Skip to content

Update dependency js-yaml to v5#91

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/js-yaml-5.x
Open

Update dependency js-yaml to v5#91
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/js-yaml-5.x

Conversation

@renovate

@renovate renovate Bot commented Jun 20, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
js-yaml ^4.1.0^5.0.0 age confidence

Release Notes

nodeca/js-yaml (js-yaml)

v5.1.0

Compare Source

Added
  • Collection tags can finalize an incrementally populated carrier into a
    different result value.
Changed
  • [breaking] quoteStyle now selects the preferred quote style; use the
    restored forceQuotes option to force quoting non-key strings.

v5.0.0

Compare Source

Added
  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution
    rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys.
    Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before
    rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding,
    flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and
    tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the
    test set.
Changed
  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named
    exports.
  • Reduced the set of exported schemas:
    • YAML 1.2 schemas: CORE_SCHEMA (loader default), JSON_SCHEMA,
      FAILSAFE_SCHEMA.
    • YAML11_SCHEMA, a combination of all YAML 1.1 tags (YAML 1.1 does not
      specify a schema, only "types").
  • load/dump default behaviour is now specified exactly via schemas:
    • load uses CORE_SCHEMA, without !!merge by default.
    • dump uses YAML11_SCHEMA + CORE_SCHEMA for the quoting check, to
      guarantee backward compatibility by default.
  • !!set is now loaded as a JavaScript Set.
  • Replaced the Type API with a tags API. Similar, but more precise and
    simpler. See examples for details. Tags can be defined via
    defineScalarTag(), defineSequenceTag() and defineMappingTag(), or as a
    spread + override of an existing tag.
  • Renamed Schema.extend() to Schema.withTags().
  • Expanded YAML 1.2 conformance and improved handling of directives, document
    markers, block keys, multiline scalars, tag syntax and other things.
  • load() now throws on empty input instead of returning undefined.
  • Moved browser builds to the js-yaml/browser export.
  • Deprecated the loadAll signature with an iterator (still works, but is a
    candidate for removal).
Removed
  • Removed deprecated safeLoad(), safeLoadAll() and safeDump() exports.
  • Removed DEFAULT_SCHEMA and the nested types export.
  • Removed loader options onWarning, legacy and listener.
  • Removed dumper options styles, replacer, noCompatMode, condenseFlow,
    quotingType and forceQuotes. Renamed noArrayIndent to seqNoIndent.
    Formatting and representation are now configured through presenter options,
    schemas and tag definitions. See migration guide on how to replace.
  • Removed support for importing internal files from lib/.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions[bot]
github-actions Bot requested changes Jun 20, 2026
View reviewed changes

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 PR Reviewer

The diff bumps js-yaml from ^4.1.0 to ^5.0.0. As of this review, js-yaml 5.x does not exist as a stable release — the latest stable is 4.x. Specifying ^5.0.0 will either fail to resolve or pull in an unstable/pre-release version, which could break the build or introduce unexpected behavior.

📝 1 suggestion(s) - Please review inline comments below.

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

Comment thread package.json
"dotenv": "^17.0.0",
"http-cookie-agent": "^6.0.8",
"js-yaml": "^4.1.0",
"js-yaml": "^5.0.0",

@github-actions github-actions Bot Jun 20, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

js-yaml 5.x does not have a stable release. This version specifier will fail to resolve or pull in a pre-release. Revert to the latest stable major (4.x).

Suggested change
"js-yaml": "^5.0.0",
"js-yaml": "^4.1.0",

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants