Conversation
Bumps [@types/js-yaml](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/js-yaml) from 3.12.5 to 4.0.6. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/js-yaml) --- updated-dependencies: - dependency-name: "@types/js-yaml" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
After the upgrade to the correct types for js-yaml, the return type of `load` is correctly typed as `unknown`. This means that we can't use the return value directly, but need to validate it first. This adds such validation by generating a JSON schema for a newly created typed. The JSON schema generation is very similar to how we do it in https://github.com/github/codeql-variant-analysis-action.
koesie10
force-pushed
the
dependabot/npm_and_yarn/extensions/ql-vscode/types/js-yaml-4.0.6
branch
from
ecb7876 to
c55e87c
Compare
|
@github/code-scanning-secexp-reviewers I've made quite some changes to this PR to make the TypeScript compiler happy. We need to upgrade these types since the |
| packFS.fileContents(packFileName).toString("utf-8"), | ||
| ); | ||
| ) as ExtensionPackMetadata & { | ||
| dependencies: Record<string, string>; |
There was a problem hiding this comment.
Should there be a type for the { dependencies: Record<string, string>} stuff we're doing in a few places? I'm not sure what these are.. is it part of a qlpack file?
There was a problem hiding this comment.
These are indeed part of the qlpack file, but since they are only used in tests I don't think it's worth it to create a type for it.
There was a problem hiding this comment.
There was a problem hiding this comment.
I had missed that, thanks for spotting it. I'll introduce a type for the qlpack file.
There was a problem hiding this comment.
Ah okay thanks, I wasn't sure. I'm happy to not introduce a type too, but I think it would be helpful.
charisk
left a comment
charisk
left a comment
There was a problem hiding this comment.
LGTM! Thanks for sorting this.
koesie10
deleted the
dependabot/npm_and_yarn/extensions/ql-vscode/types/js-yaml-4.0.6
branch
2 participants
Bumps @types/js-yaml from 3.12.5 to 4.0.6.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)