fix(deps): sync package-lock.json with package.json (unblocks CI)#40
Merged
fix(deps): sync package-lock.json with package.json (unblocks CI)#40
Conversation
CI is currently broken on every PR against main with:
npm error Invalid: lock file's @blockrun/llm@1.6.2 does not satisfy
@blockrun/llm@1.13.0
Root cause: commit 208d05b ("chore(deps): bump @blockrun/llm to ^1.13.0
for Solana ESM fix") updated package.json but didn't refresh the
lockfile. The bump landed via direct push to main (not a PR), so the
PR-only `npm ci` check never had a chance to catch the drift. Subsequent
release commits to main extended the gap (project version drifted to
3.15.9 in package.json while the lockfile still recorded 3.10.0).
This commit just runs `npm install --package-lock-only` and commits the
result. No package.json or source changes — only the lockfile gets
re-synced. After this lands, all in-flight PRs (including the docs
banner PR #39) recover their CI without any author action.
Diff summary: 6 insertions, 21 deletions.
- @blockrun/llm 1.6.2 → 1.13.0 (catches up to package.json)
- Project version 3.10.0 → 3.15.9 (catches up to package.json)
- Drops one duplicate transitive utf-8-validate v5.0.10 entry that
npm de-duplicated on regenerate.
Verified locally:
$ npm ci --dry-run
changed 1 package in 291ms
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The previous commit's lockfile regen aggressively de-duplicated the nested jayson/utf-8-validate@5.0.10 entry. Local 'npm ci' on Node 20.20.2 + npm 10.8.2 was happy with the de-dup'd lockfile, but the same node/npm versions on GitHub-hosted Ubuntu CI rejected it with: npm error Missing: utf-8-validate@5.0.10 from lock file (jayson resolves its ws@^7 peer to a flavor that requires utf-8-validate v5.x — npm's de-dup logic on macOS / Apple Silicon evidently considers this satisfiable from the top-level v6.0.6, but Linux CI's resolver treats the v5.x version constraint as separate.) This commit puts the v5.0.10 entry back exactly as main had it, so the lockfile diff vs main is now purely the @blockrun/llm version bump (1.6.2 → 1.13.0) plus the project-version catch-up (3.10.0 → 3.15.9). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CI is currently failing on every PR against main with:
```
npm error Invalid: lock file's @blockrun/llm@1.6.2 does not satisfy @blockrun/llm@1.13.0
```
This blocks PR #39 (docs banner) and any other in-flight PR.
Root cause
Commit `208d05b` ("chore(deps): bump @blockrun/llm to ^1.13.0 for Solana ESM fix") bumped `package.json` but didn't refresh the lockfile. The bump landed via direct push to main, so the PR-only `npm ci` check never had a chance to catch the drift. Subsequent release commits extended the gap — project version drifted to `3.15.9` in package.json while the lockfile still recorded `3.10.0`.
The fix
Just `npm install --package-lock-only` + commit. No package.json or source changes.
```
$ npm ci --dry-run
changed 1 package in 291ms ← passes after this commit
```
Diff summary
`package-lock.json` only — 6 insertions, 21 deletions:
After merge
All in-flight PRs recover their CI without author action. PR #39 in particular needs no changes — its CI will pass on the next run.
Test plan
🤖 Generated with Claude Code