Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency js-yaml to v4 #23

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Jan 6, 2021

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
js-yaml ^3.10.0 -> ^4.0.0 age adoption passing confidence

Release Notes

nodeca/js-yaml

v4.1.0

Compare Source

Added
  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were
    (see yaml.types.int.options as an example).
Changed
  • Schema.extend() now keeps old type order in case of conflicts
    (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

v4.0.0

Compare Source

Changed
  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are
    moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump
    instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use
    yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal,
    0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #​470, #​557.
  • Line and column in exceptions are now formatted as (X:Y) instead of
    at line X, column Y (also present in compact format), #​332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with
    undefined in mappings, #​571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #​576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #​258.
Added
  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure
    string literal style, #​290, #​529.
  • Added styles: { '!!null': 'empty' } option for dumper
    (serializes { foo: null } as "foo: "), #​570.
  • Added replacer option (similar to option in JSON.stringify), #​339.
  • Custom Tag can now handle all tags or multiple tags with the same prefix, #​385.
Fixed
  • Astral characters are no longer encoded by dump(), #​587.
  • "duplicate mapping key" exception now points at the correct column, #​452.
  • Extra commas in flow collections (e.g. [foo,,bar]) now throw an exception
    instead of producing null, #​321.
  • __proto__ key no longer overrides object prototype, #​164.
  • Removed bower.json.
  • Tags are now url-decoded in load() and url-encoded in dump()
    (previously usage of custom non-ascii tags may have led to invalid YAML that can't be parsed).
  • Anchors now work correctly with empty nodes, #​301.
  • Fix incorrect parsing of invalid block mapping syntax, #​418.
  • Throw an error if block sequence/mapping indent contains a tab, #​80.

v3.14.1

Compare Source

Security
  • Fix possible code execution in (already unsafe) .load() (in &anchor).

v3.14.0

Compare Source

Changed
  • Support safe/loadAll(input, options) variant of call.
  • CI: drop outdated nodejs versions.
  • Dev deps bump.
Fixed
  • Quote = in plain scalars #​519.
  • Check the node type for !<?> tag in case user manually specifies it.
  • Verify that there are no null-bytes in input.
  • Fix wrong quote position when writing condensed flow, #​526.

v3.13.1

Compare Source

Security
  • Fix possible code execution in (already unsafe) .load(), #​480.

v3.13.0

Compare Source

Security
  • Security fix: safeLoad() can hang when arrays with nested refs
    used as key. Now throws exception for nested arrays. #​475.

v3.12.2

Compare Source

Fixed
  • Fix noArrayIndent option for root level, #​468.

v3.12.1

Compare Source

Added
  • Added noArrayIndent option, #​432.

v3.12.0

Compare Source

Changed
  • Support arrow functions without a block statement, #​421.

v3.11.0

Compare Source

Added
  • Add arrow functions suport for !!js/function.
Fixed
  • Fix dump in bin/octal/hex formats for negative integers, #​399.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate
Copy link
Author

renovate bot commented Mar 24, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@renovate renovate bot changed the title fix(deps): update dependency js-yaml to v4 fix(deps): update dependency js-yaml to v4 - autoclosed Apr 3, 2023
@renovate renovate bot closed this Apr 3, 2023
@renovate renovate bot deleted the renovate/js-yaml-4.x branch April 3, 2023 23:53
@renovate renovate bot changed the title fix(deps): update dependency js-yaml to v4 - autoclosed fix(deps): update dependency js-yaml to v4 Apr 4, 2023
@renovate renovate bot reopened this Apr 4, 2023
@renovate renovate bot restored the renovate/js-yaml-4.x branch April 4, 2023 11:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant