From a8e2ede4f58855b0208c5d7c04d010e656b254ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Mar 2021 16:30:10 -0500 Subject: [PATCH] chore(deps): bump js-yaml from 3.14.0 to 4.0.0 (#2920) * chore(deps): bump js-yaml from 3.14.0 to 4.0.0 Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.0 to 4.0.0. - [Release notes](https://github.com/nodeca/js-yaml/releases) - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/3.14.0...4.0.0) Signed-off-by: dependabot[bot] * fix(src/node): replace yaml.safeLoad with load Also update @types/yaml to ^4.0.0. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Akash Satheesan --- package.json | 4 ++-- src/node/cli.ts | 2 +- yarn.lock | 20 ++++++++++++++++---- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index 87ad2c46e..615f604c8 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,7 @@ "@types/cookie-parser": "^1.4.2", "@types/express": "^4.17.8", "@types/http-proxy": "^1.17.4", - "@types/js-yaml": "^3.12.3", + "@types/js-yaml": "^4.0.0", "@types/node": "^12.12.7", "@types/parcel-bundler": "^1.12.1", "@types/pem": "^1.9.5", @@ -84,7 +84,7 @@ "express": "^5.0.0-alpha.8", "http-proxy": "^1.18.0", "httpolyglot": "^0.1.2", - "js-yaml": "^3.13.1", + "js-yaml": "^4.0.0", "limiter": "^1.1.5", "node-fetch": "^2.6.1", "pem": "^1.14.2", diff --git a/src/node/cli.ts b/src/node/cli.ts index 6a8aab0cd..cf3ad4734 100644 --- a/src/node/cli.ts +++ b/src/node/cli.ts @@ -536,7 +536,7 @@ export function parseConfigFile(configFile: string, configPath: string): ConfigA return { _: [], config: configPath } } - const config = yaml.safeLoad(configFile, { + const config = yaml.load(configFile, { filename: configPath, }) if (!config || typeof config === "string") { diff --git a/yarn.lock b/yarn.lock index 5ae8d690a..5d65f7c65 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1135,10 +1135,10 @@ dependencies: "@types/node" "*" -"@types/js-yaml@^3.12.3": - version "3.12.5" - resolved "https://registry.yarnpkg.com/@types/js-yaml/-/js-yaml-3.12.5.tgz#136d5e6a57a931e1cce6f9d8126aa98a9c92a6bb" - integrity sha512-JCcp6J0GV66Y4ZMDAQCXot4xprYB+Zfd3meK9+INSJeVZwJmHAW30BBEEkPzXswMXuiyReUGOP3GxrADc9wPww== +"@types/js-yaml@^4.0.0": + version "4.0.0" + resolved "https://registry.yarnpkg.com/@types/js-yaml/-/js-yaml-4.0.0.tgz#d1a11688112091f2c711674df3a65ea2f47b5dfb" + integrity sha512-4vlpCM5KPCL5CfGmTbpjwVKbISRYhduEJvvUWsH5EB7QInhEj94XPZ3ts/9FPiLZFqYO0xoW4ZL8z2AabTGgJA== "@types/json-schema@^7.0.3": version "7.0.6" @@ -1491,6 +1491,11 @@ argparse@^1.0.7: dependencies: sprintf-js "~1.0.2" +argparse@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38" + integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q== + arr-diff@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520" @@ -4479,6 +4484,13 @@ js-yaml@^3.10.0, js-yaml@^3.13.1: argparse "^1.0.7" esprima "^4.0.0" +js-yaml@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.0.0.tgz#f426bc0ff4b4051926cd588c71113183409a121f" + integrity sha512-pqon0s+4ScYUvX30wxQi3PogGFAlUyH0awepWvwkj4jD4v+ova3RiYw8bmA6x2rDrEaj8i/oWKoRxpVNW+Re8Q== + dependencies: + argparse "^2.0.1" + jsbn@~0.1.0: version "0.1.1" resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"