Replace safeLoad with load

lib/actions-util.js

@@ -289,7 +289,7 @@ exports.formatWorkflowCause = formatWorkflowCause;
 async function getWorkflow() {
     const relativePath = await getWorkflowPath();
     const absolutePath = path.join(util_1.getRequiredEnvParam("GITHUB_WORKSPACE"), relativePath);
-    return yaml.safeLoad(fs.readFileSync(absolutePath, "utf-8"));
+    return yaml.load(fs.readFileSync(absolutePath, "utf-8"));
 }
 exports.getWorkflow = getWorkflow;
 /**

lib/actions-util.test.js

@@ -139,7 +139,7 @@ ava_1.default("getWorkflowErrors() when on.pull_requests is a string and correct
     t.deepEqual(...errorCodes(errors, []));
 });
 ava_1.default("getWorkflowErrors() when on.push is correct with empty objects", (t) => {
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 on:
   push:
   pull_request:
@@ -228,7 +228,7 @@ ava_1.default("getWorkflowErrors() for a range of malformed workflows", (t) => {
     }), []));
 });
 ava_1.default("getWorkflowErrors() when on.pull_request for every branch but push specifies branches", (t) => {
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -311,7 +311,7 @@ ava_1.default("patternIsSuperset()", (t) => {
     t.false(actionsutil.patternIsSuperset("/robin/moose/release/goose", "/robin/*/release/*"));
 });
 ava_1.default("getWorkflowErrors() when branches contain dots", (t) => {
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
   on:
     push:
       branches: [4.1, master]
@@ -322,7 +322,7 @@ ava_1.default("getWorkflowErrors() when branches contain dots", (t) => {
     t.deepEqual(...errorCodes(errors, []));
 });
 ava_1.default("getWorkflowErrors() when on.push has a trailing comma", (t) => {
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -335,7 +335,7 @@ on:
 });
 ava_1.default("getWorkflowErrors() should only report the current job's CheckoutWrongHead", (t) => {
     process.env.GITHUB_JOB = "test";
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -359,7 +359,7 @@ jobs:
 });
 ava_1.default("getWorkflowErrors() should not report a different job's CheckoutWrongHead", (t) => {
     process.env.GITHUB_JOB = "test3";
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -382,34 +382,34 @@ jobs:
     t.deepEqual(...errorCodes(errors, []));
 });
 ava_1.default("getWorkflowErrors() when on is missing", (t) => {
-    const errors = actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 `));
     t.deepEqual(...errorCodes(errors, []));
 });
 ava_1.default("getWorkflowErrors() with a different on setup", (t) => {
-    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on: "workflow_dispatch"
 `)), []));
-    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on: [workflow_dispatch]
 `)), []));
-    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   workflow_dispatch: {}
 `)), []));
 });
 ava_1.default("getWorkflowErrors() should not report an error if PRs are totally unconfigured", (t) => {
-    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on:
   push:
     branches: [master]
 `)), []));
-    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.safeLoad(`
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
 name: "CodeQL"
 on: ["push"]
 `)), []));

lib/analyze.test.js

@@ -277,7 +277,7 @@ ava_1.default("status report fields and search path setting", async (t) => {
         function readContents(name) {
             const x = fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8");
             console.log(x);
-            return yaml.safeLoad(fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8"));
+            return yaml.load(fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8"));
         }
     }
 });

lib/config-utils.js

@@ -723,7 +723,7 @@ function getLocalConfig(configFile, workspacePath) {
     if (!fs.existsSync(configFile)) {
         throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
     }
-    return yaml.safeLoad(fs.readFileSync(configFile, "utf8"));
+    return yaml.load(fs.readFileSync(configFile, "utf8"));
 }
 async function getRemoteConfig(configFile, apiDetails) {
     // retrieve the various parts of the config location, and ensure they're present
@@ -751,7 +751,7 @@ async function getRemoteConfig(configFile, apiDetails) {
     else {
         throw new Error(getConfigFileFormatInvalidMessage(configFile));
     }
-    return yaml.safeLoad(Buffer.from(fileContents, "base64").toString("binary"));
+    return yaml.load(Buffer.from(fileContents, "base64").toString("binary"));
 }
 /**
  * Get the file path where the parsed config will be stored.

src/actions-util.test.ts

@@ -193,7 +193,7 @@ test("getWorkflowErrors() when on.pull_requests is a string and correct", (t) =>
 
 test("getWorkflowErrors() when on.push is correct with empty objects", (t) => {
   const errors = actionsutil.getWorkflowErrors(
-    yaml.safeLoad(`
+    yaml.load(`
 on:
   push:
   pull_request:
@@ -363,7 +363,7 @@ test("getWorkflowErrors() for a range of malformed workflows", (t) => {
 
 test("getWorkflowErrors() when on.pull_request for every branch but push specifies branches", (t) => {
   const errors = actionsutil.getWorkflowErrors(
-    yaml.safeLoad(`
+    yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -480,7 +480,7 @@ test("patternIsSuperset()", (t) => {
 
 test("getWorkflowErrors() when branches contain dots", (t) => {
   const errors = actionsutil.getWorkflowErrors(
-    yaml.safeLoad(`
+    yaml.load(`
   on:
     push:
       branches: [4.1, master]
@@ -495,7 +495,7 @@ test("getWorkflowErrors() when branches contain dots", (t) => {
 
 test("getWorkflowErrors() when on.push has a trailing comma", (t) => {
   const errors = actionsutil.getWorkflowErrors(
-    yaml.safeLoad(`
+    yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -513,7 +513,7 @@ test("getWorkflowErrors() should only report the current job's CheckoutWrongHead
   process.env.GITHUB_JOB = "test";
 
   const errors = actionsutil.getWorkflowErrors(
-    yaml.safeLoad(`
+    yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -544,7 +544,7 @@ test("getWorkflowErrors() should not report a different job's CheckoutWrongHead"
   process.env.GITHUB_JOB = "test3";
 
   const errors = actionsutil.getWorkflowErrors(
-    yaml.safeLoad(`
+    yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -571,7 +571,7 @@ jobs:
 
 test("getWorkflowErrors() when on is missing", (t) => {
   const errors = actionsutil.getWorkflowErrors(
-    yaml.safeLoad(`
+    yaml.load(`
 name: "CodeQL"
 `)
   );
@@ -583,7 +583,7 @@ test("getWorkflowErrors() with a different on setup", (t) => {
   t.deepEqual(
     ...errorCodes(
       actionsutil.getWorkflowErrors(
-        yaml.safeLoad(`
+        yaml.load(`
 name: "CodeQL"
 on: "workflow_dispatch"
 `)
@@ -595,7 +595,7 @@ on: "workflow_dispatch"
   t.deepEqual(
     ...errorCodes(
       actionsutil.getWorkflowErrors(
-        yaml.safeLoad(`
+        yaml.load(`
 name: "CodeQL"
 on: [workflow_dispatch]
 `)
@@ -607,7 +607,7 @@ on: [workflow_dispatch]
   t.deepEqual(
     ...errorCodes(
       actionsutil.getWorkflowErrors(
-        yaml.safeLoad(`
+        yaml.load(`
 name: "CodeQL"
 on:
   workflow_dispatch: {}
@@ -622,7 +622,7 @@ test("getWorkflowErrors() should not report an error if PRs are totally unconfig
   t.deepEqual(
     ...errorCodes(
       actionsutil.getWorkflowErrors(
-        yaml.safeLoad(`
+        yaml.load(`
 name: "CodeQL"
 on:
   push:
@@ -636,7 +636,7 @@ on:
   t.deepEqual(
     ...errorCodes(
       actionsutil.getWorkflowErrors(
-        yaml.safeLoad(`
+        yaml.load(`
 name: "CodeQL"
 on: ["push"]
 `)

src/actions-util.ts

@@ -332,7 +332,7 @@ export async function getWorkflow(): Promise<Workflow> {
     relativePath
   );
 
-  return yaml.safeLoad(fs.readFileSync(absolutePath, "utf-8"));
+  return yaml.load(fs.readFileSync(absolutePath, "utf-8"));
 }
 
 /**

src/analyze.test.ts

@@ -324,7 +324,7 @@ test("status report fields and search path setting", async (t) => {
       );
       console.log(x);
 
-      return yaml.safeLoad(
+      return yaml.load(
         fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8")
       );
     }

src/config-utils.ts

@@ -1286,7 +1286,7 @@ function getLocalConfig(configFile: string, workspacePath: string): UserConfig {
     throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
   }
 
-  return yaml.safeLoad(fs.readFileSync(configFile, "utf8"));
+  return yaml.load(fs.readFileSync(configFile, "utf8"));
 }
 
 async function getRemoteConfig(
@@ -1321,7 +1321,7 @@ async function getRemoteConfig(
     throw new Error(getConfigFileFormatInvalidMessage(configFile));
   }
 
-  return yaml.safeLoad(Buffer.from(fileContents, "base64").toString("binary"));
+  return yaml.load(Buffer.from(fileContents, "base64").toString("binary"));
 }
 
 /**