search

tunnckoCore / opensource

Delivering delightful digital solutions. Monorepo of monorepos of Open Source packages with combined ~100M/month downloads, semantically versioned following @conventional-commits. Fully powered ES Modules, @Airbnb @ESLint + @Prettier, independent & fixed versioning. Quality with @Actions, CodeQL, & Dependabot.
https://tunnckocore.com/opensource
481 stars 18 forks source link

[Snyk] Upgrade yaml from 1.10.2 to 2.1.2 #225

Closed tunnckoCore closed 1 month ago

tunnckoCore commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade yaml from 1.10.2 to 2.1.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
*Warning:* This is a major version upgrade, and may be a breaking change. - The recommended version is **17 versions** ahead of your current version. - The recommended version was released **21 days ago**, on 2022-10-02.
Release notes
Package name: yaml
  • 2.1.2 - 2022-10-02
    • Set correct node-end position for empty values with comments (#413)
  • 2.1.1 - 2022-05-29

    No changes in executable code, only TS types.

    • Revert "Use TS named tuple for range (#385)" -- see #393
    • Fix types for compatibility with TS 4.2 and 4.7
    • Add CI workflow for testing published type in a range of TS versions
      </li>
  <li>
    <b>2.1.0</b> - <a href="https://snyk.io/redirect/github/eemeli/yaml/releases/tag/v2.1.0">2022-05-14</a></br><p>Fixes for TypeScript users. Arguably this could've been a patch release as well.</p>
    • Improve/specify/fix TS types for Document & collection access methods (#383)
    • Use TS named tuple for range (#385)
    • Rename internal Document option as _directives to resolve type conflict with ToString options (#389)
    • Update tsc target to ES2020 to match Node.js support
    • Update dev dependencies, including jest 28
      </li>
  <li>
    <b>2.0.1</b> - <a href="https://snyk.io/redirect/github/eemeli/yaml/releases/tag/v2.0.1">2022-04-15</a></br><ul>
  • Fix tags and anchors on map keys (#378)

  • 2.0.0 - 2022-04-06
    Read more 
    •   <li>
    <b>2.0.0-11</b> - <a href="https://snyk.io/redirect/github/eemeli/yaml/releases/tag/v2.0.0-11">2022-03-22</a></br><p>This version of <code>yaml</code> has been published to npm using the <code>next</code> dist-tag, so install it with:</p>
    npm install --save-exact yaml@next

    BREAKING CHANGES

    YAML.defaultOptions is removed (#346)

    For a while, it's been undocumented, but still available. Since the options refactor of #235, it has only provided defaults for Parse & Document options, and not any of the others, so its name is a bit misleading as well.

    If you're using YAML.defaultOptions, you'll need to explicitly set the options in the appropriate parse*() and new Document() calls after this change.

    directives.marker is renamed as directives.docStart (#371)

    The behaviour of the property stays the same as before.

    New Features

    • Add warning for aliases & anchors ending with a colon (#370)
    • Add directives.docEnd, for ... marker (#371)
    • Add YAML.visitAsync() (#372)

    Bugfixes

    • Flow collection keys in block maps (redhat-developer/vscode-yaml#712)
    • Error on %YAML directives with content after version (#348)
    • Use correct check for empty null source (#366)
    • Do not throw during composition, even for bad tokens (#367)
    • Error on invalid %YAML directives
    • Empty block scalars with chomp=keep & trailing whitespace
    • Parse ? : x as { ? { : x } }
    • Do not consider tabs as indent for flow collections
    • Include trailing more-indented empty lines in block scalar contents
    • Should complain about -, and -] in flow collections
    • Update dev dependencies, including @ types/node downgrade

    Test Improvements

    • Update yaml-test-suite, skipping some new tests
    • Don't needlessly skip yaml-test-suite B63P test
    • test-events: Do not skip events for only apparently empty documents
    • yaml-test-suite: Skip in.json tests when expecting errors
      </li>
  <li>
    <b>2.0.0-10</b> - <a href="https://snyk.io/redirect/github/eemeli/yaml/releases/tag/v2.0.0-10">2021-12-31</a></br><p>This version of <code>yaml</code> has been published to npm using the <code>next</code> dist-tag, so install it with:</p>
    npm install --save-exact yaml@next

    BREAKING CHANGES

    • The TS type of doc.directives now indicates it as optional. Its actual value has not changed, but the type needs to account for what might happen if doc.setSchema() is called with a null version argument. (#344)

    New Features

    Add a compatibility checker (#335)

    Adds a new schema option compat: string | Tags. If set, warns during composition about compatibility issues with the given schema. When stringifying, uses scalar styles that are parsed correctly by the compat schema as well as the actual schema.

    Support for Non-YAML Schemas

    While YAML is a superset of JSON, it isn't a strict superset of other JSON-based configuration languages. Feature-wise, though, these languages are as a rule a subset of YAML features, so let's build some groundwork for supporting them as well by making additional aspects of this library configurable.

    • Add commentString option, refactor internals to support it (#336)
    • Add toStringDefaults option (#337)
    • Add collectionStyle option (#343)
    • Allow for Schema instance as schema option (#344)

    Test Improvements

    • Add json-test-suite as git submodule (#340)
    • Update to latest yaml-test-suite data
    • Add {} and [] indicators to flow maps & sequences in test-events output (used by the YAML Test Matrix)
    • Use --target es5 in test:dist:types script (#334)

    Bugfixes

    • Allow for custom schemas in TS types (#325)
    • Flow collection expected-end error (#328)
    • parser: flow-error-end token should not advance offset
    • Handle duplicate flow : indicators correctly
    • Correctly stringify non-finite scalars with format: 'EXP'
    • Allow block map with flow collection key as explicit key
    • Do not use negative indent for any parser tokens
      </li>
  <li>
    <b>2.0.0-9</b> - <a href="https://snyk.io/redirect/github/eemeli/yaml/releases/tag/v2.0.0-9">2021-11-13</a></br><p>This version of <code>yaml</code> has been published to npm using the <code>next</code> dist-tag, so install it with:</p>
    npm install --save-exact yaml@next

    Hopefully the breaking change for singleQuote: false won't cause anyone issues. Otherwise, small improvements only.

    BREAKING CHANGES

    Allow disabling single & block quotes completely (#326)

    The options for representing scalar values are refactored, such that blockQuote (new) and singleQuote (expanded) allow setting a preference as well as preventing said styles from being used at all. This changes how singleQuote: false is handled. To retain the previous behaviour, use singleQuote: null or leave the option unset.

    New Features

    • Add keepSoureToken parse option, adding srcToken values to Nodes (#309)
    • Allow for custom schema id, provided that customTags is defined (#325)
    • Expose tags & types required by custom composers (#325)

    Bugfixes

    • cst: Specify resolveAsScalar return type
    • lexer: Reset flow-key flag on comma in flow collection (#316)
    • lexer: Allow unindented comment in flow collection
    • Support seq-of-maps merge key values (#321)
    • compose: Indent level of empty block scalars with keep chomping (#313)
    • Honor singleQuote option more widely
    • Get rid of extra whitespace around empty map values
    • Drop ...expansion from public TS interfaces (#334)
      </li>
  <li>
    <b>2.0.0-8</b> - <a href="https://snyk.io/redirect/github/eemeli/yaml/releases/tag/v2.0.0-8">2021-09-06</a></br><p>This version of <code>yaml</code> has been published to npm using the <code>next</code> dist-tag, so install it with:</p>
    npm install --save-exact yaml@next

    This release doesn't really do anything major, it's really just an accumulation of small things over the past few weeks.

    New Features

    • Add a new createNode option aliasDuplicateObjects (#299)
    • Add clone() methods to Document, Directives, Schema and all Nodes (#304)

    Bugfixes

    • lexer: Cache line end positions (#298)
    • Handle doc.createNode(doc) the same as doc.createNode(doc.contents) (#303)
    • Allow for collection setIn() to handle objects, including duplicates
    • Fix parsing errors with CRLF line endings (#306, #307)
      </li>
  <li>
    <b>2.0.0-7</b> - <a href="https://snyk.io/redirect/github/eemeli/yaml/releases/tag/v2.0.0-7">2021-07-17</a></br><p>This version of <code>yaml</code> has been published to npm using the <code>next</code> dist-tag, so install it with:</p>
    npm install --save-exact yaml@next

    This release doesn't really do anything major, it's really just an accumulation of small things over the past few weeks. Thanks in particular to @ ingydotnet for his continuing help in finding corner cases of invalid input being parsed as valid.

    New Features

    • Support immediate map values for << merge keys, in addition to alias values

    Bugfixes

    • Anchors for duplicate objects that stringify as strings (#287)
    • Complain about empty aliases & anchors
    • Do not throw for "%" as document
    • Complain about plain scalars starting with , or %
    • Use correct character set for tags
      </li>
  <li>
    <b>2.0.0-6</b> - 2021-06-14
  </li>
  <li>
    <b>2.0.0-5</b> - 2021-04-18
  </li>
  <li>
    <b>2.0.0-4</b> - 2021-03-13
  </li>
  <li>
    <b>2.0.0-3</b> - 2021-01-31
  </li>
  <li>
    <b>2.0.0-2</b> - 2021-01-31
  </li>
  <li>
    <b>2.0.0-1</b> - 2020-10-05
  </li>
  <li>
    <b>2.0.0-0</b> - 2020-08-23
  </li>
  <li>
    <b>1.10.2</b> - 2021-03-13
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/eemeli/yaml/releases">yaml GitHub release notes</a>

    Commit messages
    Package name: yaml
    • acb5f47 2.1.2
    • 6e7fba7 chore: Refresh lockfile
    • 4ac0f5d fix: Set correct node-end position for empty values with comments (#413)
    • e97948d ci: Uninstall @ jest/types before testing types on TS 4.0 and 3.8
    • 17a56bd chore: Update to jest 29
    • 26526d7 chore: Satisfy updated Typescript (4.8.2) & Prettier
    • c3c265b chore: Refresh lockfile
    • 57a29cd chore: Update docs-slate
    • 3197c60 docs: Use https in README.md link (#400)
    • 96c6993 2.1.1
    • 3b35834 ci: Add separate workflow for TS tests
    • 4ff5051 fix: NodeType<T> for older TS versions
    • d63d48d ci: Add typescript test jobs for its older versions
    • 7e9b489 chore: Fix types for TS 4.7
    • 42e527a chore: Refresh lockfile
    • 98a1d5e Revert "feat: Use TS named tuple for range (#385)"
    • 5050494 docs: Document defaultStringType option more explicitly
    • c80d4c2 2.1.0
    • 102ecf1 chore: Update to jest 28
    • 5c84f07 chore: Refresh lockfile
    • a918afa fix: Rename internal Document option as _directives to resolve conflict with ToString options (fixes #389)
    • 3ed008a feat: Use TS named tuple for range (#385)
    • 632c308 chore: Update tsc target to ES2020 to match Node.js support
    • 133f45c feat: Improve/specify/fix TS types for Document & collection access methods (#383)
    Compare

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

    For more information:

    🧐 View latest project report

    🛠 Adjust upgrade PR settings

    🔕 Ignore this dependency or unsubscribe from future upgrade PRs