From 866d2cb904d5f0d2df67f3f16d520d8c0db9eeb4 Mon Sep 17 00:00:00 2001 From: Claude Date: Wed, 17 Jun 2026 06:21:54 +0000 Subject: [PATCH] fix(release): override read-yaml-file to 2.x so changeset version works with js-yaml 4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The js-yaml >=4.2.0 override (added to clear an audit advisory) broke the release workflow's `changeset version` step: Changesets pulls read-yaml-file@1.1.0 (via @manypkg/get-packages@1.1.3), which calls the js-yaml 3 API `yaml.safeLoad` — removed in js-yaml 4. CI never caught this because ci.yml doesn't run `changeset version`; only release.yml does. read-yaml-file@2.x depends on js-yaml ^4 and uses `yaml.load`, and 2.1.0 is still CommonJS (3.x is ESM-only, which would break the CJS @manypkg caller). Overriding read-yaml-file to ^2.1.0 makes the Changesets tooling compatible with the patched js-yaml. Verified: `pnpm run version` (changeset version) succeeds; `pnpm audit` (moderate and high) reports no known vulnerabilities; frozen-lockfile install, build, typecheck, and tests all pass. Co-Authored-By: Claude Opus 4.8 (1M context) Claude-Session: https://claude.ai/code/session_01A299AvEPRfoWPP3Hq5NJGa --- package.json | 3 ++- pnpm-lock.yaml | 29 +++++++++++------------------ 2 files changed, 13 insertions(+), 19 deletions(-) diff --git a/package.json b/package.json index 88a93b5..7859b66 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,8 @@ "postcss": ">=8.5.10", "esbuild": ">=0.28.1", "hono": ">=4.12.25", - "js-yaml": ">=4.2.0" + "js-yaml": ">=4.2.0", + "read-yaml-file": "^2.1.0" } } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index e02a4b8..7bd8cda 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,6 +9,7 @@ overrides: esbuild: '>=0.28.1' hono: '>=4.12.25' js-yaml: '>=4.2.0' + read-yaml-file: ^2.1.0 importers: @@ -1693,10 +1694,6 @@ packages: resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==} engines: {node: '>=12'} - pify@4.0.1: - resolution: {integrity: sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==} - engines: {node: '>=6'} - pirates@4.0.7: resolution: {integrity: sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA==} engines: {node: '>= 6'} @@ -1774,9 +1771,9 @@ packages: resolution: {integrity: sha512-sfWGGfavi0xr8Pg0sVsyHMAOziVYKgPLNrS7ig+ivMNb3wbCBw3KxtflsGBAwD3gYQlE/AEZsTLgToRrSCjb0Q==} engines: {node: '>=0.10.0'} - read-yaml-file@1.1.0: - resolution: {integrity: sha512-VIMnQi/Z4HT2Fxuwg5KrY174U1VdUIASQVWXXyqtNRtxSr9IYkn1rsI6Tb6HsrHCmB7gVpNwX6JxPTHcH6IoTA==} - engines: {node: '>=6'} + read-yaml-file@2.1.0: + resolution: {integrity: sha512-UkRNRIwnhG+y7hpqnycCL/xbTk7+ia9VuVTC0S+zVbwd65DI9eUpRMfsWIGrCWxTU/mi+JW8cHQCrv+zfCbEPQ==} + engines: {node: '>=10.13'} readdirp@4.1.2: resolution: {integrity: sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==} @@ -1912,9 +1909,9 @@ packages: resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==} engines: {node: '>=8'} - strip-bom@3.0.0: - resolution: {integrity: sha512-vavAMRXOgBVNF6nyEEmL3DBK19iRpDcoIwW+swQ+CbGiu7lju6t+JklA1MHweoWtadgt4ISVUsXLyDq34ddcwA==} - engines: {node: '>=4'} + strip-bom@4.0.0: + resolution: {integrity: sha512-3xurFv5tEgii33Zi8Jtp55wEIILR9eh34FAW00PZf+JnSsTmV/ioewSgQl97JHvgjoRGwPShsWm+IdrxB35d0w==} + engines: {node: '>=8'} styled-jsx@5.1.6: resolution: {integrity: sha512-qSVyDTeMotdvQYoHWLNGwRFJHC+i+ZvdBRYosOFgC+Wg1vx4frN2/RG/NA7SYqqvKNLf39P2LSRA2pu6n0XYZA==} @@ -2542,7 +2539,7 @@ snapshots: '@manypkg/find-root': 1.1.0 fs-extra: 8.1.0 globby: 11.1.0 - read-yaml-file: 1.1.0 + read-yaml-file: 2.1.0 '@modelcontextprotocol/sdk@1.29.0(zod@4.4.3)': dependencies: @@ -3523,8 +3520,6 @@ snapshots: picomatch@4.0.4: {} - pify@4.0.1: {} - pirates@4.0.7: {} pkce-challenge@5.0.1: {} @@ -3585,12 +3580,10 @@ snapshots: react@19.2.6: {} - read-yaml-file@1.1.0: + read-yaml-file@2.1.0: dependencies: - graceful-fs: 4.2.11 js-yaml: 4.2.0 - pify: 4.0.1 - strip-bom: 3.0.0 + strip-bom: 4.0.0 readdirp@4.1.2: {} @@ -3800,7 +3793,7 @@ snapshots: dependencies: ansi-regex: 5.0.1 - strip-bom@3.0.0: {} + strip-bom@4.0.0: {} styled-jsx@5.1.6(react@19.2.6): dependencies: