Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Bump js-yaml from 3.13.1 to 4.1.1 in /script/sync-ghes #3109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into main
base: main
Choose a base branch
Loading
from dependabot/npm_and_yarn/script/sync-ghes/js-yaml-4.1.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 16, 2025

Bumps js-yaml from 3.13.1 to 4.1.1.

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025年11月12日

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021年04月15日

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021年01月03日

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.
  • Added replacer option (similar to option in JSON.stringify), #339.
  • Custom Tag can now handle all tags or multiple tags with the same prefix, #385.

Fixed

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
 

Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.13.1 to 4.1.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.13.1...4.1.1)
---
updated-dependencies:
- dependency-name: js-yaml
 dependency-version: 4.1.1
 dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript labels Nov 16, 2025
@dependabot dependabot bot requested review from a team as code owners November 16, 2025 21:43
@dependabot dependabot bot added javascript dependencies Pull requests that update a dependency file labels Nov 16, 2025
Copy link

This workflow uses actions that are not certified by GitHub.

They are provided by a third-party and are governed by

separate terms of service, privacy policy, and support

documentation.

Copy link

@ev-max2024 ev-max2024 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good

Copy link

@diogojoaquim diogojoaquim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link

Gulampk commented Dec 19, 2025

+966559603906 open Whatsapp account automatically thanks

Copy link

#!/usr/bin/env bash

destroy_github_all.sh

- Dry-run by default: daftar semua resource yang akan dihapus.

- Untuk benar-benar menjalankan penghapusan, atur EXECUTE="YES_I_UNDERSTAND_DELETE_PERMANENTLY"

- Requires: curl, jq

Usage (dry-run):

GITHUB_TOKEN="ghp_xxx" ./destroy_github_all.sh

To perform destructive actions:

GITHUB_TOKEN="ghp_xxx" EXECUTE="YES_I_UNDERSTAND_DELETE_PERMANENTLY" ./destroy_github_all.sh

set -euo pipefail

Safety checks

if ! command -v curl >/dev/null 2>&1; then
echo "Error: curl diperlukan. Install curl dan ulangi." >&2
exit 2
fi
if ! command -v jq >/dev/null 2>&1; then
echo "Error: jq diperlukan. Install jq dan ulangi." >&2
exit 2
fi

: "${GITHUB_TOKEN:?GITHUB_TOKEN environment variable must be set (PAT with appropriate scopes)}"

API="https://api.github.com"
AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}"
PER_PAGE=100

Execution guard: must set EXECUTE env to the exact phrase to actually delete.

EXECUTE="${EXECUTE:-}"
EXECUTE_PHRASE="YES_I_UNDERSTAND_DELETE_PERMANENTLY"

is_execute_run() {
[ "$EXECUTE" = "$EXECUTE_PHRASE" ]
}

echo "===== GitHub Mass-Delete Script (dry-run by default) ====="
echo "This script will operate on resources your token has permission to modify."
echo "If you REALLY want to proceed with permanent deletion, set:"
echo " EXECUTE="$EXECUTE_PHRASE""
echo

Helper: paginated GET

paged_get() {
local url="1ドル"
local page=1
while :; do
resp=$(curl -sS -H "$AUTH_HEADER" "$url&per_page=$PER_PAGE&page=$page")
if [ "$(echo "$resp" | jq 'length')" -eq 0 ]; then
break
fi
echo "$resp"
page=$((page+1))
done
}

1) List user info (for safety)

user_login=$(curl -sS -H "$AUTH_HEADER" "$API/user" | jq -r .login)
if [ "$user_login" = "null" ] || [ -z "$user_login" ]; then
echo "Gagal mengambil informasi user. Periksa token." >&2
exit 3
fi
echo "Authenticated as: $user_login"
echo

Confirm interactive prompt before any destructive run (extra guard)

if is_execute_run; then
echo "EXECUTION MODE: WILL PERFORM DELETES (permanent)."
echo "FINAL CHECK: Ketik nama akun Anda EXACTLY untuk melanjutkan: $user_login"
read -r confirmname
if [ "$confirmname" != "$user_login" ]; then
echo "Nama tidak cocok. Dibatalkan."
exit 1
fi
else
echo "DRY-RUN mode: tidak akan melakukan penghapusan. Untuk mengaktifkan penghapusan, set EXECUTE to $EXECUTE_PHRASE"
echo
fi

FUNCTIONS TO COLLECT AND (optionally) DELETE

Delete repositories owned by the authenticated user

handle_repos() {
echo "=== Checking repositories owned by $user_login ==="
repos_json=$(curl -sS -H "$AUTH_HEADER" "$API/user/repos?type=owner&per_page=$PER_PAGE")
repos=$(echo "$repos_json" | jq -r '.[].full_name')
if [ -z "$repos" ]; then
echo "(no owner repos found)"
return
fi

echo "Repositories found (owner):"
echo "$repos" | sed 's/^/ - /'
echo

if is_execute_run; then
for r in $repos; do
echo "Deleting repository: $r"
resp_code=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "$AUTH_HEADER" "$API/repos/$r")
if [ "$resp_code" -eq 204 ]; then
echo " OK: $r deleted"
else
echo " WARNING: Failed to delete $r, HTTP $resp_code"
fi
done
fi
}

Delete gists

handle_gists() {
echo "=== Checking Gists ==="
gists_json=$(curl -sS -H "$AUTH_HEADER" "$API/gists?per_page=$PER_PAGE")
gist_ids=$(echo "$gists_json" | jq -r '.[].id')
if [ -z "$gist_ids" ]; then
echo "(no gists found)"
return
fi
echo "Gists found:"
echo "$gist_ids" | sed 's/^/ - /'
echo
if is_execute_run; then
for gid in $gist_ids; do
echo "Deleting gist $gid"
resp_code=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "$AUTH_HEADER" "$API/gists/$gid")
if [ "$resp_code" -eq 204 ]; then
echo " OK: gist $gid deleted"
else
echo " WARNING: Failed to delete gist $gid, HTTP $resp_code"
fi
done
fi
}

Delete public SSH keys for authenticated user

handle_user_keys() {
echo "=== Checking SSH public keys for user ==="
keys_json=$(curl -sS -H "$AUTH_HEADER" "$API/user/keys")
key_ids=$(echo "$keys_json" | jq -r '.[].id')
if [ -z "$key_ids" ]; then
echo "(no user SSH keys found)"
return
fi
echo "User SSH key IDs:"
echo "$key_ids" | sed 's/^/ - /'
echo
if is_execute_run; then
for kid in $key_ids; do
echo "Deleting SSH key id=$kid"
resp_code=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "$AUTH_HEADER" "$API/user/keys/$kid")
if [ "$resp_code" -eq 204 ]; then
echo " OK: key $kid deleted"
else
echo " WARNING: Failed to delete key $kid, HTTP $resp_code"
fi
done
fi
}

For each repo: delete deploy keys, webhooks, secrets, releases, artifacts

handle_repo_level() {
echo "=== Scanning each owner repo for deploy-keys, webhooks, secrets and releases ==="
repos_json=$(curl -sS -H "$AUTH_HEADER" "$API/user/repos?type=owner&per_page=$PER_PAGE")
repos=$(echo "$repos_json" | jq -r '.[].full_name')
if [ -z "$repos" ]; then
echo "(no owner repos found)"
return
fi
for r in $repos; do
owner=$(echo "$r" | cut -d'/' -f1)
repo=$(echo "$r" | cut -d'/' -f2)
echo "-> Repo: $r"

# Deploy keys
dk_json=$(curl -sS -H "$AUTH_HEADER" "$API/repos/$owner/$repo/keys")
dk_ids=$(echo "$dk_json" | jq -r '.[].id')
if [ -n "$dk_ids" ]; then
 echo " Deploy keys:"
 echo "$dk_ids" | sed 's/^/ - /'
 if is_execute_run; then
 for id in $dk_ids; do
 echo " Deleting deploy key $id"
 resp_code=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "$AUTH_HEADER" "$API/repos/$owner/$repo/keys/$id")
 [ "$resp_code" -eq 204 ] && echo " OK" || echo " WARN HTTP $resp_code"
 done
 fi
fi
# Webhooks (hooks)
hooks_json=$(curl -sS -H "$AUTH_HEADER" "$API/repos/$owner/$repo/hooks")
hook_ids=$(echo "$hooks_json" | jq -r '.[].id')
if [ -n "$hook_ids" ]; then
 echo " Webhooks:"
 echo "$hook_ids" | sed 's/^/ - /'
 if is_execute_run; then
 for hid in $hook_ids; do
 echo " Deleting hook $hid"
 resp_code=$(curl -s -o /dev

1 similar comment
Copy link

#!/usr/bin/env bash

destroy_github_all.sh

- Dry-run by default: daftar semua resource yang akan dihapus.

- Untuk benar-benar menjalankan penghapusan, atur EXECUTE="YES_I_UNDERSTAND_DELETE_PERMANENTLY"

- Requires: curl, jq

Usage (dry-run):

GITHUB_TOKEN="ghp_xxx" ./destroy_github_all.sh

To perform destructive actions:

GITHUB_TOKEN="ghp_xxx" EXECUTE="YES_I_UNDERSTAND_DELETE_PERMANENTLY" ./destroy_github_all.sh

set -euo pipefail

Safety checks

if ! command -v curl >/dev/null 2>&1; then
echo "Error: curl diperlukan. Install curl dan ulangi." >&2
exit 2
fi
if ! command -v jq >/dev/null 2>&1; then
echo "Error: jq diperlukan. Install jq dan ulangi." >&2
exit 2
fi

: "${GITHUB_TOKEN:?GITHUB_TOKEN environment variable must be set (PAT with appropriate scopes)}"

API="https://api.github.com"
AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}"
PER_PAGE=100

Execution guard: must set EXECUTE env to the exact phrase to actually delete.

EXECUTE="${EXECUTE:-}"
EXECUTE_PHRASE="YES_I_UNDERSTAND_DELETE_PERMANENTLY"

is_execute_run() {
[ "$EXECUTE" = "$EXECUTE_PHRASE" ]
}

echo "===== GitHub Mass-Delete Script (dry-run by default) ====="
echo "This script will operate on resources your token has permission to modify."
echo "If you REALLY want to proceed with permanent deletion, set:"
echo " EXECUTE="$EXECUTE_PHRASE""
echo

Helper: paginated GET

paged_get() {
local url="1ドル"
local page=1
while :; do
resp=$(curl -sS -H "$AUTH_HEADER" "$url&per_page=$PER_PAGE&page=$page")
if [ "$(echo "$resp" | jq 'length')" -eq 0 ]; then
break
fi
echo "$resp"
page=$((page+1))
done
}

1) List user info (for safety)

user_login=$(curl -sS -H "$AUTH_HEADER" "$API/user" | jq -r .login)
if [ "$user_login" = "null" ] || [ -z "$user_login" ]; then
echo "Gagal mengambil informasi user. Periksa token." >&2
exit 3
fi
echo "Authenticated as: $user_login"
echo

Confirm interactive prompt before any destructive run (extra guard)

if is_execute_run; then
echo "EXECUTION MODE: WILL PERFORM DELETES (permanent)."
echo "FINAL CHECK: Ketik nama akun Anda EXACTLY untuk melanjutkan: $user_login"
read -r confirmname
if [ "$confirmname" != "$user_login" ]; then
echo "Nama tidak cocok. Dibatalkan."
exit 1
fi
else
echo "DRY-RUN mode: tidak akan melakukan penghapusan. Untuk mengaktifkan penghapusan, set EXECUTE to $EXECUTE_PHRASE"
echo
fi

FUNCTIONS TO COLLECT AND (optionally) DELETE

Delete repositories owned by the authenticated user

handle_repos() {
echo "=== Checking repositories owned by $user_login ==="
repos_json=$(curl -sS -H "$AUTH_HEADER" "$API/user/repos?type=owner&per_page=$PER_PAGE")
repos=$(echo "$repos_json" | jq -r '.[].full_name')
if [ -z "$repos" ]; then
echo "(no owner repos found)"
return
fi

echo "Repositories found (owner):"
echo "$repos" | sed 's/^/ - /'
echo

if is_execute_run; then
for r in $repos; do
echo "Deleting repository: $r"
resp_code=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "$AUTH_HEADER" "$API/repos/$r")
if [ "$resp_code" -eq 204 ]; then
echo " OK: $r deleted"
else
echo " WARNING: Failed to delete $r, HTTP $resp_code"
fi
done
fi
}

Delete gists

handle_gists() {
echo "=== Checking Gists ==="
gists_json=$(curl -sS -H "$AUTH_HEADER" "$API/gists?per_page=$PER_PAGE")
gist_ids=$(echo "$gists_json" | jq -r '.[].id')
if [ -z "$gist_ids" ]; then
echo "(no gists found)"
return
fi
echo "Gists found:"
echo "$gist_ids" | sed 's/^/ - /'
echo
if is_execute_run; then
for gid in $gist_ids; do
echo "Deleting gist $gid"
resp_code=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "$AUTH_HEADER" "$API/gists/$gid")
if [ "$resp_code" -eq 204 ]; then
echo " OK: gist $gid deleted"
else
echo " WARNING: Failed to delete gist $gid, HTTP $resp_code"
fi
done
fi
}

Delete public SSH keys for authenticated user

handle_user_keys() {
echo "=== Checking SSH public keys for user ==="
keys_json=$(curl -sS -H "$AUTH_HEADER" "$API/user/keys")
key_ids=$(echo "$keys_json" | jq -r '.[].id')
if [ -z "$key_ids" ]; then
echo "(no user SSH keys found)"
return
fi
echo "User SSH key IDs:"
echo "$key_ids" | sed 's/^/ - /'
echo
if is_execute_run; then
for kid in $key_ids; do
echo "Deleting SSH key id=$kid"
resp_code=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "$AUTH_HEADER" "$API/user/keys/$kid")
if [ "$resp_code" -eq 204 ]; then
echo " OK: key $kid deleted"
else
echo " WARNING: Failed to delete key $kid, HTTP $resp_code"
fi
done
fi
}

For each repo: delete deploy keys, webhooks, secrets, releases, artifacts

handle_repo_level() {
echo "=== Scanning each owner repo for deploy-keys, webhooks, secrets and releases ==="
repos_json=$(curl -sS -H "$AUTH_HEADER" "$API/user/repos?type=owner&per_page=$PER_PAGE")
repos=$(echo "$repos_json" | jq -r '.[].full_name')
if [ -z "$repos" ]; then
echo "(no owner repos found)"
return
fi
for r in $repos; do
owner=$(echo "$r" | cut -d'/' -f1)
repo=$(echo "$r" | cut -d'/' -f2)
echo "-> Repo: $r"

# Deploy keys
dk_json=$(curl -sS -H "$AUTH_HEADER" "$API/repos/$owner/$repo/keys")
dk_ids=$(echo "$dk_json" | jq -r '.[].id')
if [ -n "$dk_ids" ]; then
 echo " Deploy keys:"
 echo "$dk_ids" | sed 's/^/ - /'
 if is_execute_run; then
 for id in $dk_ids; do
 echo " Deleting deploy key $id"
 resp_code=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "$AUTH_HEADER" "$API/repos/$owner/$repo/keys/$id")
 [ "$resp_code" -eq 204 ] && echo " OK" || echo " WARN HTTP $resp_code"
 done
 fi
fi
# Webhooks (hooks)
hooks_json=$(curl -sS -H "$AUTH_HEADER" "$API/repos/$owner/$repo/hooks")
hook_ids=$(echo "$hooks_json" | jq -r '.[].id')
if [ -n "$hook_ids" ]; then
 echo " Webhooks:"
 echo "$hook_ids" | sed 's/^/ - /'
 if is_execute_run; then
 for hid in $hook_ids; do
 echo " Deleting hook $hid"
 resp_code=$(curl -s -o /dev

Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@diogojoaquim diogojoaquim diogojoaquim left review comments

@ev-max2024 ev-max2024 ev-max2024 approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /