforceQuotes. RenamednoArrayIndenttoseqNoIndent.Formatting and representation are now configured through presenter options,
schemas and tag definitions. See migration guide on how to replace.
lib/.Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.