fix(deps): update js-yaml to version 4

.changeset/dull-pumas-heal.md

@@ -0,0 +1,5 @@
+---
+"@pnpm/lockfile-file": patch
+---
+
+Update js-yaml to version 4.

package.json

@@ -61,7 +61,8 @@
     "overrides": {
       "@nodelib/fs.walk@^1.1.0": "1.1.1",
       "istanbul-reports": "npm:@zkochan/istanbul-reports",
-      "http-errors": "^1.7.3"
+      "http-errors": "^1.7.3",
+      "table@^6.0.3": "6.0.4"
     }
   }
 }

packages/filter-lockfile/package.json

@@ -37,7 +37,7 @@
     "@pnpm/logger": "^3.2.3",
     "@types/ramda": "^0.27.34",
     "tempy": "^1.0.0",
-    "write-yaml-file": "^4.1.1",
+    "write-yaml-file": "^4.1.3",
     "yaml-tag": "1.1.0"
   },
   "dependencies": {

packages/lockfile-file/package.json

@@ -41,7 +41,7 @@
     "@types/ramda": "^0.27.34",
     "@types/write-file-atomic": "^3.0.1",
     "tempy": "^1.0.0",
-    "write-yaml-file": "^4.1.1",
+    "write-yaml-file": "^4.1.3",
     "yaml-tag": "1.1.0"
   },
   "dependencies": {
@@ -51,7 +51,7 @@
     "@pnpm/merge-lockfile-changes": "workspace:1.0.0",
     "@pnpm/types": "workspace:6.3.1",
     "@zkochan/rimraf": "^1.0.0",
-    "js-yaml": "^3.14.1",
+    "js-yaml": "^4.0.0",
     "mz": "^2.7.0",
     "normalize-path": "^3.0.0",
     "ramda": "^0.27.1",

packages/lockfile-file/src/gitMergeFile.ts

@@ -10,8 +10,8 @@ const MERGE_CONFLICT_OURS = '<<<<<<<'
 export function autofixMergeConflicts (fileContent: string) {
   const { ours, theirs } = parseMergeFile(fileContent)
   return mergeLockfileChanges(
-    yaml.safeLoad(ours) as Lockfile,
-    yaml.safeLoad(theirs) as Lockfile
+    yaml.load(ours) as Lockfile,
+    yaml.load(theirs) as Lockfile
   )
 }
 

packages/lockfile-file/src/read.ts

@@ -75,7 +75,7 @@ async function _read (
   let lockfile: Lockfile
   let hadConflicts!: boolean
   try {
-    lockfile = yaml.safeLoad(lockfileRawContent) as Lockfile
+    lockfile = yaml.load(lockfileRawContent) as Lockfile
     hadConflicts = false
   } catch (err) {
     if (!opts.autofixMergeConflicts || !isDiff(lockfileRawContent)) {

packages/lockfile-file/src/write.ts

@@ -1,4 +1,3 @@
-import PnpmError from '@pnpm/error'
 import logger from './logger'
 import { DEPENDENCIES_FIELDS } from '@pnpm/types'
 import { Lockfile, ProjectSnapshot } from '@pnpm/lockfile-types'
@@ -64,37 +63,7 @@ function writeLockfile (
 
 function yamlStringify (lockfile: Lockfile, forceSharedFormat: boolean) {
   const normalizedLockfile = normalizeLockfile(lockfile, forceSharedFormat)
-  try {
-    return yaml.safeDump(normalizedLockfile, LOCKFILE_YAML_FORMAT)
-  } catch (err) {
-    if (err.message.includes('[object Undefined]')) {
-      const brokenValuePath = findBrokenRecord(normalizedLockfile)
-      if (brokenValuePath) {
-        throw new PnpmError('LOCKFILE_STRINGIFY', `Failed to stringify the lockfile object. Undefined value at: ${brokenValuePath}`)
-      }
-    }
-    throw err
-  }
-}
-
-function findBrokenRecord (obj: Object): string | null {
-  for (let [key, value] of Object.entries(obj)) {
-    if (key === '.') key = '[.]'
-    switch (typeof value) {
-    case 'undefined': {
-      return key
-    }
-    case 'object': {
-      const brokenKey = findBrokenRecord(value)
-      if (!brokenKey) break
-      if (brokenKey.startsWith('[')) {
-        return `${key}${brokenKey}`
-      }
-      return `${key}.${brokenKey}`
-    }
-    }
-  }
-  return null
+  return yaml.dump(normalizedLockfile, LOCKFILE_YAML_FORMAT)
 }
 
 function isEmptyLockfile (lockfile: Lockfile) {

packages/lockfile-file/test/write.ts

@@ -1,5 +1,4 @@
 import { LOCKFILE_VERSION, WANTED_LOCKFILE } from '@pnpm/constants'
-import PnpmError from '@pnpm/error'
 import {
   readCurrentLockfile,
   readWantedLockfile,
@@ -140,7 +139,7 @@ test('write does not use yaml anchors/aliases', async () => {
   expect(lockfileContent).not.toMatch('*')
 })
 
