fix: pin @uiw/codemirror-extensions-langs to 4.25.1 to fix production build#12829
Merged
fix: pin @uiw/codemirror-extensions-langs to 4.25.1 to fix production build#12829
Conversation
DeJeune
approved these changes
Feb 9, 2026
5 tasks
GeorgeDong32
approved these changes
Feb 9, 2026
6 tasks
GeorgeDong32
pushed a commit
that referenced
this pull request
Mar 3, 2026
### What this PR does Before this PR: `@uiw/codemirror-extensions-langs`, `@uiw/codemirror-themes-all`, and `@uiw/react-codemirror` were pinned at version 4.25.1 to work around a phantom dependency issue. After this PR: - All three `@uiw/codemirror-*` packages are upgraded to 4.25.7 with exact version pinning (no `^` prefix). The phantom dependency issue has been resolved upstream, making this upgrade safe. - Added `@codemirror/state` to `pnpm.overrides` to resolve version duplication, and updated the overrides for `@codemirror/view`, `@codemirror/language`, and `@codemirror/lint` to their latest versions. Fixes #12829 ### Why we need it and why it was done in this way The following tradeoffs were made: - Exact version pinning (removing `^`) is used to prevent unexpected automatic upgrades that could reintroduce dependency issues. - `pnpm.overrides` is used to enforce a single version of each `@codemirror/*` core package across the entire dependency tree. Without this, multiple versions coexist due to different sub-dependencies resolving independently, which causes TypeScript errors because CodeMirror uses private class properties for nominal typing. - After the update, `@codemirror/state` has multiple dependency versions (6.5.3 and 6.5.4 coexisting), which declare different types for the same type name, causing TypeScript errors. Therefore, an override was added for this dependency. The following alternatives were considered: - Using `^4.25.7` (range specifier) was considered but rejected in favor of exact pinning for more predictable dependency resolution. - Considered removing the override, but dependency analysis is difficult to handle because the previous override has already left a fixed version in the lock file. Deleting the lock file and regenerating it would cause extensive changes. Links to places where the discussion took place: - #12829 — original issue that pinned versions to 4.25.1 - #13133 — also referenced the phantom dependency problem - uiwjs/react-codemirror#760 ### Breaking changes None. ### Special notes for your reviewer The `@codemirror/*` override versions are updated as follows: | Package | Old | New | |---|---|---| | `@codemirror/state` | _(none)_ | 6.5.4 | | `@codemirror/view` | 6.38.1 | 6.39.16 | | `@codemirror/language` | 6.11.3 | 6.12.2 | | `@codemirror/lint` | 6.8.5 | 6.9.5 | ### Checklist - [x] PR: The PR description is expressive enough and will help future contributors - [x] Code: [Write code that humans can understand](https://en.wikiquote.org/wiki/Martin_Fowler#code-for-humans) and [Keep it simple](https://en.wikipedia.org/wiki/KISS_principle) - [x] Refactor: You have [left the code cleaner than you found it (Boy Scout Rule)](https://learning.oreilly.com/library/view/97-things-every/9780596809515/ch08.html) - [x] Upgrade: Impact of this change on upgrade flows was considered and addressed if required - [ ] Documentation: A [user-guide update](https://docs.cherry-ai.com) was considered and is present (link) or not required. Check this only when the PR introduces or changes a user-facing feature or behavior. - [ ] Self-review: I have reviewed my own code (e.g., via [`/gh-pr-review`](/.claude/skills/gh-pr-review/SKILL.md), `gh pr diff`, or GitHub UI) before requesting review from others ### Release note ```release-note NONE ```
EurFelux
added a commit
that referenced
this pull request
Mar 3, 2026
### What this PR does Before this PR: `@uiw/codemirror-extensions-langs`, `@uiw/codemirror-themes-all`, and `@uiw/react-codemirror` were pinned at version 4.25.1 to work around a phantom dependency issue. After this PR: - All three `@uiw/codemirror-*` packages are upgraded to 4.25.7 with exact version pinning (no `^` prefix). The phantom dependency issue has been resolved upstream, making this upgrade safe. - Added `@codemirror/state` to `pnpm.overrides` to resolve version duplication, and updated the overrides for `@codemirror/view`, `@codemirror/language`, and `@codemirror/lint` to their latest versions. Fixes #12829 ### Why we need it and why it was done in this way The following tradeoffs were made: - Exact version pinning (removing `^`) is used to prevent unexpected automatic upgrades that could reintroduce dependency issues. - `pnpm.overrides` is used to enforce a single version of each `@codemirror/*` core package across the entire dependency tree. Without this, multiple versions coexist due to different sub-dependencies resolving independently, which causes TypeScript errors because CodeMirror uses private class properties for nominal typing. - After the update, `@codemirror/state` has multiple dependency versions (6.5.3 and 6.5.4 coexisting), which declare different types for the same type name, causing TypeScript errors. Therefore, an override was added for this dependency. The following alternatives were considered: - Using `^4.25.7` (range specifier) was considered but rejected in favor of exact pinning for more predictable dependency resolution. - Considered removing the override, but dependency analysis is difficult to handle because the previous override has already left a fixed version in the lock file. Deleting the lock file and regenerating it would cause extensive changes. Links to places where the discussion took place: - #12829 — original issue that pinned versions to 4.25.1 - #13133 — also referenced the phantom dependency problem - uiwjs/react-codemirror#760 ### Breaking changes None. ### Special notes for your reviewer The `@codemirror/*` override versions are updated as follows: | Package | Old | New | |---|---|---| | `@codemirror/state` | _(none)_ | 6.5.4 | | `@codemirror/view` | 6.38.1 | 6.39.16 | | `@codemirror/language` | 6.11.3 | 6.12.2 | | `@codemirror/lint` | 6.8.5 | 6.9.5 | ### Checklist - [x] PR: The PR description is expressive enough and will help future contributors - [x] Code: [Write code that humans can understand](https://en.wikiquote.org/wiki/Martin_Fowler#code-for-humans) and [Keep it simple](https://en.wikipedia.org/wiki/KISS_principle) - [x] Refactor: You have [left the code cleaner than you found it (Boy Scout Rule)](https://learning.oreilly.com/library/view/97-things-every/9780596809515/ch08.html) - [x] Upgrade: Impact of this change on upgrade flows was considered and addressed if required - [ ] Documentation: A [user-guide update](https://docs.cherry-ai.com) was considered and is present (link) or not required. Check this only when the PR introduces or changes a user-facing feature or behavior. - [ ] Self-review: I have reviewed my own code (e.g., via [`/gh-pr-review`](/.claude/skills/gh-pr-review/SKILL.md), `gh pr diff`, or GitHub UI) before requesting review from others ### Release note ```release-note NONE ```
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does
Before this PR:
pnpm start(production build) fails with:After this PR:
Production build works correctly by pinning
@uiw/codemirror-extensions-langsto4.25.1.Why we need it and why it was done in this way
Versions 4.25.2+ of
@uiw/codemirror-extensions-langsintroduced phantom dependencies — the package directly imports@codemirror/lang-cpp,@codemirror/lang-css, etc., but does not declare them in its owndependencies. It only declares@codemirror/language-data(which transitively depends on these packages). Under pnpm's strict dependency isolation, these transitive dependencies are not accessible, causing Rolldown to fail during production builds.This is a known upstream issue: uiwjs/react-codemirror#754
The following tradeoffs were made:
4.25.1(removed^prefix) to prevent pnpm from auto-upgrading to broken versions.The following alternatives were considered:
public-hoist-pattern[]=@codemirror/*to.npmrc— works but loosens pnpm isolation unnecessarily.pnpm.packageExtensionsto patch the upstream package — would require listing ~20 individual@codemirror/lang-*packages.Breaking changes
None.
Special notes for your reviewer
pnpm devwas not affected because Vite's dev server uses optimizeDeps pre-bundling which resolves dependencies more permissively.pnpm start/electron-vite preview) was broken.^.Checklist
Release note