v5.0.0
TL;DR
v5 is a major release for json-yaml-validate: the action now runs on node24, the internals have been rewritten in TypeScript, the runtime dependency surface is much smaller, path handling is stricter, and several new validation workflows are supported.
Most users can start by changing workflow references from GrantBirki/json-yaml-validate@v4 to GrantBirki/json-yaml-validate@v5, but please review the v4 to v5 migration guide before updating protected CI jobs.
Highlights
- Rewrote the action from JavaScript to TypeScript and moved the runtime to
node24. - Reduced runtime dependencies by replacing several packages with native implementations for action core behavior, PR comments, file discovery, coverage badge generation, and legacy YAML schema validation.
- Hardened validation path handling so explicit files, schemas, base directories, and schema mappings must resolve to regular files or directories inside the workspace.
- Allowed multi-document YAML by default, matching common Kubernetes-style YAML usage. Set
allow_multiple_documents: "false"to preserve the old default. - Added support for single-line, space-separated
filesinput values. - Added
schema_mappingsfor validating different file groups against different JSON or YAML schemas in one action step. - Added local-only inline schema discovery with
use_inline_schemafor JSON$schemareferences and YAML language-server schema comments whenyaml_as_jsonis enabled. - Added
comment_on_successandupdate_commentso PR comments can be less noisy while still surfacing validation status. - Strengthened tests, acceptance coverage, workflow hardening, package checks, and CI coverage thresholds.
Upgrade Notes
- Self-hosted runners must support JavaScript actions that run on
node24. - v5 intentionally rejects validation paths that escape the checked-out workspace or resolve through symlinks outside the workspace.
- File paths in logs and PR comments now prefer workspace-relative paths.
- JSON schema file skipping is now exact after realpath normalization, rather than substring-based.
update_commentonly updates matching validation comments authored bygithub-actions[bot].
See the full migration guide for examples and compatibility notes.
What's Changed
- Bump github/codeql-action from 3 to 4 in the github-actions group by @dependabot[bot] in #96
- Add agent guide by @GrantBirki in #118
- Harden unit test coverage by @GrantBirki in #119
- Harden acceptance coverage by @GrantBirki in #120
- Slim Node dependencies by @GrantBirki in #122
- Update Node dependencies by @GrantBirki in #123
- Migrate action to TypeScript by @GrantBirki in #124
- Consolidate agent guidance by @GrantBirki in #125
- Pin workflow action references by @GrantBirki in #126
- Support flat files input lists by @GrantBirki in #127
- Add success PR comments by @GrantBirki in #128
- Support updating PR comments by @GrantBirki in #129
- Fix YAML schema keyword field validation by @GrantBirki in #130
- Fix JSON meta-schema validation by @GrantBirki in #131
- Update AGENTS guidance from issue work by @GrantBirki in #132
- Support schema mappings by @GrantBirki in #133
- Support local inline schemas by @GrantBirki in #134
- Default to multi-document YAML validation by @GrantBirki in #135
- Update fast-uri security patch by @GrantBirki in #136
- Deduplicate validation file outcomes by @GrantBirki in #137
- Harden action workflows and PR comment updates by @GrantBirki in #138
- Harden validation path handling by @GrantBirki in #139
- Add v5 migration guide by @GrantBirki in #141
- Normalize schema mapping overlap checks by @GrantBirki in #140
- Update docs examples for v5 by @GrantBirki in #142
- Strengthen branch coverage tests by @GrantBirki in #143
Full Changelog: v4.0.0...v5.0.0