From a8e2ede4f58855b0208c5d7c04d010e656b254ba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Mar 2021 16:30:10 -0500
Subject: [PATCH] chore(deps): bump js-yaml from 3.14.0 to 4.0.0 (#2920)

* chore(deps): bump js-yaml from 3.14.0 to 4.0.0

Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.0 to 4.0.0.
- [Release notes](https://github.com/nodeca/js-yaml/releases)
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/3.14.0...4.0.0)

Signed-off-by: dependabot[bot] <support@github.com>

* fix(src/node): replace yaml.safeLoad with load

Also update @types/yaml to ^4.0.0.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Akash Satheesan <akash@coder.com>
---
 package.json    |  4 ++--
 src/node/cli.ts |  2 +-
 yarn.lock       | 20 ++++++++++++++++----
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/package.json b/package.json
index 87ad2c46eca..615f604c887 100644
--- a/package.json
+++ b/package.json
@@ -39,7 +39,7 @@
     "@types/cookie-parser": "^1.4.2",
     "@types/express": "^4.17.8",
     "@types/http-proxy": "^1.17.4",
-    "@types/js-yaml": "^3.12.3",
+    "@types/js-yaml": "^4.0.0",
     "@types/node": "^12.12.7",
     "@types/parcel-bundler": "^1.12.1",
     "@types/pem": "^1.9.5",
@@ -84,7 +84,7 @@
     "express": "^5.0.0-alpha.8",
     "http-proxy": "^1.18.0",
     "httpolyglot": "^0.1.2",
-    "js-yaml": "^3.13.1",
+    "js-yaml": "^4.0.0",
     "limiter": "^1.1.5",
     "node-fetch": "^2.6.1",
     "pem": "^1.14.2",
diff --git a/src/node/cli.ts b/src/node/cli.ts
index 6a8aab0cd57..cf3ad47344f 100644
--- a/src/node/cli.ts
+++ b/src/node/cli.ts
@@ -536,7 +536,7 @@ export function parseConfigFile(configFile: string, configPath: string): ConfigA
     return { _: [], config: configPath }
   }
 
-  const config = yaml.safeLoad(configFile, {
+  const config = yaml.load(configFile, {
     filename: configPath,
   })
   if (!config || typeof config === "string") {
diff --git a/yarn.lock b/yarn.lock
index 5ae8d690a1f..5d65f7c6545 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1135,10 +1135,10 @@
   dependencies:
     "@types/node" "*"
 
-"@types/js-yaml@^3.12.3":
-  version "3.12.5"
-  resolved "https://registry.yarnpkg.com/@types/js-yaml/-/js-yaml-3.12.5.tgz#136d5e6a57a931e1cce6f9d8126aa98a9c92a6bb"
-  integrity sha512-JCcp6J0GV66Y4ZMDAQCXot4xprYB+Zfd3meK9+INSJeVZwJmHAW30BBEEkPzXswMXuiyReUGOP3GxrADc9wPww==
+"@types/js-yaml@^4.0.0":
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/@types/js-yaml/-/js-yaml-4.0.0.tgz#d1a11688112091f2c711674df3a65ea2f47b5dfb"
+  integrity sha512-4vlpCM5KPCL5CfGmTbpjwVKbISRYhduEJvvUWsH5EB7QInhEj94XPZ3ts/9FPiLZFqYO0xoW4ZL8z2AabTGgJA==
 
 "@types/json-schema@^7.0.3":
   version "7.0.6"
@@ -1491,6 +1491,11 @@ argparse@^1.0.7:
   dependencies:
     sprintf-js "~1.0.2"
 
+argparse@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38"
+  integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==
+
 arr-diff@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520"
@@ -4479,6 +4484,13 @@ js-yaml@^3.10.0, js-yaml@^3.13.1:
     argparse "^1.0.7"
     esprima "^4.0.0"
 
+js-yaml@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.0.0.tgz#f426bc0ff4b4051926cd588c71113183409a121f"
+  integrity sha512-pqon0s+4ScYUvX30wxQi3PogGFAlUyH0awepWvwkj4jD4v+ova3RiYw8bmA6x2rDrEaj8i/oWKoRxpVNW+Re8Q==
+  dependencies:
+    argparse "^2.0.1"
+
 jsbn@~0.1.0:
   version "0.1.1"
   resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"