@stoplight/json-schema-ref-parser - npm Package Compare versions

Comparing version 9.0.2 to 9.0.3

lib/parsers/yaml.js

 "use strict";
 
 const { ParserError } = require("../util/errors");
-const yaml = require("js-yaml");
+const yaml = require("@stoplight/yaml");
 
@@ -48,3 +48,13 @@ module.exports = {
       try {
-        return yaml.safeLoad(data);
+        const parsed = yaml.parseWithPointers(data, {
+          ignoreDuplicateKeys: true,
+          mergeKeys: false,
+        });
+
+        if (parsed.diagnostics.some(diagnostic => diagnostic.severity === 0)) {
+          const { message, range: { start: { line, character }}} = parsed.diagnostics[0];
+          throw new ParserError(`${message} at line ${line + 1}, column ${character + 1}:`, file.url);
+        }
+
+        return parsed.data;
       }
@@ -51,0 +61,0 @@ catch (e) {

package.json

 {
   "name": "@stoplight/json-schema-ref-parser",
-  "version": "9.0.2",
+  "version": "9.0.3",
   "description": "Parse, Resolve, and Dereference JSON Schema $ref pointers",
@@ -74,5 +74,5 @@ "keywords": [
     "@jsdevtools/ono": "^7.1.2",
-    "call-me-maybe": "^1.0.1",
-    "js-yaml": "^3.13.1"
+    "@stoplight/yaml": "^4.0.2",
+    "call-me-maybe": "^1.0.1"
   }
 }

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

146577

increased by0.29%

Lines of code

3072

increased by0.26%

Number of medium supply chain risk alerts

2

decreased by-33.33%

Dependency changes

• + Added@stoplight/yaml@^4.0.2

• + Added@stoplight/ordered-object-literal@1.0.5(transitive)

• + Added@stoplight/types@14.1.1(transitive)

• + Added@stoplight/yaml@4.3.0(transitive)

• + Added@stoplight/yaml-ast-parser@0.0.50(transitive)

• + Added@types/json-schema@7.0.15(transitive)

• + Addedtslib@2.8.1(transitive)

• + Addedutility-types@3.11.0(transitive)

• - Removedjs-yaml@^3.13.1

• - Removedargparse@1.0.10(transitive)

• - Removedesprima@4.0.1(transitive)

• - Removedjs-yaml@3.14.1(transitive)

• - Removedsprintf-js@1.0.3(transitive)