Skip to content

chore(deps): bump js-yaml from 4.1.1 to 4.2.0 #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump js-yaml from 4.1.1 to 4.2.0 #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion apps/web/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
"@octokit/rest": "^22.0.1",
"codemirror": "^6.0.2",
"idb": "^8.0.3",
"js-yaml": "^4.1.0",
"js-yaml": "^4.2.0",
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Jun 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify resolved js-yaml versions across lockfiles/manifests
rg -n --glob '**/package.json' '"js-yaml"\s*:\s*"\^?4\.[0-9]+\.[0-9]+"' -C1
rg -n --glob '**/pnpm-lock.yaml' '^\s*js-yaml@' -A3 -B1

Repository: OpenDevFlow/md-latex

Length of output: 1340

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect pnpm workspace config and common pnpm config for lockfile handling
ls -la
fd -t f "pnpm-workspace.yaml" -a . || true
rg -n --hidden --no-ignore-vcs "lockfile-dir" . || true
rg -n --hidden --no-ignore-vcs "pnpm-lock\.yaml" . || true

# Check root package manager scripts that might run pnpm from repo root vs from apps/web
fd -t f "package.json" . | head -n 50
rg -n '"(pnpm|corepack|npm)\s+(i|install|ci)"' package.json apps/web/package.json pnpm-workspace.yaml 2>/dev/null || true

# Inspect apps/web package.json for any install hints
if [ -f apps/web/package.json ]; then
  cat -n apps/web/package.json | sed -n '1,120p'
fi

# Inspect apps/web lockfile version/resolution context quickly
if [ -f apps/web/pnpm-lock.yaml ]; then
  rg -n "js-yaml@4\.1\.1:" apps/web/pnpm-lock.yaml -n -C2 || true
fi

Repository: OpenDevFlow/md-latex

Length of output: 3415

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== pnpm-workspace.yaml ==="
cat pnpm-workspace.yaml

echo "=== .npmrc files (lockfile-dir / settings) ==="
fd -t f -a .npmrc -H . || true
fd -t f -a "*.npmrc" . || true
rg -n --hidden --no-ignore-vcs "lockfile-dir" .npmrc . || true
rg -n --hidden --no-ignore-vcs "(store-dir|lockfile-dir|package-manager|pnpm-lock)" .npmrc package.json . || true

echo "=== Look for pnpm install/ci commands referencing apps/web lockfile ==="
rg -n --hidden --no-ignore-vcs "pnpm\s+(i|install|ci)\b|--lockfile-dir|pnpm-lock\.yaml" .github apps package.json pnpm-workspace.yaml turbo.json README.md || true

echo "=== Check if apps/web has its own scripts invoking pnpm from inside apps/web ==="
cat -n apps/web/package.json | sed -n '1,120p'

Repository: OpenDevFlow/md-latex

Length of output: 2786

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== .github/workflows/test.yml ==="
cat .github/workflows/test.yml | sed -n '1,120p'

echo "=== .github/workflows/deploy.yml ==="
cat .github/workflows/deploy.yml | sed -n '1,120p'

echo "=== .github/workflows/code-quality.yml ==="
cat .github/workflows/code-quality.yml | sed -n '1,120p'

echo "=== apps/web/README.md ==="
cat -n apps/web/README.md | sed -n '1,120p'

echo "=== README.md install instructions (root) ==="
cat -n README.md | sed -n '40,90p'

Repository: OpenDevFlow/md-latex

Length of output: 8748

Stale apps/web/pnpm-lock.yaml (CI likely unaffected due to root lockfile)

  • apps/web/package.json requests js-yaml ^4.2.0, but apps/web/pnpm-lock.yaml still pins js-yaml@4.1.1.
  • GitHub Actions runs pnpm install --frozen-lockfile from the repo root, where pnpm-lock.yaml already resolves js-yaml@4.2.0, so the bump should apply in CI.
  • Regenerate apps/web/pnpm-lock.yaml (or remove it and rely on the root lockfile) to avoid standalone apps/web installs resolving js-yaml@4.1.1.
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/web/package.json` at line 24, The web app's package.json requests
js-yaml ^4.2.0 but the app's pnpm-lock.yaml still pins js-yaml@4.1.1; regenerate
or remove the app-specific lockfile so the lock matches the declared dependency.
Update the web app's pnpm-lock.yaml by running a fresh install (pnpm install)
from the app workspace or delete the app-level pnpm-lock.yaml to rely on the
root pnpm-lock.yaml, then commit the regenerated lockfile so js-yaml resolves to
4.2.0 in standalone installs; ensure the package.json dependency entry
("js-yaml": "^4.2.0") and the app lockfile are consistent.

"jszip": "^3.10.1",
"katex": "^0.17.0",
"next": "16.2.6",
Expand Down
2 changes: 1 addition & 1 deletion packages/transpiler/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"clean": "rm -rf dist"
},
"dependencies": {
"js-yaml": "^4.1.0",
"js-yaml": "^4.2.0",
"remark-frontmatter": "^5.0.0",
"remark-gfm": "^4.0.0",
"remark-math": "^6.0.0",
Expand Down
20 changes: 10 additions & 10 deletions pnpm-lock.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading