Socket
Socket
Sign inDemoInstall

js-yaml

Package Overview
Dependencies
1
Maintainers
1
Versions
72
Alerts
File Explorer

Advanced tools

Install Socket

Protect your apps from supply chain attacks

Install
2345
8Next

4.1.0

Diff

Changelog

Source

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).
vitaly
published 4.0.0 •

Changelog

Source

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.
  • Added replacer option (similar to option in JSON.stringify), #339.
  • Custom Tag can now handle all tags or multiple tags with the same prefix, #385.

Fixed

  • Astral characters are no longer encoded by dump(), #587.
  • "duplicate mapping key" exception now points at the correct column, #452.
  • Extra commas in flow collections (e.g. [foo,,bar]) now throw an exception instead of producing null, #321.
  • __proto__ key no longer overrides object prototype, #164.
  • Removed bower.json.
  • Tags are now url-decoded in load() and url-encoded in dump() (previously usage of custom non-ascii tags may have led to invalid YAML that can't be parsed).
  • Anchors now work correctly with empty nodes, #301.
  • Fix incorrect parsing of invalid block mapping syntax, #418.
  • Throw an error if block sequence/mapping indent contains a tab, #80.
vitaly
published 3.14.1 •

Changelog

Source

[3.14.1] - 2020-12-07

Security

  • Fix possible code execution in (already unsafe) .load() (in &anchor).
vitaly
published 3.14.0 •

Changelog

Source

[3.14.0] - 2020-05-22

Changed

  • Support safe/loadAll(input, options) variant of call.
  • CI: drop outdated nodejs versions.
  • Dev deps bump.

Fixed

  • Quote = in plain scalars #519.
  • Check the node type for !<?> tag in case user manually specifies it.
  • Verify that there are no null-bytes in input.
  • Fix wrong quote position when writing condensed flow, #526.
vitaly
published 3.13.1 •

Changelog

Source

[3.13.1] - 2019-04-05

Security

  • Fix possible code execution in (already unsafe) .load(), #480.
vitaly
published 3.13.0 •

Changelog

Source

[3.13.0] - 2019-03-20

Security

  • Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.
vitaly
published 3.12.2 •

Changelog

Source

[3.12.2] - 2019-02-26

Fixed

  • Fix noArrayIndent option for root level, #468.
vitaly
published 3.12.1 •

Changelog

Source

[3.12.1] - 2019-01-05

Added

  • Added noArrayIndent option, #432.
vitaly
published 3.12.0 •

Changelog

Source

[3.12.0] - 2018-06-02

Changed

  • Support arrow functions without a block statement, #421.
vitaly
published 3.11.0 •

Changelog

Source

[3.11.0] - 2018-03-05

Added

  • Add arrow functions suport for !!js/function.

Fixed

  • Fix dump in bin/octal/hex formats for negative integers, #399.
2345
8Next
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc