Skip to content

chore(deps): bump js-yaml from 4.2.0 to 5.1.0#23

Merged
wavyx merged 1 commit into
mainfrom
chore-js-yaml-5
Jul 8, 2026
Merged

chore(deps): bump js-yaml from 4.2.0 to 5.1.0#23
wavyx merged 1 commit into
mainfrom
chore-js-yaml-5

Conversation

@wavyx

@wavyx wavyx commented Jul 8, 2026

Copy link
Copy Markdown
Owner

Bumps js-yaml from 4.2.0 to 5.1.0.

js-yaml 5 is ESM-only and no longer provides a default export, which is why dependabot's #19 failed CI (SyntaxError: The requested module 'js-yaml' does not provide an export). This PR does the same bump and switches src/lib/output/yaml.js to a named import. Verified dump(data, { lineWidth: -1 }) behaves identically on v5 (no line wrapping, same output shape); full test suite passes (730 tests).

Replaces #19.

https://claude.ai/code/session_01WFtdR1yhvYG6SjWhhMcsaE

Greptile Summary

This PR migrates js-yaml from 4.2.0 to 5.2.1 and updates the single import site in src/lib/output/yaml.js to use the named export { dump }, which is required because js-yaml v5 removed its default export.

  • src/lib/output/yaml.js: Default import replaced with import { dump } from 'js-yaml'; the dump(data, { lineWidth: -1 }) call is unchanged and lineWidth remains a valid option in v5.
  • package.json / package-lock.json: Dependency bumped to 5.2.1; the lock file correctly reflects the new version, integrity hash, and updated binary path (bin/js-yaml.mjs).

Confidence Score: 4/5

Safe to merge — the only usage of js-yaml is a single dump call with an option (lineWidth: -1) that is confirmed supported in v5, and the named-import fix is correct.

The code change itself is minimal and correct. The one thing worth revisiting before merging is that package.json now pins js-yaml with a semver range (^5.2.1) while every other dependency in the file uses an exact version — a future npm install could pull in an untested minor without a deliberate lock-file bump.

package.json — version specifier style inconsistency with other pinned dependencies.

Important Files Changed

Filename Overview
src/lib/output/yaml.js Switches from default import to named import { dump } — required in js-yaml v5 since the default export was removed. lineWidth: -1 option is confirmed still valid in v5.
package.json Bumps js-yaml from pinned 4.2.0 to semver range ^5.2.1, breaking from the exact-pin convention used for most other dependencies in this file.
package-lock.json Lock file updated to js-yaml 5.2.1 with correct integrity hash and updated binary path from bin/js-yaml.js to bin/js-yaml.mjs.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["formatYaml(data)"] --> B["import { dump } from 'js-yaml'"]
    B --> C["dump(data, { lineWidth: -1 })"]
    C --> D[".trimEnd()"]
    D --> E["YAML string output"]

    subgraph "js-yaml v4 (before)"
        F["import yaml from 'js-yaml'"]
        G["yaml.dump(data, ...)"]
    end

    subgraph "js-yaml v5 (after)"
        H["import { dump } from 'js-yaml'"]
        I["dump(data, ...)"]
    end

    F --> G
    H --> I
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A["formatYaml(data)"] --> B["import { dump } from 'js-yaml'"]
    B --> C["dump(data, { lineWidth: -1 })"]
    C --> D[".trimEnd()"]
    D --> E["YAML string output"]

    subgraph "js-yaml v4 (before)"
        F["import yaml from 'js-yaml'"]
        G["yaml.dump(data, ...)"]
    end

    subgraph "js-yaml v5 (after)"
        H["import { dump } from 'js-yaml'"]
        I["dump(data, ...)"]
    end

    F --> G
    H --> I
Loading

Fix All in Claude Code

Reviews (1): Last reviewed commit: "chore(deps): bump js-yaml from 4.2.0 to ..." | Re-trigger Greptile

Greptile also left 1 inline comment on this PR.

js-yaml 5 is ESM-only with named exports; switch the formatter to a
named import. Replaces dependabot PR #19, which could not build.

Claude-Session: https://claude.ai/code/session_01WFtdR1yhvYG6SjWhhMcsaE
@codecov-commenter

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Comment thread package.json
"conf": "15.1.0",
"debug": "4.4.3",
"js-yaml": "4.2.0",
"js-yaml": "^5.2.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 The version specifier changed from a pinned value (4.2.0) to a semver range (^5.2.1). Every other pinned dependency in this file uses an exact version (e.g. "cli-table3": "0.6.5", "conf": "15.1.0", "debug": "4.4.3"). Using ^ here means any future npm install in CI or by a contributor could silently pull in a newer js-yaml minor that introduces additional breaking changes without a lock-file update committing to a reviewed version.

Suggested change
"js-yaml": "^5.2.1",
"js-yaml": "5.2.1",

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Fix in Claude Code

@wavyx wavyx merged commit 5d56ee3 into main Jul 8, 2026
12 checks passed
@wavyx wavyx deleted the chore-js-yaml-5 branch July 8, 2026 20:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants