Skip to content

Pin npm plugin dependency versions#511

Merged
yeelali14 merged 1 commit intodevelopfrom
pin-npm-plugin-dependencies
Apr 3, 2026
Merged

Pin npm plugin dependency versions#511
yeelali14 merged 1 commit intodevelopfrom
pin-npm-plugin-dependencies

Conversation

@ariel-linearb
Copy link
Copy Markdown
Contributor

@ariel-linearb ariel-linearb commented Apr 3, 2026
edited by linearb bot
Loading

Summary

  • Pin moment@2.30.1, lodash@4.18.1, and axios@1.14.0 in the action's plugin dependency install step
  • Prevents unexpected breakage from unpinned packages resolving to new major/minor versions

Test plan

  • Verify gitStream action runs successfully with pinned versions
  • Confirm plugin dependencies install without errors

🤖 Generated with Claude Code

✨ PR Description

Purpose: Pin npm plugin dependency versions to specific releases to ensure reproducible builds and prevent breaking changes from automatic updates.

Main changes:

  • Locked moment dependency to version 2.30.1, lodash to 4.18.1, and axios to 1.14.0
  • Maintained existing @octokit/rest version pin at 20.1.1 for consistency
  • Changed from floating version resolution to explicit version pinning for build stability

Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Description using Guidelines Learn how

@ariel-linearb @claude
Pin npm plugin dependency versions in action.yml
170d61c 
Pin moment, lodash, and axios to specific versions to ensure
reproducible builds and prevent unexpected breakage from new releases.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
orca-security-us[bot]
orca-security-us bot reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown

@orca-security-us orca-security-us bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Orca Security Scan Summary

Status Check Issues by priority
Passed Passed Infrastructure as Code high 0   medium 0   low 0   info 0 View in Orca
Passed Passed OSS Licenses high 0   medium 0   low 0   info 0 View in Orca
Passed Passed SAST high 0   medium 0   low 0   info 0 View in Orca
Passed Passed Secrets high 0   medium 0   low 0   info 0 View in Orca
Passed Passed Vulnerabilities high 0   medium 0   low 0   info 0 View in Orca

linearb[bot]
linearb bot reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown

@linearb linearb bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✨ PR Review

Agentic review
Pinning npm plugin dependency versions flags a critical issue: non-existent package versions will silently break plugin installs—changes required.

1 issues detected:

🐞 Bug - Multiple non-existent npm versions pinned, silently breaking plugin installs

Details: Three of four npm versions pinned in action.yml:123 don't exist in the npm registry (lodash@4.18.1, moment@2.30.1, axios@1.14.0), causing npm i to fail silently due to continue-on-error: true. Downstream steps requiring these packages will crash at runtime with "module not found" errors instead of failing immediately at install time. Correct the versions (e.g., lodash@4.17.21, moment@2.29.4, axios@1.7.7) or remove the continue-on-error flag to surface install failures early.
File: action.yml (123-123)

Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Review using Guidelines Learn how

@yeelali14 yeelali14 added the auto-deploy when exists in PR, will auto make release and auto deploy to prod label Apr 3, 2026
yeelali14
yeelali14 approved these changes Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@yeelali14 yeelali14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yeelali14 yeelali14 merged commit 9552749 into develop Apr 3, 2026
14 checks passed
@yeelali14 yeelali14 deleted the pin-npm-plugin-dependencies branch April 3, 2026 21:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@orca-security-us orca-security-us[bot] orca-security-us[bot] left review comments

@linearb linearb[bot] linearb[bot] left review comments

@yeelali14 yeelali14 yeelali14 approved these changes

@EladKohavi EladKohavi Awaiting requested review from EladKohavi

Assignees

No one assigned

Labels

1 min review auto-deploy when exists in PR, will auto make release and auto deploy to prod 🤖 Claude Code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ariel-linearb @yeelali14