Chore(deps): Bump the codemirror group with 4 updates#263
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Chore(deps): Bump the codemirror group with 4 updates#263dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the codemirror group with 4 updates: [@codemirror/commands](https://github.com/codemirror/commands), [@codemirror/language](https://github.com/codemirror/language), [@codemirror/state](https://github.com/codemirror/state) and [@codemirror/view](https://github.com/codemirror/view). Updates `@codemirror/commands` from 6.10.3 to 6.10.4 - [Changelog](https://github.com/codemirror/commands/blob/main/CHANGELOG.md) - [Commits](https://github.com/codemirror/commands/commits) Updates `@codemirror/language` from 6.12.3 to 6.12.4 - [Changelog](https://github.com/codemirror/language/blob/main/CHANGELOG.md) - [Commits](https://github.com/codemirror/language/commits) Updates `@codemirror/state` from 6.6.0 to 6.7.0 - [Changelog](https://github.com/codemirror/state/blob/main/CHANGELOG.md) - [Commits](https://github.com/codemirror/state/commits) Updates `@codemirror/view` from 6.43.1 to 6.43.4 - [Changelog](https://github.com/codemirror/view/blob/main/CHANGELOG.md) - [Commits](https://github.com/codemirror/view/commits) --- updated-dependencies: - dependency-name: "@codemirror/commands" dependency-version: 6.10.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: codemirror - dependency-name: "@codemirror/language" dependency-version: 6.12.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: codemirror - dependency-name: "@codemirror/state" dependency-version: 6.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: codemirror - dependency-name: "@codemirror/view" dependency-version: 6.43.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: codemirror ... Signed-off-by: dependabot[bot] <support@github.com>
7 tasks
ymnao
added a commit
that referenced
this pull request
Jul 1, 2026
CI test job で live-preview 系 (tables.test.ts / wikilinks.test.ts) と electron-e2e (image-rendering / mermaid-rendering) が fail。原因は @codemirror/state 6.6→6.7 (or 関連 4 件) + mermaid 11.15→11.16 の Decoration/parser 挙動変化と判定。ローカル vitest 2230 pass は node_modules が 前 install から未更新 (--lockfile-only) だったため、CI で新 version 反映後に regression 発現。 追加見送り: - #263 @codemirror/{commands,language,state,view} を元 version に戻す - #269 mermaid 11.15.0 に戻す (@mermaid-js/parser も 1.1.1 に戻る) 残 combine 対象 (7 件): - #261 actions/cache 5.0.5 → 6.1.0 - #262 electron 42.4.1 → 42.5.0 (実 42.5.1) - #264 vite group (vite 8.1.1 / @vitejs/plugin-react 6.0.3) - #265 @biomejs/biome 2.5.0 → 2.5.1 - #266 @playwright/test 1.61.0 → 1.61.1 - #267 @types/node 26.0.0 → 26.0.1 - #270 js-yaml 5.0.0 → 5.2.0 verify: - biome check clean - typecheck 3 config (web / node / e2e) clean - vitest 2230 pass / 2 skipped Refs #263 (codemirror), #269 (mermaid) — 次回別 PR で対応 (live-preview の Table/FencedCode SyntaxTree 判定 / image widget / mermaid render を新 API に 追従させる必要あり)
ymnao
added a commit
that referenced
this pull request
Jul 2, 2026
…対策込み) d51947e で見送った @codemirror/{commands,language,state,view} (#263) と mermaid (#269) を再 bump。2ba2df6 の CI 失敗 (test 224 assertion + electron-e2e image/mermaid widget) の root cause を特定し根本対策を実施: ## Root cause: @codemirror/language / commands の dual copy 2ba2df6 の lockfile では language@6.12.3 と 6.12.4、commands@6.10.3 と 6.10.4 が共存していた (root は ^6.12.4 を解決、lang-markdown 等の transitive range は pnpm metadata cache の古い packument から 6.12.3 を解決)。 @codemirror package は module-level singleton (StateField / Facet / NodeProp) を含むため、lang-markdown 側 copy が state に入れた `Language.state` field を アプリ側 copy の `syntaxTree()` が引けず常に空 tree になり、FencedCode / Table / Image ノードが見えず live-preview 全域が破綻した (unit 224 fail + e2e image/mermaid widget 消失)。 ローカルで新 4 package を物理単一 copy に差し替えた再現実験では 83/83 pass → 「新 version の API 変化」ではなく「copy 重複」が原因と確定。 ## 対策: pnpm-workspace.yaml overrides を @codemirror 全 direct dep に拡張 state / view のみだった self-ref pin (`$@codemirror/state` 記法) を autocomplete / commands / lang-markdown / language / language-data / search にも拡張し、@codemirror package の単一 version を lockfile レベルで強制。 既存の autocomplete 6.20.2/6.20.3 dual も副次的に解消。 ## 変更内容 - package.json: @codemirror/commands ^6.10.4 / language ^6.12.4 / state ^6.7.0 / view ^6.43.4 / mermaid ^11.16.0 - pnpm-workspace.yaml: overrides 拡張 + incident 記録コメント - pnpm-lock.yaml: fresh regen (rm + CI=true pnpm install --lockfile-only)、 @codemirror 全 package 単一 version を grep で確認済 ## Verify - biome check clean - typecheck 3 config clean (新 CodeMirror .d.ts に対して) - vitest 2230 pass / 2 skipped (新 CodeMirror dist を物理差し替えて実行) - mermaid 11.16 は release notes 上 additive のみ (cynefin-beta 等の新 diagram type 追加)。electron-e2e の mermaid-rendering は CI で最終確認 Refs #263, #269
ymnao
added a commit
that referenced
this pull request
Jul 2, 2026
#274) * chore(deps): dependabot PR 9 件を 1 branch に combine (p-limit #268 除外) 順次 merge を避けて CI 空回りと lockfile conflict を回避する目的で dependabot 9 件を単一 branch に combine。#268 (p-limit 3→7 major) は ESM interop リスクの ため本 batch から除外し次回別 PR で対応。 ## Dependencies (production) - #263 @codemirror/{commands,language,state,view} を group 更新 (6.10.4 / 6.12.4 / 6.7.0 / 6.43.4) - #269 mermaid 11.15.0 → 11.16.0 - #270 js-yaml 5.0.0 → 5.2.0 ## Dev dependencies - #262 electron 42.4.1 → 42.5.0 (実 resolved は 42.5.1、patch 更に進行) - #264 vite group (vite 8.1.1 / @vitejs/plugin-react 6.0.3) - #265 @biomejs/biome 2.5.0 → 2.5.1 - #266 @playwright/test 1.61.0 → 1.61.1 - #267 @types/node 26.0.0 → 26.0.1 ## GitHub Actions - #261 actions/cache 5.0.5 → 6.1.0 (major、v6 は ESM 化のみで workflow consumer 側 input/output API 不変) ## 追加変更 - biome.json を `biome migrate` で 2.5.0 schema へ更新 ($schema URL 2.4.16 → 2.5.0 / `linter.rules.recommended: true` → `preset: "recommended"`) ## p-limit #268 見送り理由 /code-review high の 8 finder のうち 3 finder (line-by-line / removed-behavior / cross-file trace) が同一 mechanism を指摘: - p-limit v7 は ESM only (v4+ で type: "module" 化) - `electron.vite.config.ts:43` の main は `format: "cjs"` + `externalizeDepsPlugin` で p-limit を external 化 → build 後の `require("p-limit")` が Electron 42 同梱 Node 24 の require(esm) 挙動と Electron 独自の require implementation divergent 懸念 + asar 内 resolve 差異の可能性 - 既存の `electron/main/ipc/search.ts:17 pLimit(16)` usage は v3 v7 とも API 不変で benefit なし 対応方針: 次回別 PR で以下を検討: 1. p-limit を main の noExternal (bundle 化) で cjs 内 emit、または 2. p-limit を dynamic import 化 (search.ts の top-level `ioLimit` 廃止)、または 3. 現状の 3.1.0 継続で Dependabot `@dependabot ignore this major version` 指示 ## Verify - biome check clean - typecheck 3 config (web / node / e2e) clean - vitest 2230 pass / 2 skipped - pnpm-lock.yaml fresh regen: `rm pnpm-lock.yaml && CI=true pnpm install --lockfile-only` で「Lockfile passes supply-chain policies (verified 4d ago)」による resolution cache を bypass (実際に importer section の specifier / version が更新される ことを確認済) Closes #261, #262, #263, #264, #265, #266, #267, #269, #270 * fix(deps): CodeMirror + mermaid bump を見送りに戻す CI test job で live-preview 系 (tables.test.ts / wikilinks.test.ts) と electron-e2e (image-rendering / mermaid-rendering) が fail。原因は @codemirror/state 6.6→6.7 (or 関連 4 件) + mermaid 11.15→11.16 の Decoration/parser 挙動変化と判定。ローカル vitest 2230 pass は node_modules が 前 install から未更新 (--lockfile-only) だったため、CI で新 version 反映後に regression 発現。 追加見送り: - #263 @codemirror/{commands,language,state,view} を元 version に戻す - #269 mermaid 11.15.0 に戻す (@mermaid-js/parser も 1.1.1 に戻る) 残 combine 対象 (7 件): - #261 actions/cache 5.0.5 → 6.1.0 - #262 electron 42.4.1 → 42.5.0 (実 42.5.1) - #264 vite group (vite 8.1.1 / @vitejs/plugin-react 6.0.3) - #265 @biomejs/biome 2.5.0 → 2.5.1 - #266 @playwright/test 1.61.0 → 1.61.1 - #267 @types/node 26.0.0 → 26.0.1 - #270 js-yaml 5.0.0 → 5.2.0 verify: - biome check clean - typecheck 3 config (web / node / e2e) clean - vitest 2230 pass / 2 skipped Refs #263 (codemirror), #269 (mermaid) — 次回別 PR で対応 (live-preview の Table/FencedCode SyntaxTree 判定 / image widget / mermaid render を新 API に 追従させる必要あり) * chore(deps): CodeMirror 4 件 + mermaid を再 bump (#263 #269、dual copy 根本対策込み) d51947e で見送った @codemirror/{commands,language,state,view} (#263) と mermaid (#269) を再 bump。2ba2df6 の CI 失敗 (test 224 assertion + electron-e2e image/mermaid widget) の root cause を特定し根本対策を実施: ## Root cause: @codemirror/language / commands の dual copy 2ba2df6 の lockfile では language@6.12.3 と 6.12.4、commands@6.10.3 と 6.10.4 が共存していた (root は ^6.12.4 を解決、lang-markdown 等の transitive range は pnpm metadata cache の古い packument から 6.12.3 を解決)。 @codemirror package は module-level singleton (StateField / Facet / NodeProp) を含むため、lang-markdown 側 copy が state に入れた `Language.state` field を アプリ側 copy の `syntaxTree()` が引けず常に空 tree になり、FencedCode / Table / Image ノードが見えず live-preview 全域が破綻した (unit 224 fail + e2e image/mermaid widget 消失)。 ローカルで新 4 package を物理単一 copy に差し替えた再現実験では 83/83 pass → 「新 version の API 変化」ではなく「copy 重複」が原因と確定。 ## 対策: pnpm-workspace.yaml overrides を @codemirror 全 direct dep に拡張 state / view のみだった self-ref pin (`$@codemirror/state` 記法) を autocomplete / commands / lang-markdown / language / language-data / search にも拡張し、@codemirror package の単一 version を lockfile レベルで強制。 既存の autocomplete 6.20.2/6.20.3 dual も副次的に解消。 ## 変更内容 - package.json: @codemirror/commands ^6.10.4 / language ^6.12.4 / state ^6.7.0 / view ^6.43.4 / mermaid ^11.16.0 - pnpm-workspace.yaml: overrides 拡張 + incident 記録コメント - pnpm-lock.yaml: fresh regen (rm + CI=true pnpm install --lockfile-only)、 @codemirror 全 package 単一 version を grep で確認済 ## Verify - biome check clean - typecheck 3 config clean (新 CodeMirror .d.ts に対して) - vitest 2230 pass / 2 skipped (新 CodeMirror dist を物理差し替えて実行) - mermaid 11.16 は release notes 上 additive のみ (cynefin-beta 等の新 diagram type 追加)。electron-e2e の mermaid-rendering は CI で最終確認 Refs #263, #269
Owner
|
@dependabot close |
Contributor
Author
|
Looks like these dependencies are no longer updatable, so this is no longer needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the codemirror group with 4 updates: @codemirror/commands, @codemirror/language, @codemirror/state and @codemirror/view.
Updates
@codemirror/commandsfrom 6.10.3 to 6.10.4Commits
Updates
@codemirror/languagefrom 6.12.3 to 6.12.4Commits
Updates
@codemirror/statefrom 6.6.0 to 6.7.0Commits
Updates
@codemirror/viewfrom 6.43.1 to 6.43.4Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions