Skip to content

Bump js-yaml from 3.14.1 to removed in the npm_and_yarn group across 1 directory#69

Merged
francinelucca merged 3 commits into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-670587bf58
Jul 2, 2026
Merged

Bump js-yaml from 3.14.1 to removed in the npm_and_yarn group across 1 directory#69
francinelucca merged 3 commits into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-670587bf58

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 1 update in the / directory: js-yaml.

Removes js-yaml

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 18, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 18, 2026 20:58
@francinelucca

Copy link
Copy Markdown
Contributor

@copilot fix CI

Copilot AI commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

@copilot fix CI

Fixed in commit that updated .github/workflows/nodejs.yml to use Node.js 18.x. The CI was failing with TypeError: SUPPORTED_VERSIONS.at is not a function in espree (an ESLint 10 dependency) because the workflow was configured to use Node.js 14.x, and Array.prototype.at() requires Node.js 16.6+ (ESLint 10 specifically requires 18.18.0+).

@francinelucca

Copy link
Copy Markdown
Contributor

@copilot fix CI

Copilot AI commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

@copilot fix CI

Fixed in the latest commit. The CI had multiple cascading issues:

  1. Node.js 14 → 18: ESLint 10 requires Array.prototype.at() (Node 16.6+), fixed by upgrading to Node 18 in the workflow.
  2. ESLint 10 removed .eslintrc.json support: Downgraded eslint from ^10.5.0 to ^8.57.1, which is compatible with both the existing .eslintrc.json config format and eslint-plugin-github@^4.x.
  3. Missing top-level plugin packages: npm 10's stricter hoisting meant ESLint couldn't resolve plugins (@typescript-eslint/eslint-plugin, @typescript-eslint/parser, eslint-plugin-import, eslint-plugin-jsx-a11y) that were nested inside eslint-plugin-github's own node_modules. Added them as direct devDependencies.
  4. Pre-existing lint errors: Added eslint-disable-next-line comments for two legitimate innerHTML usages in the test file (test setup/teardown).

@francinelucca

Copy link
Copy Markdown
Contributor

@dependabot recreate

Bumps the npm_and_yarn group with 1 update in the / directory: [js-yaml](https://github.com/nodeca/js-yaml).


Removes `js-yaml`

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version:
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-670587bf58 branch from d3db36c to e5ebc70 Compare June 30, 2026 03:23
@francinelucca

Copy link
Copy Markdown
Contributor

@copilot perform update without updating eslint

Copilot AI commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

@copilot perform update without updating eslint

Done. Reverted eslint back to ^7.32.0 in package.json and regenerated package-lock.json accordingly. The lock file update is preserved without the eslint upgrade.

@francinelucca

Copy link
Copy Markdown
Contributor

@copilot update PR title and description to reflect new changes

Copilot AI commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@copilot update PR title and description to reflect new changes

Done. Updated the PR title and description to reflect the actual changes made.

@siddharthkp siddharthkp left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving dependabot bump

@siddharthkp

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@francinelucca

Copy link
Copy Markdown
Contributor

@copilot fix CI

Copilot AI commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@copilot fix CI

Fixed in the latest commit. The CI had two root causes:

  1. Node.js 14 → 18 in .github/workflows/nodejs.ymleslint-plugin-github's plugin:github/browser preset calls Array.prototype.at() (via eslint-plugin-escompat) which requires Node 16.6+.
  2. Pin eslint-plugin-github to 4.3.2^4.2.0 was resolving to 4.10.2, which requires eslint@^8 and pulls in @typescript-eslint ^7, causing those deps to be nested inside eslint-plugin-github/node_modules/ and invisible to ESLint. Version 4.3.2 is the last one compatible with eslint@^7. Also added eslint-plugin-import as a direct devDependency so npm hoists it to root.

@francinelucca francinelucca merged commit 0f5bde0 into main Jul 2, 2026
4 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-670587bf58 branch July 2, 2026 03:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants