Skip to content

chore(deps): resync package-lock.json + yarn.lock with eslint 10 (unblock CI installs)#2402

Open
pythonstrup wants to merge 2 commits into
affaan-m:mainfrom
pythonstrup:chore/sync-lockfile-eslint10
Open

chore(deps): resync package-lock.json + yarn.lock with eslint 10 (unblock CI installs)#2402
pythonstrup wants to merge 2 commits into
affaan-m:mainfrom
pythonstrup:chore/sync-lockfile-eslint10

Conversation

@pythonstrup

@pythonstrup pythonstrup commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

What Changed

Resyncs both Node lockfiles with package.json so main's CI can install again. Two commits:

  1. package-lock.json — regenerated to match the dependabot eslint ^10.6.0 bump.
  2. yarn.lock — regenerated in Yarn 4 format (it was still Yarn 1 classic).

Why

After the dependabot batch, package.json declares eslint@^10.6.0, but the lockfiles were stale, so every install-time CI job fails on main and on every open PR:

  • npm (Lint, Validate Components, Security Scan, Coverage, npm test cells):
    npm error code EUSAGE … Invalid: lock file's eslint@9.39.2 does not satisfy eslint@10.6.0
    
  • yarn (every yarn test cell): the repo pins packageManager: yarn@4.9.2, but yarn.lock was still Yarn 1 classic (v1) format, so corepack Yarn 4 in hardened/immutable mode fails:
    YN0028: The lockfile would have been modified by this install, which is explicitly forbidden.
    

Fix

  • npm install --package-lock-onlynpm ci --ignore-scripts --dry-run resolves cleanly (eslint → 10.6.0).
  • yarn@4.9.2 install --mode update-lockfileyarn.lock is now Yarn 4 (__metadata v8); yarn@4.9.2 install --immutable passes (no YN0028).

Lockfiles only — no package.json, source, or config edits.

Verified locally

  • npm ci --ignore-scripts --dry-run — resolves (eslint 10.6.0).
  • yarn@4.9.2 install --immutable — passes (no YN0028).
  • Confirmed live on this PR's earlier push: Lint, Validate Components, Security Scan, Coverage, and the ubuntu/macOS npm test cells went green with the package-lock commit alone.

Out of scope

  • pnpm / bun lockfiles and the Windows-only test cells fail for unrelated reasons (not lockfile drift); and Python Tests fails on a missing PyYAML. Those need separate fixes.

Type of Change

  • chore(deps): — CI/build unblock

🤖 Generated with Claude Code

The dependabot batch bumped eslint to ^10.6.0 in package.json but
package-lock.json still pinned eslint@9.39.2 (+ its @eslint/* deps), so
'npm ci' fails with EUSAGE on every CI job (Lint, Validate, Security,
Coverage, and the npm test cells) before any step runs.

Regenerate the lockfile with 'npm install --package-lock-only' so it
matches package.json. 'npm ci --ignore-scripts --dry-run' now resolves
cleanly (eslint 10.6.0). npm-native change only; no source edits.
@pythonstrup pythonstrup requested a review from affaan-m as a code owner June 30, 2026 06:53
@greptile-apps

greptile-apps Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

No reviewable files after applying ignore patterns.

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (2)
  • package-lock.json is excluded by !**/package-lock.json
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 71e0961c-6044-4bb3-a8bd-f7ba6e59e59c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

…ells)

The repo pins packageManager yarn@4.9.2, but yarn.lock was still in Yarn 1
classic (v1) format. CI runs corepack Yarn 4 in hardened/immutable mode, so
every yarn test cell failed with:

  YN0028: The lockfile would have been modified by this install, which is
  explicitly forbidden.

Regenerate with 'yarn@4.9.2 install --mode update-lockfile' — yarn.lock is now
Yarn 4 format (__metadata v8) and picks up eslint 10.6.0. Verified with
'yarn@4.9.2 install --immutable' (passes, no YN0028). yarn.lock-only change.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant