diff --git a/package.json b/package.json index bfeec5f179..31f6e1b2ac 100644 --- a/package.json +++ b/package.json @@ -90,7 +90,7 @@ "gravatar-url": "^3.1.0", "helmet": "^4.1.0", "joi": "^17.3.0", - "js-yaml": "^3.14.0", + "js-yaml": "^4.1.0", "knex": "0.95.11", "log4js": "^6.0.0", "memoizee": "^0.4.15", @@ -118,7 +118,7 @@ "@types/express-session": "1.17.4", "@types/faker": "5.5.8", "@types/jest": "27.0.2", - "@types/js-yaml": "3.12.7", + "@types/js-yaml": "4.0.3", "@types/memoizee": "0.4.6", "@types/node": "16.6.1", "@types/node-fetch": "2.5.12", diff --git a/src/lib/addons/slack.ts b/src/lib/addons/slack.ts index 2251a2c9c8..24c5bc1061 100644 --- a/src/lib/addons/slack.ts +++ b/src/lib/addons/slack.ts @@ -123,7 +123,7 @@ This was changed by ${createdBy}.`; const stale = data.stale ? '("stale")' : ''; const typeStr = `*Type*: ${data.type}`; const project = `*Project*: ${data.project}`; - const strategies = `*Activation strategies*: \`\`\`${YAML.safeDump( + const strategies = `*Activation strategies*: \`\`\`${YAML.dump( data.strategies, { skipInvalid: true }, )}\`\`\``; diff --git a/src/lib/addons/teams.ts b/src/lib/addons/teams.ts index 6902661546..1c9c6c146e 100644 --- a/src/lib/addons/teams.ts +++ b/src/lib/addons/teams.ts @@ -109,7 +109,7 @@ export default class TeamsAddon extends Addon { const { data } = event; const typeStr = `*Type*: ${data.type}`; const project = `*Project*: ${data.project}`; - const strategies = `*Activation strategies*: \n${YAML.safeDump( + const strategies = `*Activation strategies*: \n${YAML.dump( data.strategies, { skipInvalid: true }, )}`; diff --git a/src/lib/routes/admin-api/state.ts b/src/lib/routes/admin-api/state.ts index ee010bd47c..2ff57e322e 100644 --- a/src/lib/routes/admin-api/state.ts +++ b/src/lib/routes/admin-api/state.ts @@ -50,7 +50,7 @@ class StateController extends Controller { // @ts-ignore if (mime.getType(req.file.originalname) === 'text/yaml') { // @ts-ignore - data = YAML.safeLoad(req.file.buffer); + data = YAML.load(req.file.buffer); } else { // @ts-ignore data = JSON.parse(req.file.buffer); @@ -93,7 +93,7 @@ class StateController extends Controller { if (downloadFile) { res.attachment(`export-${timestamp}.yml`); } - res.type('yaml').send(YAML.safeDump(data, { skipInvalid: true })); + res.type('yaml').send(YAML.dump(data, { skipInvalid: true })); } else { if (downloadFile) { res.attachment(`export-${timestamp}.json`); diff --git a/src/lib/services/state-util.ts b/src/lib/services/state-util.ts index a576781ab1..3ec2a7278f 100644 --- a/src/lib/services/state-util.ts +++ b/src/lib/services/state-util.ts @@ -12,8 +12,7 @@ export const readFile: (file: string) => Promise = (file) => export const parseFile: (file: string, data: string) => any = ( file: string, data: string, -) => - mime.lookup(file) === 'text/yaml' ? YAML.safeLoad(data) : JSON.parse(data); +) => (mime.lookup(file) === 'text/yaml' ? YAML.load(data) : JSON.parse(data)); export const filterExisting: ( keepExisting: boolean, diff --git a/yarn.lock b/yarn.lock index 95d8e33f83..d77b2a0d49 100644 --- a/yarn.lock +++ b/yarn.lock @@ -794,10 +794,10 @@ jest-diff "^27.0.0" pretty-format "^27.0.0" -"@types/js-yaml@3.12.7": - version "3.12.7" - resolved "https://registry.yarnpkg.com/@types/js-yaml/-/js-yaml-3.12.7.tgz#330c5d97a3500e9c903210d6e49f02964af04a0e" - integrity sha512-S6+8JAYTE1qdsc9HMVsfY7+SgSuUU/Tp6TYTmITW0PZxiyIMvol3Gy//y69Wkhs0ti4py5qgR3uZH6uz/DNzJQ== +"@types/js-yaml@4.0.3": + version "4.0.3" + resolved "https://registry.yarnpkg.com/@types/js-yaml/-/js-yaml-4.0.3.tgz#9f33cd6fbf0d5ec575dc8c8fc69c7fec1b4eb200" + integrity sha512-5t9BhoORasuF5uCPr+d5/hdB++zRFUTMIZOzbNkr+jZh3yQht4HYbRDyj9fY8n2TZT30iW9huzav73x4NikqWg== "@types/json-schema@^7.0.7": version "7.0.9" @@ -1200,6 +1200,11 @@ argparse@^1.0.7: dependencies: sprintf-js "~1.0.2" +argparse@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38" + integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q== + arr-diff@^4.0.0: version "4.0.0" resolved "https://registry.npmjs.org/arr-diff/-/arr-diff-4.0.0.tgz" @@ -4392,7 +4397,7 @@ js-tokens@^4.0.0: resolved "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz" integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== -js-yaml@^3.13.1, js-yaml@^3.14.0: +js-yaml@^3.13.1: version "3.14.1" resolved "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz" integrity sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g== @@ -4400,6 +4405,13 @@ js-yaml@^3.13.1, js-yaml@^3.14.0: argparse "^1.0.7" esprima "^4.0.0" +js-yaml@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602" + integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA== + dependencies: + argparse "^2.0.1" + jsbn@~0.1.0: version "0.1.1" resolved "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz"