Formatting of Base64 encoded binaries, i.e. long lines with no spaces, separated by newlines is not ideal #585
Labels
bug
Something isn't working
Comments
|
There is a real issue here, but I'm not sure if it should be solved. By default, we assume that the content in YAML is human-readable, and that therefore it's reasonable to assume that it has some whitespace. Further, if we're dealing with multiline content with lines that need folding, we assume that the It's possible to work around this by at least three different ways:
Now, despite all that, it would still be nice to detect the overflow with |
|
Fixed in 2.6.1 |
Blankll
added a commit
to geek-fun/serverlessinsight
that referenced
this issue
Feb 18, 2025
 <h3>Snyk has created this PR to upgrade yaml from 2.6.1 to 2.7.0.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **1 version** ahead of your current version. - The recommended version was released **2 months ago**. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>yaml</b></summary> <ul> <li> <b>2.7.0</b> - <a href="https://github.com/eemeli/yaml/releases/tag/v2.7.0">2024-12-31</a></br><p>The library is now available on JSR as <a href="https://jsr.io/@ eemeli/yaml" rel="nofollow">@ eemeli/yaml</a> and on deno.land/x as <a href="https://deno.land/x/yaml" rel="nofollow">yaml</a>. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.</p> <ul> <li>Use .ts extension in all relative imports (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2704495320" data-permission-text="Title is private" data-url="eemeli/yaml#591" data-hovercard-type="pull_request" data-hovercard-url="/eemeli/yaml/pull/591/hovercard" href="https://github.com/eemeli/yaml/pull/591">#591</a>)</li> <li>Ignore newline after block seq indicator as space before value (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2684051086" data-permission-text="Title is private" data-url="eemeli/yaml#590" data-hovercard-type="issue" data-hovercard-url="/eemeli/yaml/issues/590/hovercard" href="https://github.com/eemeli/yaml/issues/590">#590</a>)</li> <li>Require Node.js 14.18 or later (was 14.6) (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2765423835" data-permission-text="Title is private" data-url="eemeli/yaml#598" data-hovercard-type="issue" data-hovercard-url="/eemeli/yaml/issues/598/hovercard" href="https://github.com/eemeli/yaml/issues/598">#598</a>)</li> </ul> </li> <li> <b>2.6.1</b> - <a href="https://github.com/eemeli/yaml/releases/tag/v2.6.1">2024-11-19</a></br><ul> <li>Do not strip <code>:00</code> seconds from <code>!!timestamp</code> values (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2561052215" data-permission-text="Title is private" data-url="eemeli/yaml#578" data-hovercard-type="pull_request" data-hovercard-url="/eemeli/yaml/pull/578/hovercard" href="https://github.com/eemeli/yaml/pull/578">#578</a>, with thanks to <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/qraynaud/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/qraynaud">@ qraynaud</a>)</li> <li>Tighten regexp for JSON <code>!!bool</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2651384053" data-permission-text="Title is private" data-url="eemeli/yaml#587" data-hovercard-type="pull_request" data-hovercard-url="/eemeli/yaml/pull/587/hovercard" href="https://github.com/eemeli/yaml/pull/587">#587</a>, with thanks to <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/vra5107/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/vra5107">@ vra5107</a>)</li> <li>Default to literal block scalar if folded would overflow (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2594165845" data-permission-text="Title is private" data-url="eemeli/yaml#585" data-hovercard-type="issue" data-hovercard-url="/eemeli/yaml/issues/585/hovercard" href="https://github.com/eemeli/yaml/issues/585">#585</a>)</li> </ul> </li> </ul> from <a href="https://github.com/eemeli/yaml/releases">yaml GitHub release notes</a> </details> </details> --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIzYjkwN2M1MC0zODJkLTQyMjQtYTFhZC02OGFmODhhNWY3MTMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjNiOTA3YzUwLTM4MmQtNDIyNC1hMWFkLTY4YWY4OGE1ZjcxMyJ9fQ==" width="0" height="0"/> > - 🧐 [View latest project report](https://app.snyk.io/org/blankll/project/9c72c875-e7a2-4e68-85a9-7b26a5bc5b32?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template) > - 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/blankll/project/9c72c875-e7a2-4e68-85a9-7b26a5bc5b32/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/blankll/project/9c72c875-e7a2-4e68-85a9-7b26a5bc5b32/settings/integration?pkg=yaml&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"yaml","from":"2.6.1","to":"2.7.0"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"3b907c50-382d-4224-a1ad-68af88a5f713","prPublicId":"3b907c50-382d-4224-a1ad-68af88a5f713","packageManager":"npm","priorityScoreList":[],"projectPublicId":"9c72c875-e7a2-4e68-85a9-7b26a5bc5b32","projectUrl":"https://app.snyk.io/org/blankll/project/9c72c875-e7a2-4e68-85a9-7b26a5bc5b32?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2024-12-31T04:40:47.460Z"},"vulns":[]}' Co-authored-by: snyk-bot <snyk-bot@snyk.io>
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
and others
Describe the bug
I had some Base64 data which I formatted onto lines of length 76 separated by newlines. I embedded it into some data, stringified with YAML and the results looked like:
It would make more sense to use the
|instead of>and then it wouldn't need to put a blank line between each line of data. I can see that it hasn't done that because it sees the lines are long, so it wants to wrap them at spaces, but there are no spaces to wrap.I was able to fix it by shortening my base64 line length, but 76 is the standard for base64.
To Reproduce
Expected behaviour
Versions (please complete the following information):
yaml: 2.6.0The text was updated successfully, but these errors were encountered: