Skip to content

Next#7516

Merged
JanDeDobbeleer merged 5 commits into
mainfrom
next
May 7, 2026
Merged

Next#7516
JanDeDobbeleer merged 5 commits into
mainfrom
next

Conversation

@JanDeDobbeleer

@JanDeDobbeleer JanDeDobbeleer commented May 7, 2026

Copy link
Copy Markdown
Owner

Prerequisites

  • I have read and understood the contributing guide.
  • The commit message follows the conventional commits guidelines.
  • Tests for the changes have been added (for bug fixes / features).
  • Docs have been added/updated (for bug fixes / features).

JanDeDobbeleer and others added 5 commits May 7, 2026 08:55
@JanDeDobbeleer
fix(ytm): store YTMDA token in device cache
424a5de
@JanDeDobbeleer
chore: setup copilot's runspace
9c530b9
@dependabot @JanDeDobbeleer
chore(deps): bump axios from 1.15.0 to 1.15.2 in /website/api
fc27b00 
Bumps [axios](https://github.com/axios/axios) from 1.15.0 to 1.15.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.0...v1.15.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.15.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @JanDeDobbeleer
chore(deps): bump ip-address and express-rate-limit in /website/api
4456200 
Bumps [ip-address](https://github.com/beaugunderson/ip-address) and [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit). These dependencies needed to be updated together.

Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](https://github.com/beaugunderson/ip-address/commits)

Updates `express-rate-limit` from 8.3.0 to 8.5.1
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Commits](express-rate-limit/express-rate-limit@v8.3.0...v8.5.1)

---
updated-dependencies:
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
- dependency-name: express-rate-limit
  dependency-version: 8.5.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @JanDeDobbeleer
chore(deps): bump hono from 4.12.14 to 4.12.18 in /website/api
f0f5b91 
Bumps [hono](https://github.com/honojs/hono) from 4.12.14 to 4.12.18.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.14...v4.12.18)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.18
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Copilot AI review requested due to automatic review settings May 7, 2026 06:56
@JanDeDobbeleer JanDeDobbeleer enabled auto-merge (rebase) May 7, 2026 06:56
@JanDeDobbeleer JanDeDobbeleer merged commit 5708b0b into main May 7, 2026
17 checks passed
@JanDeDobbeleer JanDeDobbeleer deleted the next branch May 7, 2026 07:01
Copilot AI reviewed May 7, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates tooling/dependencies and fixes YTMDA authentication token persistence by storing the token in the device cache (matching how the YTM segment reads it). It also adjusts Copilot setup automation to restore the tracked apm.lock.yaml and installs ast-grep-cli.

Changes:

  • Bump several Node dependencies in website/api via package-lock.json.
  • Fix YTMDA auth to persist the token under cache.Device and update tests to validate the stored token.
  • Remove legacy apm.lock, ignore .agents/, and update GitHub automation to restore apm.lock.yaml and install ast-grep-cli.

Reviewed changes

Copilot reviewed 4 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
website/api/package-lock.json Updates locked Node dependency versions (axios, express-rate-limit, hono, ip-address).
src/cli/auth/ytmda.go Stores YTMDA token in device cache to match consumer behavior.
src/cli/auth/ytmda_test.go Adjusts tests to assert the token is written to cache rather than pre-seeding it.
apm.lock Removes the untracked/legacy lockfile in favor of apm.lock.yaml.
.gitignore Ignores .agents/ directory.
.github/workflows/copilot-setup-steps.yml Restores apm.lock.yaml, installs ast-grep-cli, and pins checkout to a SHA.
.github/github-app.yml Updates restore command to apm.lock.yaml and installs ast-grep-cli on session creation.
Files not reviewed (1)
  • website/api/package-lock.json: Language not supported

Comment thread src/cli/auth/ytmda_test.go
Comment on lines +98 to +102
if tc.shouldSetToken {
token, ok := cache.Get[string](cache.Device, YTMDATOKEN)
require.True(t, ok)
assert.Equal(t, tc.expectedToken, token)
}
Comment thread .github/workflows/copilot-setup-steps.yml
steps:
- name: Checkout code
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JanDeDobbeleer