Skip to content

Chore(deps): Bump the codemirror group with 4 updates#263

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/codemirror-c0e5eb77c0
Closed

Chore(deps): Bump the codemirror group with 4 updates#263
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/codemirror-c0e5eb77c0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the codemirror group with 4 updates: @codemirror/commands, @codemirror/language, @codemirror/state and @codemirror/view.

Updates @codemirror/commands from 6.10.3 to 6.10.4

Commits

Updates @codemirror/language from 6.12.3 to 6.12.4

Commits

Updates @codemirror/state from 6.6.0 to 6.7.0

Commits

Updates @codemirror/view from 6.43.1 to 6.43.4

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the codemirror group with 4 updates: [@codemirror/commands](https://github.com/codemirror/commands), [@codemirror/language](https://github.com/codemirror/language), [@codemirror/state](https://github.com/codemirror/state) and [@codemirror/view](https://github.com/codemirror/view).


Updates `@codemirror/commands` from 6.10.3 to 6.10.4
- [Changelog](https://github.com/codemirror/commands/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/commands/commits)

Updates `@codemirror/language` from 6.12.3 to 6.12.4
- [Changelog](https://github.com/codemirror/language/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/language/commits)

Updates `@codemirror/state` from 6.6.0 to 6.7.0
- [Changelog](https://github.com/codemirror/state/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/state/commits)

Updates `@codemirror/view` from 6.43.1 to 6.43.4
- [Changelog](https://github.com/codemirror/view/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/view/commits)

---
updated-dependencies:
- dependency-name: "@codemirror/commands"
  dependency-version: 6.10.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: codemirror
- dependency-name: "@codemirror/language"
  dependency-version: 6.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: codemirror
- dependency-name: "@codemirror/state"
  dependency-version: 6.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: codemirror
- dependency-name: "@codemirror/view"
  dependency-version: 6.43.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: codemirror
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
ymnao added a commit that referenced this pull request Jul 1, 2026
CI test job で live-preview 系 (tables.test.ts / wikilinks.test.ts) と
electron-e2e (image-rendering / mermaid-rendering) が fail。原因は
@codemirror/state 6.6→6.7 (or 関連 4 件) + mermaid 11.15→11.16 の
Decoration/parser 挙動変化と判定。ローカル vitest 2230 pass は node_modules が
前 install から未更新 (--lockfile-only) だったため、CI で新 version 反映後に
regression 発現。

追加見送り:
- #263 @codemirror/{commands,language,state,view} を元 version に戻す
- #269 mermaid 11.15.0 に戻す (@mermaid-js/parser も 1.1.1 に戻る)

残 combine 対象 (7 件):
- #261 actions/cache 5.0.5 → 6.1.0
- #262 electron 42.4.1 → 42.5.0 (実 42.5.1)
- #264 vite group (vite 8.1.1 / @vitejs/plugin-react 6.0.3)
- #265 @biomejs/biome 2.5.0 → 2.5.1
- #266 @playwright/test 1.61.0 → 1.61.1
- #267 @types/node 26.0.0 → 26.0.1
- #270 js-yaml 5.0.0 → 5.2.0

verify:
- biome check clean
- typecheck 3 config (web / node / e2e) clean
- vitest 2230 pass / 2 skipped

Refs #263 (codemirror), #269 (mermaid) — 次回別 PR で対応 (live-preview の
Table/FencedCode SyntaxTree 判定 / image widget / mermaid render を新 API に
追従させる必要あり)
ymnao added a commit that referenced this pull request Jul 2, 2026
…対策込み)

d51947e で見送った @codemirror/{commands,language,state,view} (#263) と
mermaid (#269) を再 bump。2ba2df6 の CI 失敗 (test 224 assertion +
electron-e2e image/mermaid widget) の root cause を特定し根本対策を実施:

## Root cause: @codemirror/language / commands の dual copy

2ba2df6 の lockfile では language@6.12.3 と 6.12.4、commands@6.10.3 と
6.10.4 が共存していた (root は ^6.12.4 を解決、lang-markdown 等の
transitive range は pnpm metadata cache の古い packument から 6.12.3 を解決)。

@codemirror package は module-level singleton (StateField / Facet / NodeProp)
を含むため、lang-markdown 側 copy が state に入れた `Language.state` field を
アプリ側 copy の `syntaxTree()` が引けず常に空 tree になり、FencedCode /
Table / Image ノードが見えず live-preview 全域が破綻した
(unit 224 fail + e2e image/mermaid widget 消失)。

ローカルで新 4 package を物理単一 copy に差し替えた再現実験では
83/83 pass → 「新 version の API 変化」ではなく「copy 重複」が原因と確定。

## 対策: pnpm-workspace.yaml overrides を @codemirror 全 direct dep に拡張

state / view のみだった self-ref pin (`$@codemirror/state` 記法) を
autocomplete / commands / lang-markdown / language / language-data / search
にも拡張し、@codemirror package の単一 version を lockfile レベルで強制。
既存の autocomplete 6.20.2/6.20.3 dual も副次的に解消。

## 変更内容

- package.json: @codemirror/commands ^6.10.4 / language ^6.12.4 /
  state ^6.7.0 / view ^6.43.4 / mermaid ^11.16.0
- pnpm-workspace.yaml: overrides 拡張 + incident 記録コメント
- pnpm-lock.yaml: fresh regen (rm + CI=true pnpm install --lockfile-only)、
  @codemirror 全 package 単一 version を grep で確認済

## Verify

- biome check clean
- typecheck 3 config clean (新 CodeMirror .d.ts に対して)
- vitest 2230 pass / 2 skipped (新 CodeMirror dist を物理差し替えて実行)
- mermaid 11.16 は release notes 上 additive のみ (cynefin-beta 等の新
  diagram type 追加)。electron-e2e の mermaid-rendering は CI で最終確認

Refs #263, #269
ymnao added a commit that referenced this pull request Jul 2, 2026
#274)

* chore(deps): dependabot PR 9 件を 1 branch に combine (p-limit #268 除外)

順次 merge を避けて CI 空回りと lockfile conflict を回避する目的で dependabot
9 件を単一 branch に combine。#268 (p-limit 3→7 major) は ESM interop リスクの
ため本 batch から除外し次回別 PR で対応。

## Dependencies (production)

- #263 @codemirror/{commands,language,state,view} を group 更新
  (6.10.4 / 6.12.4 / 6.7.0 / 6.43.4)
- #269 mermaid 11.15.0 → 11.16.0
- #270 js-yaml 5.0.0 → 5.2.0

## Dev dependencies

- #262 electron 42.4.1 → 42.5.0 (実 resolved は 42.5.1、patch 更に進行)
- #264 vite group (vite 8.1.1 / @vitejs/plugin-react 6.0.3)
- #265 @biomejs/biome 2.5.0 → 2.5.1
- #266 @playwright/test 1.61.0 → 1.61.1
- #267 @types/node 26.0.0 → 26.0.1

## GitHub Actions

- #261 actions/cache 5.0.5 → 6.1.0 (major、v6 は ESM 化のみで workflow
  consumer 側 input/output API 不変)

## 追加変更

- biome.json を `biome migrate` で 2.5.0 schema へ更新
  ($schema URL 2.4.16 → 2.5.0 / `linter.rules.recommended: true` →
  `preset: "recommended"`)

## p-limit #268 見送り理由

/code-review high の 8 finder のうち 3 finder (line-by-line / removed-behavior /
cross-file trace) が同一 mechanism を指摘:

- p-limit v7 は ESM only (v4+ で type: "module" 化)
- `electron.vite.config.ts:43` の main は `format: "cjs"` + `externalizeDepsPlugin`
  で p-limit を external 化 → build 後の `require("p-limit")` が Electron 42
  同梱 Node 24 の require(esm) 挙動と Electron 独自の require implementation
  divergent 懸念 + asar 内 resolve 差異の可能性
- 既存の `electron/main/ipc/search.ts:17 pLimit(16)` usage は v3 v7 とも
  API 不変で benefit なし

対応方針: 次回別 PR で以下を検討:
1. p-limit を main の noExternal (bundle 化) で cjs 内 emit、または
2. p-limit を dynamic import 化 (search.ts の top-level `ioLimit` 廃止)、または
3. 現状の 3.1.0 継続で Dependabot `@dependabot ignore this major version` 指示

## Verify

- biome check clean
- typecheck 3 config (web / node / e2e) clean
- vitest 2230 pass / 2 skipped
- pnpm-lock.yaml fresh regen: `rm pnpm-lock.yaml && CI=true pnpm install --lockfile-only`
  で「Lockfile passes supply-chain policies (verified 4d ago)」による resolution
  cache を bypass (実際に importer section の specifier / version が更新される
  ことを確認済)

Closes #261, #262, #263, #264, #265, #266, #267, #269, #270

* fix(deps): CodeMirror + mermaid bump を見送りに戻す

CI test job で live-preview 系 (tables.test.ts / wikilinks.test.ts) と
electron-e2e (image-rendering / mermaid-rendering) が fail。原因は
@codemirror/state 6.6→6.7 (or 関連 4 件) + mermaid 11.15→11.16 の
Decoration/parser 挙動変化と判定。ローカル vitest 2230 pass は node_modules が
前 install から未更新 (--lockfile-only) だったため、CI で新 version 反映後に
regression 発現。

追加見送り:
- #263 @codemirror/{commands,language,state,view} を元 version に戻す
- #269 mermaid 11.15.0 に戻す (@mermaid-js/parser も 1.1.1 に戻る)

残 combine 対象 (7 件):
- #261 actions/cache 5.0.5 → 6.1.0
- #262 electron 42.4.1 → 42.5.0 (実 42.5.1)
- #264 vite group (vite 8.1.1 / @vitejs/plugin-react 6.0.3)
- #265 @biomejs/biome 2.5.0 → 2.5.1
- #266 @playwright/test 1.61.0 → 1.61.1
- #267 @types/node 26.0.0 → 26.0.1
- #270 js-yaml 5.0.0 → 5.2.0

verify:
- biome check clean
- typecheck 3 config (web / node / e2e) clean
- vitest 2230 pass / 2 skipped

Refs #263 (codemirror), #269 (mermaid) — 次回別 PR で対応 (live-preview の
Table/FencedCode SyntaxTree 判定 / image widget / mermaid render を新 API に
追従させる必要あり)

* chore(deps): CodeMirror 4 件 + mermaid を再 bump (#263 #269、dual copy 根本対策込み)

d51947e で見送った @codemirror/{commands,language,state,view} (#263) と
mermaid (#269) を再 bump。2ba2df6 の CI 失敗 (test 224 assertion +
electron-e2e image/mermaid widget) の root cause を特定し根本対策を実施:

## Root cause: @codemirror/language / commands の dual copy

2ba2df6 の lockfile では language@6.12.3 と 6.12.4、commands@6.10.3 と
6.10.4 が共存していた (root は ^6.12.4 を解決、lang-markdown 等の
transitive range は pnpm metadata cache の古い packument から 6.12.3 を解決)。

@codemirror package は module-level singleton (StateField / Facet / NodeProp)
を含むため、lang-markdown 側 copy が state に入れた `Language.state` field を
アプリ側 copy の `syntaxTree()` が引けず常に空 tree になり、FencedCode /
Table / Image ノードが見えず live-preview 全域が破綻した
(unit 224 fail + e2e image/mermaid widget 消失)。

ローカルで新 4 package を物理単一 copy に差し替えた再現実験では
83/83 pass → 「新 version の API 変化」ではなく「copy 重複」が原因と確定。

## 対策: pnpm-workspace.yaml overrides を @codemirror 全 direct dep に拡張

state / view のみだった self-ref pin (`$@codemirror/state` 記法) を
autocomplete / commands / lang-markdown / language / language-data / search
にも拡張し、@codemirror package の単一 version を lockfile レベルで強制。
既存の autocomplete 6.20.2/6.20.3 dual も副次的に解消。

## 変更内容

- package.json: @codemirror/commands ^6.10.4 / language ^6.12.4 /
  state ^6.7.0 / view ^6.43.4 / mermaid ^11.16.0
- pnpm-workspace.yaml: overrides 拡張 + incident 記録コメント
- pnpm-lock.yaml: fresh regen (rm + CI=true pnpm install --lockfile-only)、
  @codemirror 全 package 単一 version を grep で確認済

## Verify

- biome check clean
- typecheck 3 config clean (新 CodeMirror .d.ts に対して)
- vitest 2230 pass / 2 skipped (新 CodeMirror dist を物理差し替えて実行)
- mermaid 11.16 は release notes 上 additive のみ (cynefin-beta 等の新
  diagram type 追加)。electron-e2e の mermaid-rendering は CI で最終確認

Refs #263, #269
@ymnao

ymnao commented Jul 2, 2026

Copy link
Copy Markdown
Owner

@dependabot close

@dependabot @github

dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 2, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/codemirror-c0e5eb77c0 branch July 2, 2026 02:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant