[PR #111] [MERGED] Bump js-yaml from 3.14.1 to 4.0.0 #2189

New Issue

Closed

opened 2026-04-23 09:31:44 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-23 09:31:44 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/joelwmale/webhook-action/pull/111
Author: @dependabot[bot]
Created: 1/4/2021
Status: ✅ Merged
Merged: 1/4/2021
Merged by: @mergify[bot]

Base: develop ← Head: dependabot/npm_and_yarn/js-yaml-4.0.0

---

📝 Commits (1)

• 03f9d00 Bump js-yaml from 3.14.1 to 4.0.0

📊 Changes

2 files changed (+14 additions, -2 deletions)

View changed files

📝 package.json (+1 -1)
📝 yarn.lock (+13 -1)

📄 Description

Bumps js-yaml from 3.14.1 to 4.0.0.

Changelog

Sourced from js-yaml's changelog.

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.
• Added replacer option (similar to option in JSON.stringify), #339.
• Custom Tag can now handle all tags or multiple tags with the same prefix, #385.

Fixed

• Astral characters are no longer encoded by dump(), #587.
• "duplicate mapping key" exception now points at the correct column, #452.
• Extra commas in flow collections (e.g. [foo,,bar]) now throw an exception instead of producing null, #321.
• __proto__ key no longer overrides object prototype, #164.
• Removed bower.json.
• Tags are now url-decoded in load() and url-encoded in dump() (previously usage of custom non-ascii tags may have led to invalid YAML that can't be parsed).
• Anchors now work correctly with empty nodes, #301.
• Fix incorrect parsing of invalid block mapping syntax, #418.
• Throw an error if block sequence/mapping indent contains a tab, #80.

