Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade yaml from 2.2.1 to 2.3.2 #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade yaml from 2.2.1 to 2.3.2 #2

wants to merge 1 commit into from

Conversation

Abuchtela
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade yaml from 2.2.1 to 2.3.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 10 versions ahead of your current version.
  • The recommended version was released 25 days ago, on 2023-08-28.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Uncaught Exception
SNYK-JS-YAML-5458867		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: yaml
  • 2.3.2 - 2023-08-28
    • Fix docs typo (#489)
    • Do not require quotes for implicit keys with flow indicators (#494)
    • Update Prettier to v3 & update ESLint config
  • 2.3.1 - 2023-05-26
    • Drop npm from package.json "engines" config (#476)
  • 2.3.0 - 2023-05-23

    This release corresponds with the release of yaml-types v0.2.0, an expanding library of custom tags or types for use with yaml.

    This release contains no changes from v2.3.0-5, and the notes below include all changes from the v2.3.0-x prereleases.

    Custom Tag Improvements

    • Add export of createNode() & createPair() to 'yaml/util' (#457)
    • Add static from() methods to simplify tag development, and otherwise make extending custom collections easier (#467)

    TypeScript Improvements

    • Add a second optional generic type argument Strict to Document instances. (#441)
    • Add types exports for TypeScript (#463)
    • Export StringifyContext type from 'yaml/util' (#464)

    Other New Features

    • Add a toJS(doc, options?) method to nodes (#451, #458)
    • Set explicit tag during createNode() for non-default tags (#464)

    Bugfixes

    • Use correct argument order when stringifying flow collection comments (#443)
    • Improve first-line folding for block scalars (#422)
  • 2.3.0-5 - 2023-05-06
    • Make extending custom collections easier (#467)
    • Fix corner case failure in error pretty-printer (CVE-2023-2251)
  • 2.3.0-4 - 2023-04-18

    New Features

    • Set explicit tag during createNode() for non-default tags (#464)
    • Export StringifyContext type from 'yaml/util' (#464)
  • 2.3.0-3 - 2023-04-14

    Bugfixes

    • Improve missing-argument error on node .toJS() method (#458)
    • Add types exports for TypeScript (#463)
    • Drop incompatible/unnecessary typesVersions from package.json (#463)
  • 2.3.0-2 - 2023-04-14
  • 2.3.0-1 - 2023-04-04

    New Features

    • Add a toJS(doc, options?) method to nodes (#451)
    • Add export of createNode() & createPair() to 'yaml/util' (#457)

    Bugfixes

    • First-line folding for block scalars (#422)
  • 2.3.0-0 - 2023-03-11

    This release is made available first as a prerelease to gauge the effects of the TypeScript changes, which add a second optional generic type argument Strict to Document instances. While this change appears to improve the TS usage experience at least with basic patterns, it's possible that it doesn't take into account some usage that would be negatively affected by the change.

    Comments are requested, both for and against the change.

    New Features

    • Improve TS developer experience (#441)

    Bugfixes

    • Use correct argument order when stringifying flow collection comments (#443)
  • 2.2.2 - 2023-04-24

    This patch release includes a fix for an error that could be thrown in parseDocument for degenerate input. Otherwise, it's a patch release uplifting a few fixes from the ongoing v2.3 work to v2.2:

    • Corner case failure in error pretty-printer (CVE-2023-2251)
    • Use correct argument order when stringifying flow collection comments (#443)
    • First-line folding for block scalars (#422)
  • 2.2.1 - 2022-12-30
    • Quote top-level map keys containing document markers (#431)
from yaml GitHub release notes
Commit messages
Package name: yaml

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@socket-security
Copy link

Removed dependencies detected. Learn more about Socket for GitHub ↗︎

🚮 Removed packages: yaml@2.2.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@Abuchtela @snyk-bot