Skip to content

Update to js-yaml v4#137

Open
pelleknaap wants to merge 2 commits into
jonschlinkert:masterfrom
pelleknaap:master
Open

Update to js-yaml v4#137
pelleknaap wants to merge 2 commits into
jonschlinkert:masterfrom
pelleknaap:master

Conversation

@pelleknaap

@pelleknaap pelleknaap commented Feb 6, 2022

Copy link
Copy Markdown

Updating to js-yaml 4.1.0 will dramatically reduce bundle size (~70%) and only requires replacing two function names.

@pelleknaap

Copy link
Copy Markdown
Author

See #136 for more info

@gr2m

gr2m commented Feb 18, 2022

Copy link
Copy Markdown

I published https://www.npmjs.com/package/@gr2m/gray-matter for the time being.

You also need to update test/parse-custom.js and examples/sections.js

@cloudhead

cloudhead commented Mar 11, 2022

Copy link
Copy Markdown

This fixes a bug with numbers as well: currently, 024 would be treated as octal and result in 20, but according to the YAML spec this is not correct: 0o is the correct prefix. This was fixed in js-yaml v4.

@robertmassaioli any chance this could be merged?

@pixelass

Copy link
Copy Markdown

@jonschlinkert Can we get this merged? We use js-yaml alongside gray-matter (to prevent using several packages for yaml).

Right now we are forced to use v3 of js-yaml until this is merged ❤️

@jonschlinkert

jonschlinkert commented Apr 27, 2024 via email

Copy link
Copy Markdown
Owner

@pixelass

Copy link
Copy Markdown

@jonschlinkert I fully agree, I removed yaml and switched to js-yaml for the sole reason of preventing duplicate packages for parsing yaml.

It looks like a rather easy refactor: https://github.com/jonschlinkert/gray-matter/blob/master/lib/engines.js#L15-L18

I can see if I can spin up a PR for that, if you're open.

@pixelass

Copy link
Copy Markdown

Looks like someone already did the work and was waiting for a response?

#147

@BigBlueHat

Copy link
Copy Markdown

This should get a bump to js-yaml@^4.1.1 due to the "prototype pollution in merge (<<)" vulnerability in js-yaml versions < v4.1.1.

@slorber

slorber commented Jun 19, 2026

Copy link
Copy Markdown

FYI there's a maintained fork here with this upgrade included: https://github.com/11ty/gray-matter

Already adopted by Eleventy and Docusaurus (see facebook/docusaurus#12181)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants