Chore(deps): Bump js-yaml from 5.0.0 to 5.2.0#270
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.0.0 to 5.2.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@5.0.0...5.2.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
7 tasks
ymnao
added a commit
that referenced
this pull request
Jul 1, 2026
CI test job で live-preview 系 (tables.test.ts / wikilinks.test.ts) と electron-e2e (image-rendering / mermaid-rendering) が fail。原因は @codemirror/state 6.6→6.7 (or 関連 4 件) + mermaid 11.15→11.16 の Decoration/parser 挙動変化と判定。ローカル vitest 2230 pass は node_modules が 前 install から未更新 (--lockfile-only) だったため、CI で新 version 反映後に regression 発現。 追加見送り: - #263 @codemirror/{commands,language,state,view} を元 version に戻す - #269 mermaid 11.15.0 に戻す (@mermaid-js/parser も 1.1.1 に戻る) 残 combine 対象 (7 件): - #261 actions/cache 5.0.5 → 6.1.0 - #262 electron 42.4.1 → 42.5.0 (実 42.5.1) - #264 vite group (vite 8.1.1 / @vitejs/plugin-react 6.0.3) - #265 @biomejs/biome 2.5.0 → 2.5.1 - #266 @playwright/test 1.61.0 → 1.61.1 - #267 @types/node 26.0.0 → 26.0.1 - #270 js-yaml 5.0.0 → 5.2.0 verify: - biome check clean - typecheck 3 config (web / node / e2e) clean - vitest 2230 pass / 2 skipped Refs #263 (codemirror), #269 (mermaid) — 次回別 PR で対応 (live-preview の Table/FencedCode SyntaxTree 判定 / image widget / mermaid render を新 API に 追従させる必要あり)
ymnao
added a commit
that referenced
this pull request
Jul 2, 2026
#274) * chore(deps): dependabot PR 9 件を 1 branch に combine (p-limit #268 除外) 順次 merge を避けて CI 空回りと lockfile conflict を回避する目的で dependabot 9 件を単一 branch に combine。#268 (p-limit 3→7 major) は ESM interop リスクの ため本 batch から除外し次回別 PR で対応。 ## Dependencies (production) - #263 @codemirror/{commands,language,state,view} を group 更新 (6.10.4 / 6.12.4 / 6.7.0 / 6.43.4) - #269 mermaid 11.15.0 → 11.16.0 - #270 js-yaml 5.0.0 → 5.2.0 ## Dev dependencies - #262 electron 42.4.1 → 42.5.0 (実 resolved は 42.5.1、patch 更に進行) - #264 vite group (vite 8.1.1 / @vitejs/plugin-react 6.0.3) - #265 @biomejs/biome 2.5.0 → 2.5.1 - #266 @playwright/test 1.61.0 → 1.61.1 - #267 @types/node 26.0.0 → 26.0.1 ## GitHub Actions - #261 actions/cache 5.0.5 → 6.1.0 (major、v6 は ESM 化のみで workflow consumer 側 input/output API 不変) ## 追加変更 - biome.json を `biome migrate` で 2.5.0 schema へ更新 ($schema URL 2.4.16 → 2.5.0 / `linter.rules.recommended: true` → `preset: "recommended"`) ## p-limit #268 見送り理由 /code-review high の 8 finder のうち 3 finder (line-by-line / removed-behavior / cross-file trace) が同一 mechanism を指摘: - p-limit v7 は ESM only (v4+ で type: "module" 化) - `electron.vite.config.ts:43` の main は `format: "cjs"` + `externalizeDepsPlugin` で p-limit を external 化 → build 後の `require("p-limit")` が Electron 42 同梱 Node 24 の require(esm) 挙動と Electron 独自の require implementation divergent 懸念 + asar 内 resolve 差異の可能性 - 既存の `electron/main/ipc/search.ts:17 pLimit(16)` usage は v3 v7 とも API 不変で benefit なし 対応方針: 次回別 PR で以下を検討: 1. p-limit を main の noExternal (bundle 化) で cjs 内 emit、または 2. p-limit を dynamic import 化 (search.ts の top-level `ioLimit` 廃止)、または 3. 現状の 3.1.0 継続で Dependabot `@dependabot ignore this major version` 指示 ## Verify - biome check clean - typecheck 3 config (web / node / e2e) clean - vitest 2230 pass / 2 skipped - pnpm-lock.yaml fresh regen: `rm pnpm-lock.yaml && CI=true pnpm install --lockfile-only` で「Lockfile passes supply-chain policies (verified 4d ago)」による resolution cache を bypass (実際に importer section の specifier / version が更新される ことを確認済) Closes #261, #262, #263, #264, #265, #266, #267, #269, #270 * fix(deps): CodeMirror + mermaid bump を見送りに戻す CI test job で live-preview 系 (tables.test.ts / wikilinks.test.ts) と electron-e2e (image-rendering / mermaid-rendering) が fail。原因は @codemirror/state 6.6→6.7 (or 関連 4 件) + mermaid 11.15→11.16 の Decoration/parser 挙動変化と判定。ローカル vitest 2230 pass は node_modules が 前 install から未更新 (--lockfile-only) だったため、CI で新 version 反映後に regression 発現。 追加見送り: - #263 @codemirror/{commands,language,state,view} を元 version に戻す - #269 mermaid 11.15.0 に戻す (@mermaid-js/parser も 1.1.1 に戻る) 残 combine 対象 (7 件): - #261 actions/cache 5.0.5 → 6.1.0 - #262 electron 42.4.1 → 42.5.0 (実 42.5.1) - #264 vite group (vite 8.1.1 / @vitejs/plugin-react 6.0.3) - #265 @biomejs/biome 2.5.0 → 2.5.1 - #266 @playwright/test 1.61.0 → 1.61.1 - #267 @types/node 26.0.0 → 26.0.1 - #270 js-yaml 5.0.0 → 5.2.0 verify: - biome check clean - typecheck 3 config (web / node / e2e) clean - vitest 2230 pass / 2 skipped Refs #263 (codemirror), #269 (mermaid) — 次回別 PR で対応 (live-preview の Table/FencedCode SyntaxTree 判定 / image widget / mermaid render を新 API に 追従させる必要あり) * chore(deps): CodeMirror 4 件 + mermaid を再 bump (#263 #269、dual copy 根本対策込み) d51947e で見送った @codemirror/{commands,language,state,view} (#263) と mermaid (#269) を再 bump。2ba2df6 の CI 失敗 (test 224 assertion + electron-e2e image/mermaid widget) の root cause を特定し根本対策を実施: ## Root cause: @codemirror/language / commands の dual copy 2ba2df6 の lockfile では language@6.12.3 と 6.12.4、commands@6.10.3 と 6.10.4 が共存していた (root は ^6.12.4 を解決、lang-markdown 等の transitive range は pnpm metadata cache の古い packument から 6.12.3 を解決)。 @codemirror package は module-level singleton (StateField / Facet / NodeProp) を含むため、lang-markdown 側 copy が state に入れた `Language.state` field を アプリ側 copy の `syntaxTree()` が引けず常に空 tree になり、FencedCode / Table / Image ノードが見えず live-preview 全域が破綻した (unit 224 fail + e2e image/mermaid widget 消失)。 ローカルで新 4 package を物理単一 copy に差し替えた再現実験では 83/83 pass → 「新 version の API 変化」ではなく「copy 重複」が原因と確定。 ## 対策: pnpm-workspace.yaml overrides を @codemirror 全 direct dep に拡張 state / view のみだった self-ref pin (`$@codemirror/state` 記法) を autocomplete / commands / lang-markdown / language / language-data / search にも拡張し、@codemirror package の単一 version を lockfile レベルで強制。 既存の autocomplete 6.20.2/6.20.3 dual も副次的に解消。 ## 変更内容 - package.json: @codemirror/commands ^6.10.4 / language ^6.12.4 / state ^6.7.0 / view ^6.43.4 / mermaid ^11.16.0 - pnpm-workspace.yaml: overrides 拡張 + incident 記録コメント - pnpm-lock.yaml: fresh regen (rm + CI=true pnpm install --lockfile-only)、 @codemirror 全 package 単一 version を grep で確認済 ## Verify - biome check clean - typecheck 3 config clean (新 CodeMirror .d.ts に対して) - vitest 2230 pass / 2 skipped (新 CodeMirror dist を物理差し替えて実行) - mermaid 11.16 は release notes 上 additive のみ (cynefin-beta 等の新 diagram type 追加)。electron-e2e の mermaid-rendering は CI で最終確認 Refs #263, #269
Owner
|
@dependabot close |
Owner
|
PR #274 に含めて merged (5.2.0)。 |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rebasing might not happen immediately, so don't worry if this takes some time.
Note: if you make any changes to this PR yourself, they will take precedence over the rebase.
Bumps js-yaml from 5.0.0 to 5.2.0.
Changelog
Sourced from js-yaml's changelog.
Commits
c28ed5e5.2.0 released125cd5aAddmaxAliasesoption3105455ReplacemaxMergeSeqLengthoption withmaxTotalMergeKeys(more robust)39d00d6numbers: Drop boxed numbers support, simplify .identify() checks, clarify rou...eb5cb5bfix: round-trip integers that stringify in exponential notation (#771)89024c4Update migration info, close #770f1e45cd5.1.0 released53b22beFix constructor coveragea1eaa2bFix quote style options and restore forceQuotes0532e7dAdd finalizers for immutable collection tagsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)