Replace safeLoad with load

lib/actions-util.js

@@ -289,7 +289,7 @@ exports.formatWorkflowCause = formatWorkflowCause;
 async function getWorkflow() {
     const relativePath = await getWorkflowPath();
     const absolutePath = path.join(util_1.getRequiredEnvParam("GITHUB_WORKSPACE"), relativePath);
-    return yaml.safeLoad(fs.readFileSync(absolutePath, "utf-8"));
+    return yaml.load(fs.readFileSync(absolutePath, "utf-8"));
 }
 exports.getWorkflow = getWorkflow;
 /**

lib/actions-util.test.js

@@ -139,7 +139,7 @@ ava_1.default("getWorkflowErrors() when on.pull_requests is a string and correct
     t.deepEqual(...errorCodes(errors, []));
 });
 ava_1.default("getWorkflowErrors() when on.push is correct with empty objects", (t) => {
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 on:
   push:
   pull_request:
@@ -228,7 +228,7 @@ ava_1.default("getWorkflowErrors() for a range of malformed workflows", (t) => {
     }), []));
 });
 ava_1.default("getWorkflowErrors() when on.pull_request for every branch but push specifies branches", (t) => {
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -311,7 +311,7 @@ ava_1.default("patternIsSuperset()", (t) => {
     t.false(actionsutil.patternIsSuperset("/robin/moose/release/goose", "/robin/*/release/*"));
 });
 ava_1.default("getWorkflowErrors() when branches contain dots", (t) => {
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
   on:
     push:
       branches: [4.1, master]
@@ -322,7 +322,7 @@ ava_1.default("getWorkflowErrors() when branches contain dots", (t) => {
     t.deepEqual(...errorCodes(errors, []));
 });
 ava_1.default("getWorkflowErrors() when on.push has a trailing comma", (t) => {
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -335,7 +335,7 @@ on:
 });
 ava_1.default("getWorkflowErrors() should only report the current job's CheckoutWrongHead", (t) => {
     process.env.GITHUB_JOB = "test";
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -359,7 +359,7 @@ jobs:
 });
 ava_1.default("getWorkflowErrors() should not report a different job's CheckoutWrongHead", (t) => {
     process.env.GITHUB_JOB = "test3";
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -382,34 +382,34 @@ jobs:
     t.deepEqual(...errorCodes(errors, []));
 });
 ava_1.default("getWorkflowErrors() when on is missing", (t) => {
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 `));
     t.deepEqual(...errorCodes(errors, []));
 });
 ava_1.default("getWorkflowErrors() with a different on setup", (t) => {
-    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on: "workflow_dispatch"
 `)), []));
-    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on: [workflow_dispatch]
 `)), []));
-    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   workflow_dispatch: {}
 `)), []));
 });
 ava_1.default("getWorkflowErrors() should not report an error if PRs are totally unconfigured", (t) => {
-    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   push:
     branches: [master]
 `)), []));
-    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on: ["push"]
 `)), []));

lib/analyze.test.js

@@ -277,7 +277,7 @@ ava_1.default("status report fields and search path setting", async (t) => {
         function readContents(name) {
             const x = fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8");
             console.log(x);
-            return yaml.safeLoad(fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8"));
+            return yaml.load(fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8"));
         }
     }
 });

lib/config-utils.js

@@ -723,7 +723,7 @@ function getLocalConfig(configFile, workspacePath) {
     if (!fs.existsSync(configFile)) {
         throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
     }
-    return yaml.safeLoad(fs.readFileSync(configFile, "utf8"));
+    return yaml.load(fs.readFileSync(configFile, "utf8"));
 }
 async function getRemoteConfig(configFile, apiDetails) {
     // retrieve the various parts of the config location, and ensure they're present
@@ -751,7 +751,7 @@ async function getRemoteConfig(configFile, apiDetails) {
     else {
         throw new Error(getConfigFileFormatInvalidMessage(configFile));
     }
-    return yaml.safeLoad(Buffer.from(fileContents, "base64").toString("binary"));
+    return yaml.load(Buffer.from(fileContents, "base64").toString("binary"));
 }
 /**
  * Get the file path where the parsed config will be stored.