Skip to content

chore(deps-dev): bump js-yaml from 5.0.0 to 5.1.0, fix agentic workflow tests, and add cost-focus guardrails#3017

Merged
pethers merged 3 commits into
mainfrom
dependabot/npm_and_yarn/development-dependencies-33beca4d61
Jun 23, 2026
Merged

chore(deps-dev): bump js-yaml from 5.0.0 to 5.1.0, fix agentic workflow tests, and add cost-focus guardrails#3017
pethers merged 3 commits into
mainfrom
dependabot/npm_and_yarn/development-dependencies-33beca4d61

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps the development-dependencies group with 1 update: js-yaml.

Updates js-yaml from 5.0.0 to 5.1.0


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Additional Changes

In response to review feedback, this PR also fixes the failing CI checks and completes cost-control settings across the agentic news workflows. The js-yaml bump itself was benign.

Failing checks fixed

  • Both failing jobs (Unit Tests / Vitest and Node.js Nightly Compat) broke on 3 stale test files asserting the bare-local ./.github/actions/news-prewarm action-ref form, while all 14 news-*.md workflows use the SHA-pinned remote form that gh-aw v0.80.9 requires.
  • Updated assertions in news-workflows-imf-secret, news-resolve-inputs, and network-diagnostics to accept both the local and SHA-pinned action-ref forms. Full suite green (7571 passed, 0 failed).

Cost-focus settings (all 14 news workflows)

  • Added root-level max-turns: ${{ vars.NEWS_MAX_TURNS || 300 }} — a runaway-loop turn cap tunable repo-wide from a single variable (previously uncapped).
  • Added per-tier max-ai-credits: opus analysis/forecast/review workflows 3000, sonnet news-translate 2500, codex news-realtime-monitor 1500 (gh-aw requires a numeric literal for this field).
  • Recompiled all 14 .lock.yml files via gh aw compile (0 errors); cost fields verified in the agent-job environment.

Modularisation

  • max-turns is single-sourced via the NEWS_MAX_TURNS repo variable; the shared news-prewarm/news-resolve-inputs composite actions and imported prompts/*.md modules remain the structural sharing mechanism (gh-aw imports: merges prompt body only, not frontmatter, so cost fields live per-workflow).

Testing

  • ✅ Workflow test suites pass (375 tests)
  • ✅ Full Vitest suite passes (7571 passed, 0 failed)
  • ✅ Secret scan clean; CodeQL clean (0 actions alerts)
  • ✅ All 14 workflows recompile with 0 errors

Bumps the development-dependencies group with 1 update: [js-yaml](https://github.com/nodeca/js-yaml).


Updates `js-yaml` from 5.0.0 to 5.1.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.0.0...5.1.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Dependency updates npm labels Jun 23, 2026
Copilot AI review requested due to automatic review settings June 23, 2026 07:24
@dependabot dependabot Bot added dependencies Dependency updates npm labels Jun 23, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@github-actions github-actions Bot added the size-s Small change (10-50 lines) label Jun 23, 2026
@github-actions

Copy link
Copy Markdown
Contributor

🏷️ Automatic Labeling Summary

This PR has been automatically labeled based on the files changed and PR metadata.

Applied Labels: dependencies,size-s,npm

Label Categories

  • 🗳️ Content: news, dashboard, visualization, intelligence
  • 💻 Technology: html-css, javascript, workflow, security
  • 📊 Data: cia-data, riksdag-data, data-pipeline, schema
  • 🌍 I18n: i18n, translation, rtl
  • 🔒 ISMS: isms, iso-27001, nist-csf, cis-controls
  • 🏗️ Infrastructure: ci-cd, deployment, performance, monitoring
  • 🔄 Quality: testing, accessibility, documentation, refactor
  • 🤖 AI: agent, skill, agentic-workflow

For more information, see .github/labeler.yml.

@github-actions

Copy link
Copy Markdown
Contributor

🔍 Lighthouse Performance Audit

Category Score Status
Performance 85/100 🟡
Accessibility 95/100 🟢
Best Practices 90/100 🟢
SEO 95/100 🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

@pethers

pethers commented Jun 23, 2026

Copy link
Copy Markdown
Member

@copilot fix all broken test, fix agentic workflows

failing checks
TypeScript & JavaScript Testing / Node.js Nightly Compat (pull_request)
TypeScript & JavaScript Testing / Node.js Nightly Compat (pull_request)Failing after 5m
TypeScript & JavaScript Testing / Unit Tests (Vitest) (pull_request)
TypeScript & JavaScript Testing / Unit Tests (Vitest) (pull_request)Failing after 5m

use gh-aw skills and add AI credits, max turns and and all other missing specs complete all agentic workflows cost focus settings that are missing and improve moduliisation https://github.com/github/gh-aw/blob/main/docs/src/pages/llms-full.txt.ts

…ing tests)

Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
@github-actions github-actions Bot added testing Test coverage size-m Medium change (50-250 lines) labels Jun 23, 2026
@github-actions

Copy link
Copy Markdown
Contributor

🔍 Lighthouse Performance Audit

Category Score Status
Performance 85/100 🟡
Accessibility 95/100 🟢
Best Practices 90/100 🟢
SEO 95/100 🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

…s agentic workflows

Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
@github-actions github-actions Bot added documentation Documentation updates workflow GitHub Actions workflows ci-cd CI/CD pipeline changes news News articles and content generation agentic-workflow Agentic workflow changes labels Jun 23, 2026

Copilot AI commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

@copilot fix all broken test, fix agentic workflows

failing checks
...

Done in 8aa1c3f (cost settings) and 6bab7a2 (test fixes).

Failing checks — the js-yaml bump was benign; both jobs failed on 3 stale tests asserting the bare-local ./.github/actions/news-prewarm form while all 14 news-*.md use the SHA-pinned remote form (gh-aw v0.80.9 rejects bare-local refs at compile). Updated the assertions in news-workflows-imf-secret, news-resolve-inputs, and network-diagnostics to accept both forms. Full suite now green (7571 passed, 0 failed).

Cost-focus settings — added root-level guardrails to all 14 news workflows and recompiled every .lock.yml:

  • max-turns: ${{ vars.NEWS_MAX_TURNS || 300 }} — runaway-loop cap, tunable repo-wide from one variable (previously uncapped).
  • max-ai-credits per AI-credit tier: opus analysis/forecast/review 3000, sonnet news-translate 2500, codex news-realtime-monitor 1500 (gh-aw rejects expressions for this field, so literals are required).

Modularisationmax-turns is now single-sourced via the NEWS_MAX_TURNS repo variable; the shared news-prewarm/news-resolve-inputs composite actions and the imported prompts/*.md modules remain the structural sharing mechanism (gh-aw imports: merges prompt body only, not frontmatter, so cost fields must live per-workflow). Recompile is via the existing workflow_dispatch compile job — running it in-repo will normalise the composite-action pin SHAs against the live action commit.

@github-actions github-actions Bot added the size-l Large change (250-1000 lines) label Jun 23, 2026
@github-actions

Copy link
Copy Markdown
Contributor

🔍 Lighthouse Performance Audit

Category Score Status
Performance 85/100 🟡
Accessibility 95/100 🟢
Best Practices 90/100 🟢
SEO 95/100 🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

Copilot AI changed the title chore(deps-dev): bump js-yaml from 5.0.0 to 5.1.0 in the development-dependencies group chore(deps-dev): bump js-yaml from 5.0.0 to 5.1.0, fix agentic workflow tests, and add cost-focus guardrails Jun 23, 2026
Copilot AI requested a review from pethers June 23, 2026 08:36
@pethers pethers requested a review from Copilot June 23, 2026 08:42
@pethers pethers merged commit 0a5ebb6 into main Jun 23, 2026
16 of 17 checks passed
@pethers pethers deleted the dependabot/npm_and_yarn/development-dependencies-33beca4d61 branch June 23, 2026 08:44

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agentic-workflow Agentic workflow changes ci-cd CI/CD pipeline changes dependencies Dependency updates documentation Documentation updates news News articles and content generation npm size-l Large change (250-1000 lines) size-m Medium change (50-250 lines) size-s Small change (10-50 lines) testing Test coverage workflow GitHub Actions workflows

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants