refactor(config): standardize the workspace on serde_yaml_ng for YAML parsing by jd · Pull Request #1447 · Mergifyio/mergify-cli

jd · 2026-05-19T15:16:01Z

The workspace had two YAML parsers — both forks of the archived
dtolnay/serde-yaml. mergify-config used serde_norway for
.mergify.yml; mergify-ci used serde_yaml_ng for merge-queue
metadata in PR bodies and git notes. Same job, two crates, two
transitive unsafe-libyaml* trees in Cargo.lock.

Standardize on serde_yaml_ng for both. The decision is grounded
in concrete signal, not vibe:

Metric serde_norway serde_yaml_ng
───────────────────────── ───────────── ─────────────
Reverse-deps on lib.rs 229 (78 dir.) 618 (349 dir.)
GitHub stars 53 109
Last commit 2025-08-04 2025-09-14
Bus factor (recent prs) 1 (solo) merges externals
Maintainer statement v0.9.40 title README: explicit
"I'm gonna upstream-compat
maintain this" intent
unsafe-libyaml backend forked ("…- canonical
norway")
Open since 2024-06-10 2024-05-03
License Apache-2.0 MIT (= upstream)

serde_yaml_ng wins on every axis that matters for the "will this
still be alive in two years" question: three-times the ecosystem
adoption, more recent activity, accepts third-party PRs, declares
the maintenance commitment in writing, and uses the canonical
unsafe-libyaml rather than a parallel-fork backend.

Functional surface is identical for both of our use shapes —
from_str to a typed struct for ci, from_str to Value
then convert to serde_json::Value for config validation.
Migration is purely a rename at the one call site.

Cargo.lock drops serde_norway and unsafe-libyaml-norway.

Co-Authored-By: Claude Opus 4.7 noreply@anthropic.com

Depends-On: #1446

jd · 2026-05-19T15:16:09Z

This pull request is part of a Mergify stack:

#	Pull Request	Link
1	refactor(ci): swap uuid for getrandom in the GHA heredoc delimiter	#1446
2	refactor(config): standardize the workspace on serde_yaml_ng for YAML parsing	#1447	👈
3	test(ci): add live smoke test for `ci scopes` select-all path	#1460
4	feat(rust): port `ci scopes` to native Rust	#1461
5	feat(ci): swap Python's JUnit XML parser for the native Rust parser	#1465
6	feat(ci): swap Python's OTLP encode+upload for the native Rust pipeline	#1466
7	feat(ci): promote `ci junit-process` and its `junit-upload` alias to native Rust	#1467

mergify · 2026-05-19T15:16:30Z

jd · 2026-05-20T08:42:44Z

Revision history

#	Type	Changes	Date
1	initial	`eb8ab2e`	2026-05-20 08:42 UTC
2	rebase	`eb8ab2e → 64b2cf0` (rebase only)	2026-05-20 08:42 UTC
3	rebase	`64b2cf0 → a27051b` (rebase only)	2026-05-20 09:05 UTC
4	rebase	`a27051b → 6a85692` (rebase only)	2026-05-21 07:25 UTC
5	rebase	`6a85692 → 7b8cc37` (rebase only)	2026-05-21 07:56 UTC
6	rebase	`7b8cc37 → a428fc1` (rebase only)	2026-05-21 12:39 UTC
7	rebase	`a428fc1 → 5202142` (rebase only)	2026-05-22 07:10 UTC
8	rebase	`5202142 → dbda41d` (rebase only)	2026-05-22 14:40 UTC
9	rebase	`dbda41d → 0ebb4a3` (rebase only)	2026-05-27 07:53 UTC
10	rebase	`0ebb4a3 → 47ac6dc` (rebase only)	2026-05-27 08:27 UTC
11	rebase	`47ac6dc → fb6f38c` (rebase only)	2026-05-27 10:04 UTC
12	rebase	`3105241 → 2f82693` (rebase only)	2026-05-28 09:45 UTC
13	rebase	`2f82693 → f4fe757` (rebase only)	2026-05-29 06:35 UTC

Pull request has been modified.

`ci queue-info::write_github_output` formatted a unique `ghadelimiter_<uuid-v4>` to guard against a metadata payload that happens to contain its own heredoc delimiter. The actual contract is "32 unpredictable hex chars", not "a UUID per RFC 4122" — the delimiter is never parsed by anyone, only matched as a string. Pull 16 random bytes straight from `getrandom::fill` and hex-encode them. Drops `uuid` from the direct deps (it stays unreferenced and disappears from `Cargo.lock`), with `getrandom` taking its place — which `uuid` was already pulling in transitively, so the net add is zero new code shipped to the binary. The local helper is six lines. Same blast radius for a maintainer-attack story, smaller surface to read. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Change-Id: Ib6599e9b6fca49281186b726a63e4641fa32596e

… parsing The workspace had two YAML parsers — both forks of the archived `dtolnay/serde-yaml`. `mergify-config` used `serde_norway` for `.mergify.yml`; `mergify-ci` used `serde_yaml_ng` for merge-queue metadata in PR bodies and git notes. Same job, two crates, two transitive `unsafe-libyaml*` trees in Cargo.lock. Standardize on `serde_yaml_ng` for both. The decision is grounded in concrete signal, not vibe: Metric serde_norway serde_yaml_ng ───────────────────────── ───────────── ───────────── Reverse-deps on lib.rs 229 (78 dir.) 618 (349 dir.) GitHub stars 53 109 Last commit 2025-08-04 2025-09-14 Bus factor (recent prs) 1 (solo) merges externals Maintainer statement v0.9.40 title README: explicit "I'm gonna upstream-compat maintain this" intent unsafe-libyaml backend forked ("…- canonical norway") Open since 2024-06-10 2024-05-03 License Apache-2.0 MIT (= upstream) `serde_yaml_ng` wins on every axis that matters for the "will this still be alive in two years" question: three-times the ecosystem adoption, more recent activity, accepts third-party PRs, declares the maintenance commitment in writing, and uses the canonical `unsafe-libyaml` rather than a parallel-fork backend. Functional surface is identical for both of our use shapes — `from_str` to a typed struct for ci, `from_str` to `Value` then convert to `serde_json::Value` for config validation. Migration is purely a rename at the one call site. Cargo.lock drops `serde_norway` and `unsafe-libyaml-norway`. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Change-Id: If5d28d2c4259127181bace5bafb0ac02c78d8f7b

Pull request has been modified.

mergify · 2026-05-29T07:21:57Z

mergify Bot had a problem deploying to Mergify Merge Protections May 19, 2026 15:16 Failure

jd temporarily deployed to func-tests-live May 19, 2026 15:16 — with GitHub Actions Inactive

This was referenced May 19, 2026

refactor(tui): share StyledGlyph across queue show/status renderers #1444

Merged

refactor(queue): drop indexmap, group_by_scope returns a Vec<(K, V)> #1445

Merged

refactor(ci): swap uuid for getrandom in the GHA heredoc delimiter #1446

Merged

mergify Bot requested a review from a team May 19, 2026 15:33

jd marked this pull request as ready for review May 20, 2026 07:27

sileht previously approved these changes May 20, 2026

View reviewed changes

mergify Bot requested a review from a team May 20, 2026 07:42

jd force-pushed the devs/jd/worktree-rust-port/standardize-workspace-serde-yaml-ng-yaml-parsing--f5d28d2c branch from eb8ab2e to 64b2cf0 Compare May 20, 2026 08:42

jd force-pushed the devs/jd/worktree-rust-port/swap-uuid-getrandom-gha-heredoc-delimiter--b6599e9b branch from 2cd6b4f to 5cd88c9 Compare May 20, 2026 08:42

jd temporarily deployed to func-tests-live May 20, 2026 08:42 — with GitHub Actions Inactive

mergify Bot had a problem deploying to Mergify Merge Protections May 20, 2026 08:43 Failure

jd force-pushed the devs/jd/worktree-rust-port/standardize-workspace-serde-yaml-ng-yaml-parsing--f5d28d2c branch from 47ac6dc to fb6f38c Compare May 27, 2026 10:04

jd temporarily deployed to func-tests-live May 27, 2026 10:04 — with GitHub Actions Inactive

mergify Bot had a problem deploying to Mergify Merge Protections May 27, 2026 10:06 Failure

jd force-pushed the devs/jd/worktree-rust-port/swap-uuid-getrandom-gha-heredoc-delimiter--b6599e9b branch from 9a6412d to e95b052 Compare May 28, 2026 07:44

jd force-pushed the devs/jd/worktree-rust-port/standardize-workspace-serde-yaml-ng-yaml-parsing--f5d28d2c branch from fb6f38c to 3105241 Compare May 28, 2026 07:44

jd temporarily deployed to func-tests-live May 28, 2026 07:44 — with GitHub Actions Inactive

mergify Bot had a problem deploying to Mergify Merge Protections May 28, 2026 07:45 Failure

JulianMaurin previously approved these changes May 28, 2026

View reviewed changes

mergify Bot requested a review from a team May 28, 2026 09:26

jd force-pushed the devs/jd/worktree-rust-port/standardize-workspace-serde-yaml-ng-yaml-parsing--f5d28d2c branch from 3105241 to 2f82693 Compare May 28, 2026 09:45

jd force-pushed the devs/jd/worktree-rust-port/swap-uuid-getrandom-gha-heredoc-delimiter--b6599e9b branch from e95b052 to aa78c91 Compare May 28, 2026 09:45

jd temporarily deployed to func-tests-live May 28, 2026 09:45 — with GitHub Actions Inactive

mergify Bot had a problem deploying to Mergify Merge Protections May 28, 2026 09:45 Failure

JulianMaurin previously approved these changes May 29, 2026

View reviewed changes

mergify Bot requested a review from a team May 29, 2026 05:35

jd and others added 2 commits May 29, 2026 08:33

jd force-pushed the devs/jd/worktree-rust-port/standardize-workspace-serde-yaml-ng-yaml-parsing--f5d28d2c branch from 2f82693 to f4fe757 Compare May 29, 2026 06:35

jd temporarily deployed to func-tests-live May 29, 2026 06:35 — with GitHub Actions Inactive

mergify Bot deployed to Mergify Merge Protections May 29, 2026 06:35 Active

Base automatically changed from devs/jd/worktree-rust-port/swap-uuid-getrandom-gha-heredoc-delimiter--b6599e9b to main May 29, 2026 07:06

kozlek approved these changes May 29, 2026

View reviewed changes

mergify Bot requested a review from a team May 29, 2026 07:21

JulianMaurin approved these changes May 29, 2026

View reviewed changes

This was referenced May 29, 2026

merge queue: embarking main (e387cbb) and #1447 together #1483

Closed

merge queue: embarking main (02126f5) and #1460 together #1484

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor(config): standardize the workspace on serde_yaml_ng for YAML parsing#1447

refactor(config): standardize the workspace on serde_yaml_ng for YAML parsing#1447
mergify[bot] merged 2 commits into
mainfrom
devs/jd/worktree-rust-port/standardize-workspace-serde-yaml-ng-yaml-parsing--f5d28d2c

jd commented May 19, 2026

Uh oh!

jd commented May 19, 2026 •

edited

Loading

Uh oh!

mergify Bot commented May 19, 2026 •

edited

Loading

Uh oh!

jd commented May 20, 2026 •

edited

Loading

Uh oh!

mergify Bot commented May 29, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants

Conversation

jd commented May 19, 2026

Uh oh!

jd commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mergify Bot commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Merge Protections

🟢 ⛓️ Depends-On Requirements

🟢 🤖 Continuous Integration

🟢 👀 Review Requirements

🟢 Enforce conventional commit

🟢 🔎 Reviews

🟢 📕 PR description

Uh oh!

jd commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Revision history

Uh oh!

mergify Bot commented May 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Merge Queue Status

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants

jd commented May 19, 2026 •

edited

Loading

mergify Bot commented May 19, 2026 •

edited

Loading

jd commented May 20, 2026 •

edited

Loading

mergify Bot commented May 29, 2026 •

edited

Loading