Skip to content

chore(deps-dev): bump js-yaml from 4.2.0 to 5.2.1#1047

Merged
ashleyshaw merged 4 commits into
developfrom
chore/js-yaml-5-migration
Jul 15, 2026
Merged

chore(deps-dev): bump js-yaml from 4.2.0 to 5.2.1#1047
ashleyshaw merged 4 commits into
developfrom
chore/js-yaml-5-migration

Conversation

@ashleyshaw

@ashleyshaw ashleyshaw commented Jul 15, 2026

Copy link
Copy Markdown
Member

Chore Pull Request

Linked issues

Relates to #1036 (superseded — closed; this is a clean re-creation from current develop with the code fix applied).

Summary

Bumps js-yaml from 4.2.0 to 5.2.1 (major version). js-yaml 5.x dropped its default export — it only ships named ESM exports now (load, dump, etc.). This broke every file using import yaml from "js-yaml" with The requested module 'js-yaml' does not provide an export named 'default'.

Changes

  • package.json / package-lock.json: js-yaml 4.2.0 → 5.2.1.
  • 15 files switched from a default import to a namespace import (import * as yaml from "js-yaml" / import * as YAML from "js-yaml"), which resolves the same way in both v4 and v5 since load/dump were always named exports. All 15 files only ever call .load(...).
  • No changes needed for the ~27 files that use require("js-yaml") — js-yaml's CJS build still exports plain exports.load = ... properties, so CommonJS require was never affected by the default-export removal.

Impact / Compatibility

  • Runtime/behaviour changes: None — .load() behaves identically; only the import syntax changed.
  • Build/dev-experience impact: None.

Verification

  • CI passes
  • Local build and smoke tests
  • Docs updated if developer-facing

Risk & Rollback

  • Risk level: Low
  • Rollback plan: revert commit.

Changelog

Fixed

  • Fixed js-yaml 5.x compatibility — 15 files using import yaml from "js-yaml" broke on the removed default export; switched to namespace imports.

Changed

  • Bumped js-yaml 4.2.0 → 5.2.1.

Checklist (Global DoD / PR)

  • All AC met and demonstrated
  • Tests added/updated (unit/E2E as appropriate)
  • Accessibility checklist completed (where relevant): N/A — no UI/markup changes in this PR
    • Semantic HTML and heading order verified (N/A)
    • Keyboard navigation and visible focus states verified (N/A)
    • ARIA used only where needed (N/A)
    • Contrast and non-colour cues reviewed (N/A)
  • Docs/readme/changelog updated (if user-facing)
  • Security checklist completed (where relevant): reviewed, no user-facing input/output paths touched
    • Untrusted input validated and sanitised (N/A)
    • Output escaped for its rendering context (N/A)
    • Privileged actions enforce nonce and capability checks (N/A)
    • No secrets/sensitive data introduced; OWASP risks reviewed
  • Code/design reviews approved
  • CI green; linked issues closed; release notes prepared (if shipping)

🤖 Generated with Claude Code

js-yaml 5.x dropped its default export (it only ships named ESM
exports now: load, dump, etc. — no `export default`). This broke
every file using `import yaml from "js-yaml"` with
"The requested module 'js-yaml' does not provide an export named
'default'".

Fixes all 15 affected files by switching to a namespace import
(`import * as yaml from "js-yaml"`), which resolves the same way in
both v4 and v5 since `load`/`dump` were always named exports. CJS
`require("js-yaml")` call sites are unaffected — js-yaml's CJS build
still exports plain `exports.load = ...` properties, so there's no
default-export dependency there.

Verified: npm ci, npm run lint:js (0 errors), npm run test:js
(668/668 passing, including the check-template-labels.js suite that
was the original blocker for this bump).
@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

@ashleyshaw, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 25 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: cfe054bf-eb5f-45c7-9df7-859e0a6abfda

📥 Commits

Reviewing files that changed from the base of the PR and between 5bf7976 and e7f9dd7.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (17)
  • .github/metrics/frontmatter-metrics.js
  • .github/scripts/validate-footers.js
  • CHANGELOG.md
  • package.json
  • scripts/agents/branding-unified.agent.js
  • scripts/agents/branding.agent.js
  • scripts/agents/includes/badges.js
  • scripts/agents/includes/check-template-labels.js
  • scripts/agents/includes/header-footer.js
  • scripts/agents/includes/label-lookup.js
  • scripts/agents/includes/label-sync.js
  • scripts/agents/includes/labeler-utils.js
  • scripts/agents/labeling.agent.js
  • scripts/agents/meta.agent.js
  • scripts/audit-branding-patterns.js
  • scripts/remediation-wave-4f.js
  • scripts/validation/validate-agents.js
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/js-yaml-5-migration

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

✅ Template check passed after update. Thanks for fixing the PR description.

@github-actions github-actions Bot added status:needs-review Awaiting code review type:chore Chore / small hygiene change priority:normal Default priority area:labels Label governance and routing area:dependencies Composer/npm dependency work area:scripts Scripts & tooling labels Jul 15, 2026

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request upgrades the js-yaml dependency from version ^4.2.0 to ^5.2.1 in package.json and package-lock.json. To accommodate this upgrade, the import statements for js-yaml have been updated from default imports to namespace imports (import * as yaml from "js-yaml") across various scripts and GitHub Action utilities. There are no review comments, and I have no additional feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

@github-actions github-actions Bot added lang:js JavaScript/TypeScript lang:json JSON config/content meta:needs-changelog Requires a changelog entry before merge labels Jul 15, 2026
@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

🔍 Reviewer Summary for PR #1047

CI Status:success
Files changed: 18
Risk Distribution: 0 critical, 3 high, 0 medium, 15 low

Recommendations

  • Ready to proceed pending human review

@github-actions

Copy link
Copy Markdown
Contributor

Metadata governance

@github-actions github-actions Bot added area:documentation Docs & guides lang:md Markdown content/docs labels Jul 15, 2026
@ashleyshaw
ashleyshaw merged commit 51c1cf6 into develop Jul 15, 2026
27 checks passed
@ashleyshaw
ashleyshaw deleted the chore/js-yaml-5-migration branch July 15, 2026 20:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:dependencies Composer/npm dependency work area:documentation Docs & guides area:labels Label governance and routing area:scripts Scripts & tooling lang:js JavaScript/TypeScript lang:json JSON config/content lang:md Markdown content/docs meta:needs-changelog Requires a changelog entry before merge priority:normal Default priority status:needs-review Awaiting code review type:chore Chore / small hygiene change

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant