fix: migrate to js-yaml v5#2908
Conversation
🦋 Changeset detectedLatest commit: e777d9d The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Coverage Report
File Coverage
|
||||||||||||||||||||||||||||||||||||||
|
📦 A new experimental 🧪 version v0.0.0-snapshot.1782145948 of Redocly CLI has been published for testing. Install with NPM: npm install @redocly/cli@0.0.0-snapshot.1782145948 |
| }, | ||
| ], | ||
| "message": "Can't resolve $ref: unexpected end of the stream within a single quoted scalar in "fixtures/invalid-yaml.yaml" (2:1)", | ||
| "message": "Can't resolve $ref: unexpected end of the stream within a single quoted scalar in "fixtures/invalid-yaml.yaml" (1:8)", |
There was a problem hiding this comment.
Please test this in the VSCE.
2639e3f to
8ed7d77
Compare
|
Performance Benchmark fails due to indentation, already notified the OAS description owners. |
|
📦 A new experimental 🧪 version v0.0.0-snapshot.1782209756 of Redocly CLI has been published for testing. Install with NPM: npm install @redocly/cli@0.0.0-snapshot.1782209756 |
a078710 to
e777d9d
Compare
Performance Benchmark (Lower is Faster)
Warning This PR may introduce a performance regression vs the latest released version:
|
|
📦 A new experimental 🧪 version v0.0.0-snapshot.1784280563 of Redocly CLI has been published for testing. Install with NPM: npm install @redocly/cli@0.0.0-snapshot.1784280563 |
What/Why/How?
Upgraded
js-yamlfrom v4 to v5. This fixes bundling of strings that look like numbers with underscores (e.g.'12_34'): they are now kept quoted in YAML output instead of being emitted unquoted and read back as numbers by YAML 1.1 parsers.Breaking change: js-yaml v5 parses YAML more strictly. A multi-line flow collection whose closing bracket is indented to (or below) the level of its parent key is now a parse error. For example, this no longer parses and must be reindented:
All other scalar resolution (hex/octal/leading-zero integers, capitalized booleans,
~as null, dates kept as strings) and the handling of empty/comment-only documents are unchanged.Reference
#2906
Alternative
#2907
Testing
Screenshots (optional)
Check yourself
Security
Note
Medium Risk
Core YAML parse/stringify affects all lint, bundle, and config loading; stricter parsing can break previously accepted OpenAPI YAML, though underscore-number bundling is a targeted fix.
Overview
Upgrades
js-yamlfrom 4.2.0 to 5.2.1 in@redocly/openapi-coreand adapts the YAML wrapper to the v5 API (CORE_SCHEMA.withTags,loadAllwith single-document enforcement, and explicit handling of empty vs comment-only input).@types/js-yamlis dropped because v5 ships its own types.Bundled YAML output now keeps values like
12_34quoted so they round-trip as strings instead of being emitted as bare numbers. E2E coverage was added for that behavior.Breaking: v5 parses YAML more strictly—multi-line flow collections whose closing
}/]is not indented deeper than the parent key now fail to parse. Parse errors also point at the offending token (test snapshots updated) rather than the end of the file.Reviewed by Cursor Bugbot for commit e777d9d. Bugbot is set up for automated code reviews on this repo. Configure here.