Skip to content
This repository was archived by the owner on May 29, 2026. It is now read-only.

chore: regenerate package-lock.json to fix quality CI failures#29

Merged
rubenvdlinde merged 1 commit into
developmentfrom
chore/quality-fixes-post-pr28
May 11, 2026
Merged

chore: regenerate package-lock.json to fix quality CI failures#29
rubenvdlinde merged 1 commit into
developmentfrom
chore/quality-fixes-post-pr28

Conversation

@rubenvdlinde

Copy link
Copy Markdown
Contributor

Summary

PR #28 (merge commit 4601d2c) shipped a package-lock.json that was missing 11 transitive dependencies of pinia (the devtools chain, plus a nested @nextcloud/dialogs > pinia entry). As a result, npm ci failed on every quality job in CI run 25665979136, taking down 5 checks at once:

  • quality / Security (npm)
  • quality / Vue Quality (stylelint)
  • quality / License (npm)
  • quality / Vue Quality (eslint)
  • quality / SBOM

All 5 failed at the same step (npm ci), with the same error: Missing: pinia@3.0.4 from lock file plus a list of pinia's transitive deps.

Fix

Regenerated package-lock.json via npm install against the existing package.json (no package.json changes). The 131-line diff adds the missing transitive entries (@vue/devtools-kit, @vue/devtools-shared, copy-anything, is-what, mitt, perfect-debounce, rfdc, speakingurl, superjson, plus a nested pinia under @nextcloud/dialogs).

Test plan

  • npm ci succeeds locally with the new lockfile
  • npm run lint (eslint) passes
  • npm run stylelint passes
  • npm audit --audit-level=high reports 0 high/critical findings (25 low/moderate remain, not blocking)
  • CI green on all 5 previously-failing quality jobs

… deps

PR #28 (merge 4601d2c) shipped a package-lock.json that was missing 11
transitive dependencies of pinia (devtools-kit, devtools-shared, mitt,
perfect-debounce, speakingurl, superjson, copy-anything, is-what,
rfdc, plus a nested @nextcloud/dialogs > pinia entry).

Result: `npm ci` failed on every CI quality job, taking down 5
checks at once (Security npm, License npm, ESLint, Stylelint, SBOM).

Fix: regenerate the lockfile with `npm install` (no package.json
changes). Verified locally:
- `npm ci` now succeeds
- `npm run lint` passes
- `npm run stylelint` passes
- `npm audit --audit-level=high` reports 0 high/critical (25 low/moderate)
@github-actions

Copy link
Copy Markdown
Contributor

Quality Report — ConductionNL/nextcloud-app-template @ cc158bb

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ✅ 427/427
PHPUnit
Newman
Playwright ⏭️

Coverage: 0% (0/3 statements)


Quality workflow — 2026-05-11 11:19 UTC

Download the full PDF report from the workflow artifacts.

@rubenvdlinde rubenvdlinde merged commit 8edce5e into development May 11, 2026
25 checks passed
@rubenvdlinde rubenvdlinde deleted the chore/quality-fixes-post-pr28 branch May 11, 2026 11:27
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant