Merge pull request #1307 from github/dependabot/npm_and_yarn/extensions/ql-vscode/js-yaml-4.1.0

Bump js-yaml from 3.14.0 to 4.1.0 in /extensions/ql-vscode

Author: aeisenberg

extensions/ql-vscode/gulpfile.ts/textmate.ts

@@ -219,14 +219,14 @@ function transformFile(yaml: any) {
 }
 
 export function transpileTextMateGrammar() {
-  return through.obj((file: Vinyl, _encoding: string, callback: Function): void => {
+  return through.obj((file: Vinyl, _encoding: string, callback: (err: string | null, file: Vinyl | PluginError) => void): void => {
     if (file.isNull()) {
       callback(null, file);
     }
     else if (file.isBuffer()) {
       const buf: Buffer = file.contents;
       const yamlText: string = buf.toString('utf8');
-      const jsonData: any = jsYaml.safeLoad(yamlText);
+      const jsonData: any = jsYaml.load(yamlText);
       transformFile(jsonData);
 
       file.contents = Buffer.from(JSON.stringify(jsonData, null, 2), 'utf8');

extensions/ql-vscode/package-lock.json

@@ -1139,7 +1139,7 @@
     "d3-graphviz": "^2.6.1",
     "fs-extra": "^10.0.1",
     "glob-promise": "^3.4.0",
-    "js-yaml": "^3.14.0",
+    "js-yaml": "^4.1.0",
     "minimist": "~1.2.6",
     "nanoid": "^3.2.0",
     "node-fetch": "~2.6.7",

extensions/ql-vscode/package.json

@@ -45,7 +45,7 @@ async function resolveQueriesFromPacks(cli: CodeQLCliServer, qlpacks: string[],
       }
     });
   }
-  await fs.writeFile(suiteFile, yaml.safeDump(suiteYaml), 'utf8');
+  await fs.writeFile(suiteFile, yaml.dump(suiteYaml), 'utf8');
 
   const queries = await cli.resolveQueriesInSuite(suiteFile, helpers.getOnDiskWorkspaceFolders());
   return queries;

extensions/ql-vscode/src/contextual/queryResolver.ts

@@ -289,7 +289,7 @@ interface QlPackWithPath {
 async function findDbschemePack(packs: QlPackWithPath[], dbschemePath: string): Promise<{ name: string; isLibraryPack: boolean; }> {
   for (const { packDir, packName } of packs) {
     if (packDir !== undefined) {
-      const qlpack = yaml.safeLoad(await fs.readFile(path.join(packDir, 'qlpack.yml'), 'utf8')) as { dbscheme?: string; library?: boolean; };
+      const qlpack = yaml.load(await fs.readFile(path.join(packDir, 'qlpack.yml'), 'utf8')) as { dbscheme?: string; library?: boolean; };
       if (qlpack.dbscheme !== undefined && path.basename(qlpack.dbscheme) === path.basename(dbschemePath)) {
         return {
           name: packName,

extensions/ql-vscode/src/helpers.ts

@@ -123,7 +123,7 @@ export async function displayQuickQuery(
         version: '1.0.0',
         libraryPathDependencies: [qlpack]
       };
-      await fs.writeFile(qlPackFile, QLPACK_FILE_HEADER + yaml.safeDump(quickQueryQlpackYaml), 'utf8');
+      await fs.writeFile(qlPackFile, QLPACK_FILE_HEADER + yaml.dump(quickQueryQlpackYaml), 'utf8');
     }
 
     if (shouldRewrite || !(await fs.pathExists(qlFile))) {
@@ -144,6 +144,6 @@ async function checkShouldRewrite(qlPackFile: string, newDependency: string) {
   if (!(await fs.pathExists(qlPackFile))) {
     return true;
   }
-  const qlPackContents: any = yaml.safeLoad(await fs.readFile(qlPackFile, 'utf8'));
+  const qlPackContents: any = yaml.load(await fs.readFile(qlPackFile, 'utf8'));
   return qlPackContents.libraryPathDependencies?.[0] !== newDependency;
 }

extensions/ql-vscode/src/quick-query.ts

@@ -110,7 +110,7 @@ async function generateQueryPack(cliServer: cli.CodeQLCliServer, queryFile: stri
         [`codeql/${language}-all`]: '*',
       }
     };
-    await fs.writeFile(path.join(queryPackDir, 'qlpack.yml'), yaml.safeDump(syntheticQueryPack));
+    await fs.writeFile(path.join(queryPackDir, 'qlpack.yml'), yaml.dump(syntheticQueryPack));
   }
   if (!language) {
     throw new UserCancellationException('Could not determine language.');
@@ -378,7 +378,7 @@ export function parseResponse(owner: string, repo: string, response: QueriesResp
  */
 async function ensureNameAndSuite(queryPackDir: string, packRelativePath: string): Promise<void> {
   const packPath = path.join(queryPackDir, 'qlpack.yml');
-  const qlpack = yaml.safeLoad(await fs.readFile(packPath, 'utf8')) as QlPack;
+  const qlpack = yaml.load(await fs.readFile(packPath, 'utf8')) as QlPack;
   delete qlpack.defaultSuiteFile;
 
   qlpack.name = QUERY_PACK_NAME;
@@ -388,7 +388,7 @@ async function ensureNameAndSuite(queryPackDir: string, packRelativePath: string
   }, {
     query: packRelativePath.replace(/\\/g, '/')
   }];
-  await fs.writeFile(packPath, yaml.safeDump(qlpack));
+  await fs.writeFile(packPath, yaml.dump(qlpack));
 }
 
 async function buildRemoteQueryEntity(

extensions/ql-vscode/src/remote-queries/run-remote-query.ts

@@ -149,15 +149,15 @@ describe('Queries', function() {
     expect(fs.pathExistsSync(qlFile)).to.be.true;
     expect(fs.pathExistsSync(qlpackFile)).to.be.true;
 
-    const qlpackContents: any = await yaml.safeLoad(
+    const qlpackContents: any = await yaml.load(
       fs.readFileSync(qlpackFile, 'utf8')
     );
     // Should have chosen the js libraries
     expect(qlpackContents.libraryPathDependencies[0]).to.include('javascript');
   });
 
   it('should avoid creating a quick query', async () => {
-    fs.writeFileSync(qlpackFile, yaml.safeDump({
+    fs.writeFileSync(qlpackFile, yaml.dump({
       name: 'quick-query',
       version: '1.0.0',
       libraryPathDependencies: ['codeql-javascript']