2 min read

EmDashのバージョンアップ(失敗20260421)

アップデート失敗した。plugin-formsは必須なのに0.6.0未対応

いまのバージョンはv0.6.0

2026/04/21時点のEmDashのバージョンは0.6.0。

セットアップしたEmDashのバージョンは0.4.0なのでアップデートする。

nodejsなどは理解できてないレベルなので、都度確認して作業を進めた。

結果的にアップデートは失敗しているため、失敗した作業ログとして残す

作業を進める

package.jsonをアップデート

$ npx -p npm-check-updates -c "ncu -u"
Upgrading /home/u2404/emdash-20260419/package.json
[====================] 12/12 100%

 @astrojs/check                    ^0.9.7  →         ^0.9.8
 @astrojs/cloudflare              ^13.1.7  →       ^13.1.10
 @astrojs/react                    ^5.0.0  →         ^5.0.3
 @cloudflare/workers-types  ^4.20260305.1  →  ^4.20260421.1
 @emdash-cms/cloudflare            ^0.4.0  →         ^0.6.0
 astro                             ^6.0.1  →         ^6.1.8
 emdash                            ^0.4.0  →         ^0.6.0
 react                             19.2.4  →         19.2.5
 react-dom                         19.2.4  →         19.2.5
 wrangler                         ^4.80.0  →        ^4.84.0

Run npm install to install new versions.

npm upgrade (1回目:エラー発生した)

$ npm install
u2404@host:~/emdash-20260419$ npm install
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: emdash-20260419@0.0.3
npm error Found: emdash@0.6.0
npm error node_modules/emdash
npm error   emdash@"^0.6.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer emdash@"0.1.1" from @emdash-cms/plugin-forms@0.1.1
npm error node_modules/@emdash-cms/plugin-forms
npm error   @emdash-cms/plugin-forms@"^0.1.1" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /home/u2404/.npm/_logs/2026-04-21T05_13_40_669Z-eresolve-report.txt
npm error A complete log of this run can be found in: /home/u2404/.npm/_logs/2026-04-21T05_13_40_669Z-debug-0.log

パッケージ・バージョンの依存関係が正しくないのでエラーが出てる様子。
--force または --legacy-peer-deps を使ってリトライ

npm upgrade (2回目:audit発生した)

$ npm install --legacy-peer-deps
npm warn deprecated prebuild-install@7.1.3: No longer maintained. Please contact the author of the relevant native addon; alternatives are available.
npm warn deprecated node-domexception@1.0.0: Use your platform's native DOMException instead

added 715 packages, and audited 716 packages in 38s

243 packages are looking for funding
  run `npm fund` for details

8 vulnerabilities (5 moderate, 3 high)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

npm audit (1回目:確認)

$ npm audit
# npm audit report

kysely  <=0.28.13
Severity: high
SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`. - https://github.com/advisories/GHSA-wmrf-hv6w-mr66
Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings - https://github.com/advisories/GHSA-8cpq-38p9-67gx
No fix available
node_modules/kysely
  @emdash-cms/auth  *
  Depends on vulnerable versions of kysely
  node_modules/@emdash-cms/auth
  emdash  *
  Depends on vulnerable versions of @emdash-cms/auth
  Depends on vulnerable versions of kysely
  node_modules/emdash
    @emdash-cms/cloudflare  *
    Depends on vulnerable versions of emdash
    node_modules/@emdash-cms/cloudflare
    @emdash-cms/plugin-forms  *
    Depends on vulnerable versions of emdash
    node_modules/@emdash-cms/plugin-forms
    @emdash-cms/plugin-webhook-notifier  *
    Depends on vulnerable versions of emdash
    node_modules/@emdash-cms/plugin-webhook-notifier

yaml  2.0.0 - 2.8.2
Severity: moderate
yaml is vulnerable to Stack Overflow via deeply nested YAML collections - https://github.com/advisories/GHSA-48c2-rrv3-qjmp
fix available via `npm audit fix --force`
Will install @astrojs/check@0.9.2, which is a breaking change
node_modules/yaml-language-server/node_modules/yaml
  yaml-language-server  1.11.1-08d5f7b.0 - 1.21.1-f1f5a94.0 || 1.22.1-0ae5603.0 - 1.22.1-fc5f874.0
  Depends on vulnerable versions of yaml
  node_modules/yaml-language-server
    volar-service-yaml  *
    Depends on vulnerable versions of yaml-language-server
    node_modules/volar-service-yaml
      @astrojs/language-server  >=2.14.0
      Depends on vulnerable versions of volar-service-yaml
      node_modules/@astrojs/language-server
        @astrojs/check  >=0.9.3
        Depends on vulnerable versions of @astrojs/language-server
        node_modules/@astrojs/check

11 vulnerabilities (5 moderate, 6 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

npm audit (2回目:fix --force 実行)

$ npm audit fix --force
npm warn using --force Recommended protections disabled.
npm warn audit No fix available for emdash@*
npm warn audit No fix available for @emdash-cms/cloudflare@*
npm warn audit No fix available for @emdash-cms/plugin-forms@*
npm warn audit No fix available for @emdash-cms/plugin-webhook-notifier@*
npm warn audit Updating @astrojs/check to 0.9.2, which is a SemVer major change.
npm warn ERESOLVE overriding peer dependency
npm warn While resolving: @emdash-cms/plugin-forms@0.1.1
npm warn Found: emdash@0.6.0
npm warn node_modules/emdash
npm warn   emdash@"0.6.0" from @emdash-cms/cloudflare@0.6.0
npm warn   node_modules/@emdash-cms/cloudflare
npm warn     @emdash-cms/cloudflare@"^0.6.0" from the root project
npm warn   2 more (@emdash-cms/plugin-webhook-notifier, the root project)
npm warn
npm warn Could not resolve dependency:
npm warn peer emdash@"0.1.1" from @emdash-cms/plugin-forms@0.1.1
npm warn node_modules/@emdash-cms/plugin-forms
npm warn   @emdash-cms/plugin-forms@"^0.1.1" from the root project
npm warn
npm warn Conflicting peer dependency: emdash@0.1.1
npm warn node_modules/emdash
npm warn   peer emdash@"0.1.1" from @emdash-cms/plugin-forms@0.1.1
npm warn   node_modules/@emdash-cms/plugin-forms
npm warn     @emdash-cms/plugin-forms@"^0.1.1" from the root project

added 31 packages, changed 3 packages, and audited 747 packages in 7s

250 packages are looking for funding
  run `npm fund` for details

# npm audit report

kysely  <=0.28.13
Severity: high
SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`. - https://github.com/advisories/GHSA-wmrf-hv6w-mr66
Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings - https://github.com/advisories/GHSA-8cpq-38p9-67gx
No fix available
node_modules/kysely
  @emdash-cms/auth  *
  Depends on vulnerable versions of kysely
  node_modules/@emdash-cms/auth
  emdash  *
  Depends on vulnerable versions of @emdash-cms/auth
  Depends on vulnerable versions of kysely
  node_modules/emdash
    @emdash-cms/cloudflare  *
    Depends on vulnerable versions of emdash
    node_modules/@emdash-cms/cloudflare
    @emdash-cms/plugin-forms  *
    Depends on vulnerable versions of emdash
    node_modules/@emdash-cms/plugin-forms
    @emdash-cms/plugin-webhook-notifier  *
    Depends on vulnerable versions of emdash
    node_modules/@emdash-cms/plugin-webhook-notifier

yaml  2.0.0 - 2.8.2
Severity: moderate
yaml is vulnerable to Stack Overflow via deeply nested YAML collections - https://github.com/advisories/GHSA-48c2-rrv3-qjmp
fix available via `npm audit fix`
node_modules/yaml-language-server/node_modules/yaml
  yaml-language-server  1.11.1-08d5f7b.0 - 1.21.1-f1f5a94.0 || 1.22.1-0ae5603.0 - 1.22.1-fc5f874.0
  Depends on vulnerable versions of yaml
  node_modules/yaml-language-server
    volar-service-yaml  *
    Depends on vulnerable versions of yaml-language-server
    node_modules/volar-service-yaml
      @astrojs/language-server  >=2.14.0
      Depends on vulnerable versions of volar-service-yaml
      node_modules/@astrojs/language-server

10 vulnerabilities (4 moderate, 6 high)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

git add, commit. push

ブランチを作成していれば自動的にcloudflare側でビルドが実行される。そのはずだった。

実際にツールと依存関係のインストールでエラーになってしまい、ビルドが進まない。npm エラーになっていたプラグインをpackage.jsonから削除。

その結果、ビルドが進んだけど アプリケーションをビルドしています でエラー

Cloudflare側のビルドログを見るとastroで必要モジュールがないっていうエラー出ててた

14:43:03.565	Run `npm audit` for details.
14:43:03.809	Executing user build command: npm run build
14:43:04.182	
14:43:04.183	> emdash-20260419@0.0.3 build
14:43:04.183	> astro build
14:43:04.183	
14:43:07.903	[astro] Unable to load your Astro config
14:43:07.905	
14:43:08.254	Cannot find module '@emdash-cms/plugin-forms' imported from '/opt/buildhome/repo/astro.config.mjs'
14:43:08.254	  Location:
14:43:08.255	    /opt/buildhome/repo/node_modules/vite/dist/node/chunks/config.js:33984:34
14:43:08.255	  Stack trace:
14:43:08.255	    at fetchModule (file:///opt/buildhome/repo/node_modules/vite/dist/node/chunks/config.js:33984:34)
14:43:08.255	    at fetchModule (file:///opt/buildhome/repo/node_modules/vite/dist/node/chunks/config.js:34794:17)
14:43:08.255	    at EventEmitter.listenerForInvokeHandler (file:///opt/buildhome/repo/node_modules/vite/dist/node/chunks/config.js:25892:19)
14:43:08.255	    at EventEmitter.emit (node:domain:489:12)
14:43:08.255	    at Object.invoke (file:///opt/buildhome/repo/node_modules/vite/dist/node/module-runner.js:535:31)
14:43:08.339	Failed: error occurred while running build command

今日は諦めた。

たぶん公式側のアップデートが落ち着いていないんだろうと思う。日を改めてバージョンアップ作業する

Continue reading