Commits

• ee74ce4 4.0.0 released
• a44bb7c dist rebuild
• aee620a Throw an error if block sequence/mapping indent contains a tab
• f0f205b Fix parsing of invalid block mappings
• e8cf6f6 Fix error with anchor not being assigned to an empty node
• a583097 Shorthand tags with !! whenever possible
• a0d0caa Dump custom tags starting with ! as !tag instead of !\<!tag>
• 1ea8370 Fix examples
• 73ef02c Add multi tags covering all tags with the fixed prefix
• 359b264 Add replacer similar to one in JSON.stringify
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/joelwmale/webhook-action/pull/111 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 1/4/2021 **Status:** ✅ Merged **Merged:** 1/4/2021 **Merged by:** [@mergify[bot]](https://github.com/apps/mergify) **Base:** `develop` ← **Head:** `dependabot/npm_and_yarn/js-yaml-4.0.0` --- ### 📝 Commits (1) - [`03f9d00`](https://github.com/joelwmale/webhook-action/commit/03f9d0024d3656776a430971cc6d4dc954e9c89e) Bump js-yaml from 3.14.1 to 4.0.0 ### 📊 Changes **2 files changed** (+14 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `package.json` (+1 -1) 📝 `yarn.lock` (+13 -1) </details> ### 📄 Description Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 4.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.0.0] - 2021-01-03</h2> <h3>Changed</h3> <ul> <li>Check <a href="https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md">migration guide</a> to see details for all breaking changes.</li> <li>Breaking: &quot;unsafe&quot; tags <code>!!js/function</code>, <code>!!js/regexp</code>, <code>!!js/undefined</code> are moved to <a href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a> package.</li> <li>Breaking: removed <code>safe*</code> functions. Use <code>load</code>, <code>loadAll</code>, <code>dump</code> instead which are all now safe by default.</li> <li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and <code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use <code>yaml.DEFAULT_SCHEMA</code> instead.</li> <li><code>yaml.Schema.create(schema, tags)</code> is removed, use <code>schema.extend(tags)</code> instead.</li> <li><code>!!binary</code> now always mapped to <code>Uint8Array</code> on load.</li> <li>Reduced nesting of <code>/lib</code> folder.</li> <li>Parse numbers according to YAML 1.2 instead of YAML 1.1 (<code>01234</code> is now decimal, <code>0o1234</code> is octal, <code>1:23</code> is parsed as string instead of base60).</li> <li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>, <code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/470">#470</a>, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/557">#557</a>.</li> <li>Line and column in exceptions are now formatted as <code>(X:Y)</code> instead of <code>at line X, column Y</code> (also present in compact format), <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/332">#332</a>.</li> <li>Code snippet created in exceptions now contains multiple lines with line numbers.</li> <li><code>dump()</code> now serializes <code>undefined</code> as <code>null</code> in collections and removes keys with <code>undefined</code> in mappings, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/571">#571</a>.</li> <li><code>dump()</code> with <code>skipInvalid=true</code> now serializes invalid items in collections as null.</li> <li>Custom tags starting with <code>!</code> are now dumped as <code>!tag</code> instead of <code>!&lt;!tag&gt;</code>, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/576">#576</a>.</li> <li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now shorthanded using <code>!!</code>, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/258">#258</a>.</li> </ul> <h3>Added</h3> <ul> <li>Added <code>.mjs</code> (es modules) support.</li> <li>Added <code>quotingType</code> and <code>forceQuotes</code> options for dumper to configure string literal style, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/290">#290</a>, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/529">#529</a>.</li> <li>Added <code>styles: { '!!null': 'empty' }</code> option for dumper (serializes <code>{ foo: null }</code> as &quot;<code>foo: </code>&quot;), <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/570">#570</a>.</li> <li>Added <code>replacer</code> option (similar to option in JSON.stringify), <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/339">#339</a>.</li> <li>Custom <code>Tag</code> can now handle all tags or multiple tags with the same prefix, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/385">#385</a>.</li> </ul> <h3>Fixed</h3> <ul> <li>Astral characters are no longer encoded by <code>dump()</code>, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/587">#587</a>.</li> <li>&quot;duplicate mapping key&quot; exception now points at the correct column, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/452">#452</a>.</li> <li>Extra commas in flow collections (e.g. <code>[foo,,bar]</code>) now throw an exception instead of producing null, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/321">#321</a>.</li> <li><code>__proto__</code> key no longer overrides object prototype, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/164">#164</a>.</li> <li>Removed <code>bower.json</code>.</li> <li>Tags are now url-decoded in <code>load()</code> and url-encoded in <code>dump()</code> (previously usage of custom non-ascii tags may have led to invalid YAML that can't be parsed).</li> <li>Anchors now work correctly with empty nodes, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/301">#301</a>.</li> <li>Fix incorrect parsing of invalid block mapping syntax, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/418">#418</a>.</li> <li>Throw an error if block sequence/mapping indent contains a tab, <a href="https://github-redirect.dependabot.com/nodeca/js-yaml/issues/80">#80</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/ee74ce4b4800282b2f23b776be7dc95dfe34db1c"><code>ee74ce4</code></a> 4.0.0 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/a44bb7c9e1d0fc6be1a2e39dc2f06ed85c953eac"><code>a44bb7c</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/aee620a20e85e651073ad8e6468d10a032f0eca8"><code>aee620a</code></a> Throw an error if block sequence/mapping indent contains a tab</li> <li><a href="https://github.com/nodeca/js-yaml/commit/f0f205bd20534bfd31f12a29d23c1d7cf60fc899"><code>f0f205b</code></a> Fix parsing of invalid block mappings</li> <li><a href="https://github.com/nodeca/js-yaml/commit/e8cf6f6aa335c6c63d844b470240c9be661baa7f"><code>e8cf6f6</code></a> Fix error with anchor not being assigned to an empty node</li> <li><a href="https://github.com/nodeca/js-yaml/commit/a583097bbce25e2938e76f89b42e5fdabc9d6c60"><code>a583097</code></a> Shorthand tags with !! whenever possible</li> <li><a href="https://github.com/nodeca/js-yaml/commit/a0d0caa5aa0f5354fefa9c637cfb7c4c17ef7d02"><code>a0d0caa</code></a> Dump custom tags starting with <code>!</code> as <code>!tag</code> instead of <code>!\&lt;!tag&gt;</code></li> <li><a href="https://github.com/nodeca/js-yaml/commit/1ea8370e31380226a188e61af293e7088002ede0"><code>1ea8370</code></a> Fix examples</li> <li><a href="https://github.com/nodeca/js-yaml/commit/73ef02cfcb63d9f1c5932dadc1fc35f05a25fdbc"><code>73ef02c</code></a> Add multi tags covering all tags with the fixed prefix</li> <li><a href="https://github.com/nodeca/js-yaml/commit/359b264c0fbadfae86caff91879bf40e902df690"><code>359b264</code></a> Add replacer similar to one in JSON.stringify</li> <li>Additional commits viewable in <a href="https://github.com/nodeca/js-yaml/compare/3.14.1...4.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-04-23 09:31:44 -05:00

GiteaMirror closed this issue 2026-04-23 09:31:45 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

develop

master

dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-7.13.1

dependabot/npm_and_yarn/types/node-20.14.8

dependabot/npm_and_yarn/typescript-eslint/parser-7.13.1

dependabot/npm_and_yarn/braces-3.0.3

dependabot/npm_and_yarn/babel/preset-env-7.24.7

dependabot/npm_and_yarn/undici-5.28.4

v2

v2.4.2

2.4.1

2.4.0

2.3.2

2.3.1

2.3.0

2.2.0

2.1.0

2.0.2

2.0.1

2.0.0

1.0.1

1.0.0

Labels

Clear labels

pull-request

Mirrored from GitHub Pull Request

question

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/webhook-action#2189