chore(deps): bump js-yaml from 4.2.0 to 5.1.0#23
Conversation
js-yaml 5 is ESM-only with named exports; switch the formatter to a named import. Replaces dependabot PR #19, which could not build. Claude-Session: https://claude.ai/code/session_01WFtdR1yhvYG6SjWhhMcsaE
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
| "conf": "15.1.0", | ||
| "debug": "4.4.3", | ||
| "js-yaml": "4.2.0", | ||
| "js-yaml": "^5.2.1", |
There was a problem hiding this comment.
The version specifier changed from a pinned value (
4.2.0) to a semver range (^5.2.1). Every other pinned dependency in this file uses an exact version (e.g. "cli-table3": "0.6.5", "conf": "15.1.0", "debug": "4.4.3"). Using ^ here means any future npm install in CI or by a contributor could silently pull in a newer js-yaml minor that introduces additional breaking changes without a lock-file update committing to a reviewed version.
| "js-yaml": "^5.2.1", | |
| "js-yaml": "5.2.1", |
Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
Bumps js-yaml from 4.2.0 to 5.1.0.
js-yaml 5 is ESM-only and no longer provides a default export, which is why dependabot's #19 failed CI (
SyntaxError: The requested module 'js-yaml' does not provide an export). This PR does the same bump and switchessrc/lib/output/yaml.jsto a named import. Verifieddump(data, { lineWidth: -1 })behaves identically on v5 (no line wrapping, same output shape); full test suite passes (730 tests).Replaces #19.
https://claude.ai/code/session_01WFtdR1yhvYG6SjWhhMcsaE
Greptile Summary
This PR migrates
js-yamlfrom4.2.0to5.2.1and updates the single import site insrc/lib/output/yaml.jsto use the named export{ dump }, which is required because js-yaml v5 removed its default export.src/lib/output/yaml.js: Default import replaced withimport { dump } from 'js-yaml'; thedump(data, { lineWidth: -1 })call is unchanged andlineWidthremains a valid option in v5.package.json/package-lock.json: Dependency bumped to5.2.1; the lock file correctly reflects the new version, integrity hash, and updated binary path (bin/js-yaml.mjs).Confidence Score: 4/5
Safe to merge — the only usage of js-yaml is a single
dumpcall with an option (lineWidth: -1) that is confirmed supported in v5, and the named-import fix is correct.The code change itself is minimal and correct. The one thing worth revisiting before merging is that
package.jsonnow pins js-yaml with a semver range (^5.2.1) while every other dependency in the file uses an exact version — a futurenpm installcould pull in an untested minor without a deliberate lock-file bump.package.json — version specifier style inconsistency with other pinned dependencies.
Important Files Changed
{ dump }— required in js-yaml v5 since the default export was removed.lineWidth: -1option is confirmed still valid in v5.4.2.0to semver range^5.2.1, breaking from the exact-pin convention used for most other dependencies in this file.bin/js-yaml.jstobin/js-yaml.mjs.Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A["formatYaml(data)"] --> B["import { dump } from 'js-yaml'"] B --> C["dump(data, { lineWidth: -1 })"] C --> D[".trimEnd()"] D --> E["YAML string output"] subgraph "js-yaml v4 (before)" F["import yaml from 'js-yaml'"] G["yaml.dump(data, ...)"] end subgraph "js-yaml v5 (after)" H["import { dump } from 'js-yaml'"] I["dump(data, ...)"] end F --> G H --> I%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%% flowchart TD A["formatYaml(data)"] --> B["import { dump } from 'js-yaml'"] B --> C["dump(data, { lineWidth: -1 })"] C --> D[".trimEnd()"] D --> E["YAML string output"] subgraph "js-yaml v4 (before)" F["import yaml from 'js-yaml'"] G["yaml.dump(data, ...)"] end subgraph "js-yaml v5 (after)" H["import { dump } from 'js-yaml'"] I["dump(data, ...)"] end F --> G H --> IReviews (1): Last reviewed commit: "chore(deps): bump js-yaml from 4.2.0 to ..." | Re-trigger Greptile