From 7f015184cc03be0c5a6c9cc8ec7a881a6b3197c6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Sep 2025 16:15:08 +0000 Subject: [PATCH 1/4] Bump js-yaml and @types/js-yaml Bumps [js-yaml](https://github.com/nodeca/js-yaml) and [@types/js-yaml](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/js-yaml). These dependencies needed to be updated together. Updates `js-yaml` from 3.14.1 to 4.1.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/3.14.1...4.1.0) Updates `@types/js-yaml` from 3.12.10 to 4.0.9 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/js-yaml) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: "@types/js-yaml" dependency-version: 4.0.9 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package-lock.json | 116 +++++++++++++++++++++++----------------------- package.json | 4 +- 2 files changed, 61 insertions(+), 59 deletions(-) diff --git a/package-lock.json b/package-lock.json index fd820476..4ee0b16e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "@ts-common/string-map": "^0.3.0", "acorn": "^5.7.4", "autorest": "^3.6.1", - "js-yaml": "^3.13.1", + "js-yaml": "^4.1.0", "json-pointer": "^0.6.2", "json-refs": "^3.0.15", "kind-of": "^6.0.3", @@ -37,7 +37,7 @@ "@eslint/js": "^9.4.0", "@types/eslint__js": "^8.42.3", "@types/jest": "^29.5.12", - "@types/js-yaml": "^3.12.1", + "@types/js-yaml": "^4.0.9", "@types/json-pointer": "^1.0.30", "@types/node": "^20.0.0", "@types/yargs": "^13.0.0", @@ -635,26 +635,6 @@ "url": "https://opencollective.com/eslint" } }, - "node_modules/@eslint/eslintrc/node_modules/argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true, - "license": "Python-2.0" - }, - "node_modules/@eslint/eslintrc/node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", - "dev": true, - "license": "MIT", - "dependencies": { - "argparse": "^2.0.1" - }, - "bin": { - "js-yaml": "bin/js-yaml.js" - } - }, "node_modules/@eslint/js": { "version": "9.34.0", "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.34.0.tgz", @@ -723,6 +703,16 @@ "node": ">=8" } }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dev": true, + "license": "MIT", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", @@ -737,6 +727,20 @@ "node": ">=8" } }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "dev": true, + "license": "MIT", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", @@ -1459,9 +1463,9 @@ } }, "node_modules/@types/js-yaml": { - "version": "3.12.10", - "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.10.tgz", - "integrity": "sha512-/Mtaq/wf+HxXpvhzFYzrzCqNRcA958sW++7JOFC8nPrZcvfi/TrzOaaGbvt27ltJB2NQbHVAg5a1wUCsyMH7NA==", + "version": "4.0.9", + "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "integrity": "sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg==", "dev": true, "license": "MIT" }, @@ -1857,13 +1861,10 @@ } }, "node_modules/argparse": { - "version": "1.0.10", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", - "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", - "license": "MIT", - "dependencies": { - "sprintf-js": "~1.0.2" - } + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "license": "Python-2.0" }, "node_modules/array-union": { "version": "2.1.0", @@ -2780,26 +2781,6 @@ "node": "^12.22.0 || ^14.17.0 || >=16.0.0" } }, - "node_modules/eslint/node_modules/argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true, - "license": "Python-2.0" - }, - "node_modules/eslint/node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", - "dev": true, - "license": "MIT", - "dependencies": { - "argparse": "^2.0.1" - }, - "bin": { - "js-yaml": "bin/js-yaml.js" - } - }, "node_modules/espree": { "version": "9.6.1", "resolved": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", @@ -4478,13 +4459,12 @@ "license": "MIT" }, "node_modules/js-yaml": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", "license": "MIT", "dependencies": { - "argparse": "^1.0.7", - "esprima": "^4.0.0" + "argparse": "^2.0.1" }, "bin": { "js-yaml": "bin/js-yaml.js" @@ -4548,6 +4528,28 @@ "node": ">=0.8" } }, + "node_modules/json-refs/node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "license": "MIT", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/json-refs/node_modules/js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "license": "MIT", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, "node_modules/json-schema-traverse": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", diff --git a/package.json b/package.json index 2d9d294a..6a7a67b8 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "@ts-common/string-map": "^0.3.0", "acorn": "^5.7.4", "autorest": "^3.6.1", - "js-yaml": "^3.13.1", + "js-yaml": "^4.1.0", "json-pointer": "^0.6.2", "json-refs": "^3.0.15", "kind-of": "^6.0.3", @@ -34,7 +34,7 @@ "@eslint/js": "^9.4.0", "@types/eslint__js": "^8.42.3", "@types/jest": "^29.5.12", - "@types/js-yaml": "^3.12.1", + "@types/js-yaml": "^4.0.9", "@types/json-pointer": "^1.0.30", "@types/node": "^20.0.0", "@types/yargs": "^13.0.0", From 57a75fa4a82adef725f8bbfbaf7eaf73db2c9728 Mon Sep 17 00:00:00 2001 From: Mike Harder Date: Fri, 26 Sep 2025 19:08:25 +0000 Subject: [PATCH 2/4] bump versoin to 0.12.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a3a53b91..f935b088 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@azure/oad", - "version": "0.12.1", + "version": "0.12.2", "author": { "name": "Microsoft Corporation", "email": "azsdkteam@microsoft.com", From bf3e465bc3f766ae4533003b23f040b4fbada75b Mon Sep 17 00:00:00 2001 From: Mike Harder Date: Fri, 26 Sep 2025 19:09:08 +0000 Subject: [PATCH 3/4] Use YAML.load() (now safe by default) --- src/lib/util/utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/util/utils.ts b/src/lib/util/utils.ts index ec613d05..8fd7af5b 100644 --- a/src/lib/util/utils.ts +++ b/src/lib/util/utils.ts @@ -86,7 +86,7 @@ export function parseContent(filePath: string, fileContent: string) { if (/.*\.json$/gi.test(filePath)) { result = JSON.parse(fileContent) } else if (/.*\.ya?ml$/gi.test(filePath)) { - result = YAML.safeLoad(fileContent) + result = YAML.load(fileContent) } else { const msg = `We currently support "*.json" and "*.yaml | *.yml" file formats for validating swaggers.\n` + From aace3a057d5d5fe26cc1e952a9b369fe748d9827 Mon Sep 17 00:00:00 2001 From: Mike Harder Date: Fri, 26 Sep 2025 19:13:02 +0000 Subject: [PATCH 4/4] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37e25109..4155819c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## 0.12.2 2025-09-22 +- bump dependency `js-yaml` from `^3.13.0` to `^4.1.0` - remove unused dependencies - acorn - kind-of