build: update packages and claude skills#73
Merged
Conversation
All passing. One minor deprecation warning from @stylistic/eslint-plugin about the overrides.arrow option in type-annotation-spacing (recommending arrow-spacing instead) — this is cosmetic and not a failure. 22 test files, 399 tests passed, types and lint all clean. Updated Packages - @eslint/compat: 2.0.0 => 2.0.5 ✓ - @eslint/eslintrc: 3.3.3 => 3.3.5 ✓ - @stylistic/eslint-plugin: 5.6.1 => 5.10.0 ✓ - @vitest/coverage-v8: 4.0.18 => 4.1.4 ✓ - happy-dom: 20.0.11 => 20.8.9 ✓ - lodash: 4.17.23 => 4.18.1 ✓ - typedoc: 0.28.15 => 0.28.19 ✓ - typescript-eslint: 8.50.0 => 8.58.1 ✓ - vitest: 4.0.18 => 4.1.4 ✓ - vue: 3.5.13 => 3.5.32 ✓ Blocked Packages None Status - pnpm audit: 25 => 13 vulnerabilities (improved) - pnpm run all: ✓ What Changed - @eslint/compat 2.0.0 => 2.0.5 Dependency bumps and TypeScript CJS type re-export fixes - @eslint/eslintrc 3.3.3 => 3.3.5 Security updates for ajv and minimatch dependencies - @stylistic/eslint-plugin 5.6.1 => 5.10.0 New jsx-props-style rule, ESLint 10 support, lineMode option for padding-line-between-statements - @vitest/coverage-v8 4.0.18 => 4.1.4 New coverage.changed option, aroundEach/aroundAll hooks, --detect-async-leaks flag - happy-dom 20.0.11 => 20.8.9 Security fixes for cookie forwarding and code injection vulnerabilities, Bun compatibility - lodash 4.17.23 => 4.18.1 Security fixes for prototype pollution in _.unset/_.omit and code injection in _.template - typedoc 0.28.15 => 0.28.19 TypeScript 6.0 compatibility, JSON schema for config validation, French translations - typescript-eslint 8.50.0 => 8.58.1 TypeScript 6 and ESLint 10 support, numerous false-positive fixes - vitest 4.0.18 => 4.1.4 New aroundEach/aroundAll hooks, test tags, --detect-async-leaks, agent reporter - vue 3.5.13 => 3.5.32 Reactivity fixes for arrays/Sets, teleport/suspense edge cases, compiler and performance improvements
Audit improved further from 13 to 8 vulnerabilities. No suspicious install scripts. --- Updated Packages - @eslint/js: 9.39.2 => 10.0.1 ✓ - eslint: 9.39.2 => 10.2.0 ✓ - eslint-plugin-unicorn: 62.0.0 => 64.0.0 ✓ - globals: 16.5.0 => 17.5.0 ✓ - typescript: 5.9.3 => 6.0.2 ✓ (required tsconfig changes) - vite: 7.3.1 => 8.0.8 — reverted Blocked Packages - vite: 7.3.1 => 8.0.8 — Rolldown/Oxc drops decorators on static class properties with initializers, breaking reactive static properties. This is an upstream bug in Rolldown's decorator transform. Status - pnpm audit: 13 => 8 vulnerabilities (improved) - pnpm run all: ✓ What Changed - @eslint/js 9.39.2 => 10.0.1 BREAKING - Removes eslintrc support, requires Node.js 20.19+, removes deprecated SourceCode/context methods - eslint 9.39.2 => 10.2.0 BREAKING - Drops eslintrc config, requires Node.js 20.19+, replaces chalk with native styleText - eslint-plugin-unicorn 62.0.0 => 64.0.0 ESLint 10 support, new rules including consistent-template-literal-escape and switch-case-break-position - globals 16.5.0 => 17.5.0 BREAKING - Splits audioWorklet from browser environment; adds bunBuiltin, denoBuiltin, sharedWorker - typescript 5.9.3 => 6.0.2 BREAKING - strict defaults to true (set false explicitly), moduleResolution changed from node to bundler, removed baseUrl, added explicit rootDir Config Changes Made - tsconfig.json: added "strict": false, changed "moduleResolution": "bundler", removed "baseUrl" - tsconfig.types.json: added "rootDir": "./src" Note: eslint-plugin-import has an unmet peer dependency on eslint ^2-^9 (we're now on 10). It still works but may need updating or replacing with eslint-plugin-import-x when available.
bitencode
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
buildSummary
Update all outdated dependencies — 16 packages total (10 safe, 5 major, 1 blocked). Reduces known audit vulnerabilities from 25 to 8. Adapts tsconfig for TypeScript 6.
Safe Updates
coverage.changedoption, new hooks_.template)--detect-async-leaksMajor Updates
strictdefaults to true,moduledefaults to esnextBlocked
accessorkeyword or legacy decorators on static class propertiesConfig Changes
"strict": false(TS6 defaults strict to true), changed"moduleResolution": "bundler", removed"baseUrl""rootDir": "./src"(required by TS6)engines.nodeto^22.14 || ^24.14, addedallscriptapproveBuilds,minimumReleaseAge, andtrustPolicysettings.claude/skills but ignore local settingsSecurity
pnpm auditvulnerabilities: 25 => 8 (12 fewer from lodash security fixes and dependency updates)Other
workspace-changelogs.jsonchangelog URL registry/outdated-packagesand/update-packagesTest Plan
pnpm run all— types, lint, and all 399 tests passpnpm audit— no new vulnerabilities introducedChecklist
CHANGELOG.md