You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Lock-only regeneration with npm install --package-lock-only.
overrides nested under the parent package key (glob under copyfiles/rimraf/test-exclude), rolling forward with ^X.Y.Z.
The js-yaml override pitfall (forcing @azure/openapi-markdown / front-matter onto a major that drops safeLoad, which was removed in js-yaml 5.x); some transitive advisories can't be remediated without an upstream bump.
Validation via npm ci / npm run build / npm test, running the full exampleGeneratorTests suite rather than isolated cases (shared cumulative state).
Known example: forcing js-yaml to 4.x via overrides breaks @azure/openapi-markdown and front-matter, which call js-yaml.safeLoad
(removed in js-yaml 4.x). This causes readme-parsing tests inAdd a comment on line R43Add diff commentMarkdown input: edit mode selected.WritePreviewAdd a suggestionHeadingBoldItalicQuoteCodeLinkUnordered listNumbered listTask listMentionReferenceMore Formatting tools items 0Saved repliesAdd FilesPaste, drop, or click to add filesCancelCommentStart a review exampleGeneratorTests to fail (YAML parses to empty). Do not add this
override.
the APIs like safeLoad() were removed in js-yaml 5.x, not 4.x.
Known example: forcing js-yaml to 4.x via overrides breaks
...
You're right — I confirmed against the js-yaml CHANGELOG that safeLoad/safeLoadAll/safeDump were removed in js-yaml 5.0.0, not 4.x. Corrected the example to state the removal happened in js-yaml 5.x and reframed the pitfall as forcing js-yaml onto a major that drops safeLoad.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds
.github/instructions/package-lock.instructions.md(scoped viaapplyTo: "**/package-lock.json"), adapting azure-sdk-tools' equivalent to oav's conventions and recent dependency-PR feedback.Sourced from recent PR review comments
brace-expansionDoS path to 5.0.6 in npm lockfile #1248 / Pin transitive @babel/core to 7.29.6 to remediate GHSA-4x5r-pxfx-6jf8 #1250 — Prefer lock-only updates; keep the diff scoped topackage-lock.jsonand leavepackage.jsonuntouched when the existing semver range already allows the target version.js-yamlDoS alert — no viable dependency change (reverted to base) #1249 —js-yaml@4.2.0already satisfies^4.1.0(no override needed); never regenerate Jest snapshots to mask a dependency-induced regression.Repo-specific guidance added
npm install --package-lock-only.overridesnested under the parent package key (globundercopyfiles/rimraf/test-exclude), rolling forward with^X.Y.Z.js-yamloverride pitfall (forcing@azure/openapi-markdown/front-matteronto a major that dropssafeLoad, which was removed in js-yaml 5.x); some transitive advisories can't be remediated without an upstream bump.npm ci/npm run build/npm test, running the fullexampleGeneratorTestssuite rather than isolated cases (shared cumulative state).Documentation-only change.