-test('writeLockfiles() fails with meaningful error, when an invalid lockfile object is passed in', async () => {
+test('writeLockfiles() does not fail if the lockfile has undefined properties', async () => {
   const projectPath = tempy.directory()
   const wantedLockfile = {
     importers: {
@@ -176,10 +175,10 @@ test('writeLockfiles() fails with meaningful error, when an invalid lockfile obj
       },
     },
   }
-  await expect(() => writeLockfiles({
+  await writeLockfiles({
     currentLockfile: wantedLockfile,
     currentLockfileDir: projectPath,
     wantedLockfile,
     wantedLockfileDir: projectPath,
-  })).rejects.toThrow(new PnpmError('LOCKFILE_STRINGIFY', 'Failed to stringify the lockfile object. Undefined value at: packages./is-negative/1.0.0.dependencies'))
+  })
 })

packages/lockfile-utils/package.json

@@ -34,7 +34,7 @@
     "@types/js-yaml": "^3.12.5",
     "@types/ramda": "^0.27.34",
     "tempy": "^1.0.0",
-    "write-yaml-file": "^4.1.1",
+    "write-yaml-file": "^4.1.3",
     "yaml-tag": "1.1.0"
   },
   "dependencies": {

packages/modules-yaml/package.json

@@ -34,7 +34,7 @@
     "@pnpm/types": "workspace:6.3.1",
     "is-windows": "^1.0.2",
     "read-yaml-file": "^2.0.0",
-    "write-yaml-file": "^4.1.1"
+    "write-yaml-file": "^4.1.3"
   },
   "devDependencies": {
     "@types/is-windows": "^1.0.0",

packages/plugin-commands-installation/package.json

@@ -52,7 +52,7 @@
     "tempy": "^1.0.0",
     "write-json-file": "^4.3.0",
     "write-pkg": "4.0.0",
-    "write-yaml-file": "^4.1.1"
+    "write-yaml-file": "^4.1.3"
   },
   "dependencies": {
     "@pnpm/cli-utils": "workspace:0.4.44",

packages/plugin-commands-listing/package.json

@@ -42,7 +42,7 @@
     "execa": "^5.0.0",
     "mz": "^2.7.0",
     "strip-ansi": "^6.0.0",
-    "write-yaml-file": "^4.1.1"
+    "write-yaml-file": "^4.1.3"
   },
   "dependencies": {
     "@pnpm/cli-utils": "workspace:0.4.44",

packages/plugin-commands-publishing/package.json

@@ -45,7 +45,7 @@
     "execa": "^5.0.0",
     "path-exists": "^4.0.0",
     "tempy": "^1.0.0",
-    "write-yaml-file": "^4.1.1"
+    "write-yaml-file": "^4.1.3"
   },
   "dependencies": {
     "@pnpm/cli-utils": "workspace:0.4.44",

packages/plugin-commands-rebuild/package.json

@@ -43,7 +43,7 @@
     "execa": "^5.0.0",
     "path-exists": "^4.0.0",
     "sinon": "^9.2.2",
-    "write-yaml-file": "^4.1.1"
+    "write-yaml-file": "^4.1.3"
   },
   "dependencies": {
     "@pnpm/cli-utils": "workspace:0.4.44",

packages/plugin-commands-script-runners/package.json

@@ -42,7 +42,7 @@
     "execa": "^5.0.0",
     "is-windows": "^1.0.2",
     "mz": "^2.7.0",
-    "write-yaml-file": "^4.1.1"
+    "write-yaml-file": "^4.1.3"
   },
   "dependencies": {
     "@pnpm/cli-utils": "workspace:0.4.44",

packages/pnpm/package.json

@@ -107,7 +107,7 @@
     "which": "^2.0.2",
     "write-json-file": "^4.3.0",
     "write-pkg": "4.0.0",
-    "write-yaml-file": "^4.1.1"
+    "write-yaml-file": "^4.1.3"
   },
   "directories": {
     "test": "test"

packages/read-project-manifest/test/index.ts

@@ -150,7 +150,7 @@ test('fail on invalid YAML', async () => {
 
   expect(err).toBeTruthy()
   expect(err['code']).toBe('ERR_PNPM_YAML_PARSE')
-  expect(err.message).toMatch(/^missed comma between flow collection entries at line 3, column 3:/)
+  expect(err.message).toMatch(/^missed comma between flow collection entries \(3:3\)/)
 })
 
 test('preserve trailing new line at the end of package.json', async () => {

packages/supi/package.json

@@ -104,7 +104,7 @@
     "sinon": "^9.2.2",
     "symlink-dir": "^4.1.0",
     "write-json-file": "^4.3.0",
-    "write-yaml-file": "^4.1.1"
+    "write-yaml-file": "^4.1.3"
   },
   "directories": {
     "test": "test"

packages/write-project-manifest/package.json

@@ -33,7 +33,7 @@
     "json5": "^2.1.3",
     "mz": "^2.7.0",
     "write-file-atomic": "^3.0.3",
-    "write-yaml-file": "^4.1.1"
+    "write-yaml-file": "^4.1.3"
   },
   "devDependencies": {
     "@types/json5": "^0.0.30",

privatePackages/prepare/package.json

@@ -10,7 +10,7 @@
     "tempy": "^1.0.0",
     "write-json5-file": "^3.0.1",
     "write-pkg": "4.0.0",
-    "write-yaml-file": "^4.1.1"
+    "write-yaml-file": "^4.1.3"
   },
   "devDependencies": {
     "@types/node": "^12.19.9",