Skip to content

build(deps-dev): bump js-yaml from 4.2.0 to 5.0.0#226

Merged
Voziv merged 1 commit into
mainfrom
dependabot/npm_and_yarn/js-yaml-5.0.0
Jun 22, 2026
Merged

build(deps-dev): bump js-yaml from 4.2.0 to 5.0.0#226
Voziv merged 1 commit into
mainfrom
dependabot/npm_and_yarn/js-yaml-5.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps js-yaml from 4.2.0 to 5.0.0.

Changelog

Sourced from js-yaml's changelog.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.
  • Reduced the set of exported schemas:
    • YAML 1.2 schemas: CORE_SCHEMA (loader default), JSON_SCHEMA, FAILSAFE_SCHEMA.
    • YAML11_SCHEMA, a combination of all YAML 1.1 tags (YAML 1.1 does not specify a schema, only "types").
  • load/dump default behaviour is now specified exactly via schemas:
    • load uses CORE_SCHEMA, without !!merge by default.
    • dump uses YAML11_SCHEMA + CORE_SCHEMA for the quoting check, to guarantee backward compatibility by default.
  • !!set is now loaded as a JavaScript Set.
  • Replaced the Type API with a tags API. Similar, but more precise and simpler. See examples for details. Tags can be defined via defineScalarTag(), defineSequenceTag() and defineMappingTag(), or as a spread + override of an existing tag.
  • Renamed Schema.extend() to Schema.withTags().
  • Expanded YAML 1.2 conformance and improved handling of directives, document markers, block keys, multiline scalars, tag syntax and other things.
  • load() now throws on empty input instead of returning undefined.
  • Moved browser builds to the js-yaml/browser export.
  • Deprecated the loadAll signature with an iterator (still works, but is a candidate for removal).

Removed

  • Removed deprecated safeLoad(), safeLoadAll() and safeDump() exports.
  • Removed DEFAULT_SCHEMA and the nested types export.
  • Removed loader options onWarning, legacy and listener.
  • Removed dumper options styles, replacer, noCompatMode, condenseFlow, quotingType and forceQuotes. Renamed noArrayIndent to seqNoIndent. Formatting and representation are now configured through presenter options,

... (truncated)

Commits
  • 75148bc 5.0.0 released
  • 704b25d Quote document markers followed by whitespace
  • 42dea28 Support complex !!pairs keys with realMapTag
  • 6cf374e Fix dumping strings that collide with YAML markers
  • 65b8d94 Clarify !!omap/!!pairs support
  • 33e3640 Move tagname helpers to common/ and remove unused exports
  • 4dd582b Cleanup export types
  • 39b3792 Add types export
  • 0cd01e9 docs: update for v5
  • c5a61a4 Fix presenter coverage
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.2.0 to 5.0.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.2.0...5.0.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 22, 2026
@dependabot dependabot Bot requested a review from Voziv as a code owner June 22, 2026 00:53
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 22, 2026
@github-actions

Copy link
Copy Markdown

Coverage report

St.
Category Percentage Covered / Total
🟢 Statements 95.13% 215/226
🟢 Branches 82.83% 82/99
🟢 Functions 100% 45/45
🟢 Lines 95.07% 212/223

Test suite run success

38 tests passing in 6 suites.

Report generated by 🧪jest coverage report action from a677c0a

@github-actions

Copy link
Copy Markdown

ArgoCD Diff 127.0.0.1:8080 for commit a677c0a

Updated at 2026-06-21, 8:58:44 p.m. EDT

App: e2e-app
YAML generation: Success 🟢
App sync status: Synced ✅

Details
===== apps/Deployment e2e-app/e2e-app ======
99c99
<   replicas: 1
---
>   replicas: 2
---
Legend Status
The app is synced in ArgoCD, and diffs you see are solely from this PR.
⚠️ The app is out-of-sync in ArgoCD, and the diffs you see include those changes plus any from this PR.
🛑 There was an error generating the ArgoCD diffs due to changes in this PR.

@Voziv Voziv merged commit 9c88c45 into main Jun 22, 2026
10 checks passed
@Voziv Voziv deleted the dependabot/npm_and_yarn/js-yaml-5.0.0 branch June 22, 2026 02:29
argocd-diff-action-bot Bot pushed a commit that referenced this pull request Jun 22, 2026
## [0.7.2](0.7.1...0.7.2) (2026-06-22)

### Build & Dependencies

* **deps-dev:** bump js-yaml from 4.2.0 to 5.0.0 ([#226](#226)) ([9c88c45](9c88c45))
* **deps-dev:** bump the npm-development group across 1 directory with 3 updates ([#216](#216)) ([ec5bd2b](ec5bd2b))
* **deps-dev:** bump the npm-development group with 2 updates ([#222](#222)) ([19291ca](19291ca))
* **deps-dev:** bump the npm-development group with 5 updates ([#223](#223)) ([0a4a2aa](0a4a2aa))
* **deps-dev:** bump typescript-eslint from 8.61.0 to 8.61.1 in the npm-development group ([#225](#225)) ([b084655](b084655))
* **deps:** bump actions/checkout from 6 to 7 ([#224](#224)) ([117a7e7](117a7e7))

### Continous Integration

* **dependabot:** add cooldown to delay new dependency PRs ([#217](#217)) ([9f56aaa](9f56aaa)), closes [#216](#216) [#216](#216)
* **e2e:** automate ArgoCD version bumps ([#219](#219)) ([893105f](893105f))
* **e2e:** bump ArgoCD test versions (patch) ([#220](#220)) ([b8d0874](b8d0874))
* **e2e:** pin deterministic admin password to fix login race ([#218](#218)) ([035ed85](035ed85)), closes [#26](#26)
* modernize workflow action usage ([#221](#221)) ([1873816](1873816))
* run lint on PRs ([#227](#227)) ([c3431bc](c3431bc))

[skip release]
@argocd-diff-action-bot

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 0.7.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code released size/s

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant