Skip to content

Commit c520d1d

Browse files
committed
deps: move js-yaml 4 to 5, with a parse test on the real data
js-yaml 5 drops the safe* helpers (we never used them) and parses numbers per YAML 1.2. We only call yaml.load() in two spots, the bundled-env spec in buildutil.js and the auto-updater's latest.yml in app.ts, both reading strings, so neither leans on the 1.1 number quirks. v5 is still dual CJS/ESM, so the CommonJS main keeps loading it. Added a test that loads the actual env_installer/jlab_server.yaml and a latest.yml-shaped manifest and asserts what those two call sites read. You can sanity-check it yourself: yarn test runs the new parse test green and a yarn build still finds the bundled jupyterlab pin. The 1.2 vs 1.1 number-parsing question is the part I dug into before bumping.
1 parent 661c576 commit c520d1d

3 files changed

Lines changed: 41 additions & 5 deletions

File tree

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -225,7 +225,7 @@
225225
"electron-log": "^5.4.4",
226226
"fast-xml-parser": "^5.9.0",
227227
"fix-path": "^3.0.0",
228-
"js-yaml": "^4.2.0",
228+
"js-yaml": "^5.2.0",
229229
"semver": "^7.8.4",
230230
"tar": "^7.5.16",
231231
"update-electron-app": "^3.2.0",

test/unit/js-yaml-parse.test.ts

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
import { describe, expect, it } from 'vitest';
2+
import * as fs from 'fs';
3+
import * as path from 'path';
4+
import * as yaml from 'js-yaml';
5+
6+
// js-yaml moved from 4.x to 5.x. The two ways this repo uses it are
7+
// yaml.load() on the bundled-env spec (buildutil.js) and on the auto-updater's
8+
// latest.yml (app.ts). v5 parses numbers per YAML 1.2 and removed the safe*
9+
// helpers, so pin the behavior we actually rely on against the real files.
10+
11+
describe('js-yaml load on the data this app parses', () => {
12+
it('reads the bundled-env spec and finds the jupyterlab pin', () => {
13+
const spec = yaml.load(
14+
fs.readFileSync(
15+
path.resolve(__dirname, '../../env_installer/jlab_server.yaml'),
16+
'utf8'
17+
)
18+
) as { dependencies: string[] };
19+
20+
const jlabPin = spec.dependencies.find(
21+
pkg => typeof pkg === 'string' && pkg.startsWith('jupyterlab ')
22+
);
23+
24+
expect(jlabPin).toMatch(/^jupyterlab \d+\.\d+\.\d+/);
25+
});
26+
27+
it('reads a release manifest and keeps the version as a string', () => {
28+
// The shape app.ts pulls from the published latest.yml.
29+
const manifest = yaml.load(
30+
['version: 4.6.0', 'path: JupyterLab.dmg'].join('\n')
31+
) as { version: string };
32+
33+
expect(manifest.version).toBe('4.6.0');
34+
expect(typeof manifest.version).toBe('string');
35+
});
36+
});

yarn.lock

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3020,10 +3020,10 @@ js-yaml@^4.1.0:
30203020
dependencies:
30213021
argparse "^2.0.1"
30223022

3023-
js-yaml@^4.2.0:
3024-
version "4.3.0"
3025-
resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.3.0.tgz#d1900572a7f7cf0b5f540c83673e60bad3436592"
3026-
integrity sha512-1td788aAnnZ5qs7V2QIRl1owjtYpbKt749Y3xauqQgwIIGF/xXWz1wMTEBx5O3LK3lXLVuqXPdPxj2BoFHaW9Q==
3023+
js-yaml@^5.2.0:
3024+
version "5.2.0"
3025+
resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-5.2.0.tgz#b559a892cae3e32fc5afecc9f18e1672378ddb68"
3026+
integrity sha512-YeLUMlvR4Ou1B119LIaM0r65JvbOBooJDc9yEu0dClb/uSC5P4FrLU8OCCz/HXWvtPoIrR0dRzABTjo1sTN9Bw==
30273027
dependencies:
30283028
argparse "^2.0.1"
30293029

0 commit comments

Comments
 (0)