Skip to content

build(deps): bump js-yaml from 4.2.0 to 5.0.0#2913

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/main/js-yaml-5.0.0
Open

build(deps): bump js-yaml from 4.2.0 to 5.0.0#2913
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/main/js-yaml-5.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps js-yaml from 4.2.0 to 5.0.0.

Changelog

Sourced from js-yaml's changelog.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.
  • Reduced the set of exported schemas:
    • YAML 1.2 schemas: CORE_SCHEMA (loader default), JSON_SCHEMA, FAILSAFE_SCHEMA.
    • YAML11_SCHEMA, a combination of all YAML 1.1 tags (YAML 1.1 does not specify a schema, only "types").
  • load/dump default behaviour is now specified exactly via schemas:
    • load uses CORE_SCHEMA, without !!merge by default.
    • dump uses YAML11_SCHEMA + CORE_SCHEMA for the quoting check, to guarantee backward compatibility by default.
  • !!set is now loaded as a JavaScript Set.
  • Replaced the Type API with a tags API. Similar, but more precise and simpler. See examples for details. Tags can be defined via defineScalarTag(), defineSequenceTag() and defineMappingTag(), or as a spread + override of an existing tag.
  • Renamed Schema.extend() to Schema.withTags().
  • Expanded YAML 1.2 conformance and improved handling of directives, document markers, block keys, multiline scalars, tag syntax and other things.
  • load() now throws on empty input instead of returning undefined.
  • Moved browser builds to the js-yaml/browser export.
  • Deprecated the loadAll signature with an iterator (still works, but is a candidate for removal).

Removed

  • Removed deprecated safeLoad(), safeLoadAll() and safeDump() exports.
  • Removed DEFAULT_SCHEMA and the nested types export.
  • Removed loader options onWarning, legacy and listener.
  • Removed dumper options styles, replacer, noCompatMode, condenseFlow, quotingType and forceQuotes. Renamed noArrayIndent to seqNoIndent. Formatting and representation are now configured through presenter options,

... (truncated)

Commits
  • 75148bc 5.0.0 released
  • 704b25d Quote document markers followed by whitespace
  • 42dea28 Support complex !!pairs keys with realMapTag
  • 6cf374e Fix dumping strings that collide with YAML markers
  • 65b8d94 Clarify !!omap/!!pairs support
  • 33e3640 Move tagname helpers to common/ and remove unused exports
  • 4dd582b Cleanup export types
  • 39b3792 Add types export
  • 0cd01e9 docs: update for v5
  • c5a61a4 Fix presenter coverage
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 29, 2026
@kubernetes-prow kubernetes-prow Bot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jun 29, 2026
@kubernetes-prow

kubernetes-prow Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign cjihrig for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubernetes-prow kubernetes-prow Bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jun 29, 2026
@dependabot
build(deps): bump js-yaml from 4.2.0 to 5.0.0
330261c 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.2.0 to 5.0.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.2.0...5.0.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/main/js-yaml-5.0.0 branch from 06fe45b to 330261c Compare June 29, 2026 07:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brendandburns brendandburns Awaiting requested review from brendandburns
@mstruebing mstruebing Awaiting requested review from mstruebing

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants