Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade yaml from 1.10.2 to 2.0.1 #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade yaml from 1.10.2 to 2.0.1 #5

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented May 7, 2022

Snyk has created this PR to upgrade yaml from 1.10.2 to 2.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 14 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2022-04-15.
Release notes
Package name: yaml
  • 2.0.1 - 2022-04-15
    • Fix tags and anchors on map keys (#378)
  • 2.0.0 - 2022-04-06

    This update has been in the works for the last year and a half. Its prerelease versions have been thoroughly tested by a wide number of users, and I think it's finally ready for "actual" release, for use in the mythical "production".

    The breaking changes introduced here are mostly originating from the v1 CST parser having become a rather difficult beast to work with. So it's here rewritten pretty much completely, now with a lexer as a first stage. Along the way, the whole project was rewritten in TypeScript and the export paths and options refactored pretty deeply.

    If you've been using the library just via its parse(), parseDocument() and stringify() functions, then it's quite likely that none of the changes affect your experience in any way. However, if you've been doing something more involved, then I would strongly recommend that you review the library's documentation site for the v2 docs.

    Going forward, it's finally time to start experimenting with new YAML spec features that may eventually be included in YAML 1.3 and later. Those will be made available by specifying the version: 'next' option. However, beware! Any features available this way may be removed or have their API broken by any minor release of this library, and no compatibility guarantees with other libraries are given. In general, semver compatibility is guaranteed for features that are explicitly included in the documentation; everything else should be considered as internal implementation details.

    The following is an overview of the breaking changes and new features introduced in each of the prerelease steps leading up to this release; the individual releases' notes and the PRs will contain more detail, along with specific migration guides.

    BREAKING CHANGES

    v2.0.0-0

    • Drop deprecated end points, members, options & defaults (#171)
    • Breaking changes to Document & createNode APIs (#186)
    • When creating a mapping from a JS Object, drop undefined values (#173)
    • Retain existing nodes when using set() in mappings & sequences (#185)

    v2.0.0-1

    • Improve JSON compatibility (#189)
    • Refactor tag resolve() API (#201)

    v2.0.0-3

    • Drop 'yaml/parse-cst' endpoint (#223)
    • Update build configs & minimum supported versions (#224)

    v2.0.0-4

    • Refactor options (#235)
    • Refactor parsing completely (#203)
    • Merge all of 'yaml/types' and some of 'yaml/util' into 'yaml' (#234)
    • Refactor node identification (#233)
    • Drop type property from all but Scalar nodes (#240)
    • Refactor as TypeScript (#233)

    v2.0.0-5

    • Make anchor & alias resolution lazier (#248)
    • Split flow collections into items in Parser (#249)
    • Make Pair not extend NodeBase; drop its prop forwarding (#245, #250)
    • Rename the tokens namespace as CST (#252)
    • Turn the Lexer, Parser & Composer into generators (#253)
    • Refactor Node range as [start, value-end, node-end] (#259)
    • Replace error.offset with error.pos: [number, number] (#260)

    v2.0.0-6

    • Fix empty lines & trailing comments (#278)
    • Drop Node.js 10 support

    v2.0.0-9

    • Allow disabling single & block quotes completely (#326)

    v2.0.0-10

    • The TS type of doc.directives now indicates it as optional (#344)

    v2.0.0-11

    • YAML.defaultOptions is removed (#346)
    • directives.marker is renamed as directives.docStart (#371)

    v2.0.0

    • Drop Node.js 12 support (end-of-life 2022-04-30)

    New Features

    v2.0.0-0

    • Resolve known tags in core schema (#172)
    • Create intermediates for set() & setIn() on doc with empty contents (#174)
    • Fix intermediate collection creation for parsed documents (#174)
    • Improve quoted string flexibility (#177)
    • Add defaultKeyType option for finer control of scalar output (#179)

    v2.0.0-1

    • Remember source string for null scalars (#193)
    • Support asBigInt option for sexagesimal integer values

    v2.0.0-3

    • Refactor logging control, adding logLevel option (#215)
    • Add visit(node, visitor) to 'yaml' (#225)

    v2.0.0-4

    • Stringify top-level block scalars with header on marker line
    • Add a couple of things to 'yaml/util' that weren't exposed before

    v2.0.0-5

    • Add Collection, Value & Node visitor aliases
    • Add error codes
    • Always include offset in CST tokens
    • Add CST tools (#252)

    v2.0.0-6

    • Check key uniqueness; add uniqueKeys option (#271)
    • Drop special-casing COMMENT_SPACE error; use MISSING_CHAR for it instead

    v2.0.0-7

    • Support immediate map values for << merge keys, in addition to alias values

    v2.0.0-8

    • Add a new createNode option aliasDuplicateObjects (#299)
    • Add clone() methods to Document, Directives, Schema and all Nodes (#304)

    v2.0.0-9

    • Add keepSoureToken parse option, adding srcToken values to Nodes (#309)
    • Allow for custom schema id, provided that customTags is defined (#325)
    • Expose tags & types required by custom composers (#325)

    v2.0.0-10

    v2.0.0-11

    • Add warning for aliases & anchors ending with a colon (#370)
    • Add directives.docEnd, for ... marker (#371)
    • Add YAML.visitAsync() (#372)

    v2.0.0

    • Allow for a 'next' YAML version
  • 2.0.0-11 - 2022-03-22
    Read more
  • 2.0.0-10 - 2021-12-31
    Read more
  • 2.0.0-9 - 2021-11-13
    Read more
  • 2.0.0-8 - 2021-09-06
    Read more
  • 2.0.0-7 - 2021-07-17
    Read more
  • 2.0.0-6 - 2021-06-14
    Read more
  • 2.0.0-5 - 2021-04-18
    Read more
  • 2.0.0-4 - 2021-03-13
    Read more
  • 2.0.0-3 - 2021-01-31
  • 2.0.0-2 - 2021-01-31
  • 2.0.0-1 - 2020-10-05
  • 2.0.0-0 - 2020-08-23
  • 1.10.2 - 2021-03-13
from yaml GitHub release notes
Commit messages
Package name: yaml

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@pull-request-quantifier-deprecated
Copy link

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

Quantification details 

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 1

Change summary by file extension:
.json : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

  • Fast and predictable releases to production:
    • Optimal size changes are more likely to be reviewed faster with fewer
      iterations.
    • Similarity in low PR complexity drives similar review times.
  • Review quality is likely higher as complexity is lower:
    • Bugs are more likely to be detected.
    • Code inconsistencies are more likely to be detetcted.
  • Knowledge sharing is improved within the participants:
    • Small portions can be assimilated better.
  • Better engineering practices are exercised:
    • Solving big problems by dividing them in well contained, smaller problems.
    • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

  • Use the PullRequestQuantifier to quantify your PR accurately
    • Create a context profile for your repo using the context generator
    • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
    • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
    • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
  • Change your engineering behaviors
    • For PRs that fall outside of the desired spectrum, review the details and check if:
      • Your PR could be split in smaller, self-contained PRs instead
      • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

  • One line was added: +1 -0
  • One line was deleted: +0 -1
  • One line was modified: +1 -1 (git diff doesn't know about modified, it will
    interpret that line like one addition plus one deletion)
  • Change percentiles: Change characteristics (addition, deletion, modification)
    of this PR in relation to all other PRs within the repository.

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Extra Small
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot