carto icon indicating copy to clipboard operation
carto copied to clipboard

Published 20 hours ago verified publisher icon mapbox

lib/carto/mml.js: FIX: Error: Function yaml.safeLoad is removed in js…

Open josch opened this issue 2 years ago • 2 comments

…-yaml 4. Use yaml.load instead, which is now safe by default.

This makes the code compatible with js-yaml >= 4.

josch avatar Dec 10 '21 23:12 josch

This PR, as it currently stands, would be using the unsafe load method from js-yaml 3.x . We would need to make the change from safeLoad to load at the same time as upgrading the package.json file to use the 4.x series.

gravitystorm avatar Dec 13 '21 11:12 gravitystorm

This PR, as it currently stands, would be using the unsafe load method from js-yaml 3.x . We would need to make the change from safeLoad to load at the same time as upgrading the package.json file to use the 4.x series.

Yes. I'll leave it up to you to make the switch. I'm just forwarding a patch that I apply to the Debian package of carto because in Debian we can only ship one version of each package, so we have carto use the latest version of js-yaml which is 4.x.

josch avatar Dec 13 '21 16:12 josch