Bump yaml from 2.0.0-3 to 2.0.0-5

[dependabot]

Bumps yaml from 2.0.0-3 to 2.0.0-5.

Release notes

Sourced from yaml's releases.

v2.0.0-5

This version of yaml has been published to npm using the next dist-tag, so install it with:

npm install --save-exact yaml@next

This one's mostly about improvements and refactorings on the previous, by changing how anchors work and making the new CST easier to work with. The following is an overview of the changes included here; you are encouraged to also consult the individual PRs, as well as the updated documentation site.

BREAKING CHANGES

Make anchor & alias resolution lazier (#248)

Previously, the source of an alias node was a JS reference to the actual node object that it referred to, and doc.anchors provided separately from that the string identifiers used by YAML anchors.

Scalar and collection nodes now get a new anchor?: string property, and the source of an alias is a string identifier. The doc.anchors instance is completely dropped. The createAlias() method is moved to the document instance, and its handling of corner cases is changed a bit.

As a consequence of these changes, assigning the same anchor to multiple nodes will no longer automatically rename an earlier anchor with the same name.

Node creation options are somewhat clarified and streamlined, and the replacer is moved from the options object to be an optional second argument of the createNode() method, matching the new Document() interface.

Split flow collections into items in Parser (#249)

The shape of FlowCollection items changes from CST.Token[] to CST.CollectionItem[], so that it now matches the items of BlockMap and BlockSequence. This means that the corresponding composer is completely rewritten.

Make Pair not extend NodeBase; drop its prop forwarding (#245, #250)

While the inheritance of the class is just an implementation detail, dropping the prop forwarding means that a user that previously set the commentBefore, comment or spaceBefore property of a pair will now need to set it for the appropriate key or value.

Rename the tokens namespace as CST (#252)

Turn the Lexer, Parser & Composer into generators (#253)

All of the parsing stages now provide generators, so that their output may be iterated, rather than needing to provide them with a callback function. As a convenience, a compose() method is also added:

import { Composer, Parser } from 'yaml'
const src = 'foo: bar\nfee: [24, "42"]'
const tokens = new Parser().parse(src)
const docs = new Composer().compose(tokens)
Array.from(docs, (doc) => doc.toJS())
> [{ foo: "bar", fee: [24, "42"] }]

Refactor Node range as [start, value-end, node-end] (#259)

For block values, value-end and node-end are always the same as the previous end value. For flow collections and documents, node-end is the same as the previous end position, while value-end marks the end of the actual value.

... (truncated)

Commits

• 89f6101 2.0.0-5
• 782f002 chore: Update package-lock.json
• 59c1503 docs: Update for changed error members (#260)
• 89119ee feat!: Replace error.offset with error.pos: [number, number] (#260)
• 16d01cc feat: Refactor Node range as [start, value-end, node-end] (#259)
• 8c01824 fix: Use simpler RegExp if negative-lookbehind not supported by env (Safari)
• 32b84c1 perf: Prevent polynomial search time when folding plain & single-quoted scalars
• 375b654 refactor: Avoid expensive regexp when stringifying block value
• 4c2e0b4 ci: Use Node.js v15 & thereby npm v7 for browser tests
• 313b5fa chore!: Switch browserslist target to "defaults, not ie 11"
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #58.