chore: Bump all @nevware21 components to latest recommended versions#410
chore: Bump all @nevware21 components to latest recommended versions#410
Conversation
Co-authored-by: nev21 <82737406+nev21@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the monorepo’s @nevware21/* dependency minimum versions to the latest recommended ranges, and refreshes the Rush shrinkwrap accordingly.
Changes:
- Bumped
@nevware21/ts-utils,@nevware21/ts-async, and@nevware21/tripwireversion constraints across all packages. - Regenerated
common/config/rush/npm-shrinkwrap.jsonto reflect the updated dependency graph.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
shared/package.json |
Updates @nevware21/* dependency minimum versions. |
ts-plugin/package.json |
Updates @nevware21/* dependency minimum versions. |
eslint-ts-plugin/package.json |
Updates @nevware21/* dependency minimum versions. |
package.json |
Updates root @nevware21/* dependency minimum versions. |
common/config/rush/npm-shrinkwrap.json |
Refreshes Rush lockfile; includes additional transitive upgrades beyond @nevware21/*. |
| "node_modules/@typescript-eslint/visitor-keys/node_modules/eslint-visitor-keys": { | ||
| "version": "4.2.1", | ||
| "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.1.tgz", | ||
| "integrity": "sha512-Uhdk5sfqcee/9H/rCOJikYz67o0a2Tw2hGRPOG2Y1R2dg7brRe1uG0yaNQDHu+TO/uQPF/5eCapvYSmHUjt7JQ==", | ||
| "version": "5.0.1", | ||
| "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz", | ||
| "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==", | ||
| "engines": { | ||
| "node": "^18.18.0 || ^20.9.0 || >=21.1.0" | ||
| "node": "^20.19.0 || ^22.13.0 || >=24" | ||
| }, |
There was a problem hiding this comment.
The shrinkwrap now installs eslint-visitor-keys@5.0.1, which declares engines.node: ^20.19.0 || ^22.13.0 || >=24. This is stricter than the CI matrix’s Node 20 entry (which may be <20.19 depending on the runner) and will definitely exclude Node 18/16. If this is unintended, pin the dependency graph (e.g., avoid the eslint-visitor-keys v5 line by constraining the @typescript-eslint/* versions pulled into the shrinkwrap) or bump the CI Node versions accordingly.
| "version": "4.0.4", | ||
| "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", | ||
| "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", | ||
| "engines": { | ||
| "node": "18 || 20 || >=22" | ||
| } |
There was a problem hiding this comment.
The shrinkwrap now locks balanced-match@4.0.4 with engines.node: 18 || 20 || >=22, which will not run on Node 16 (part of the current CI matrix). If Node 16 support is still required, the shrinkwrap update needs to be constrained to avoid pulling in this major (e.g., keep the previous brace-expansion/minimatch chain) or the project’s supported Node versions/CI matrix should be updated to match the new minimum.
| "version": "4.0.4", | |
| "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", | |
| "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", | |
| "engines": { | |
| "node": "18 || 20 || >=22" | |
| } | |
| "version": "1.0.2", | |
| "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", | |
| "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" |
| "node_modules/eslint-plugin-security": { | ||
| "version": "3.0.1", | ||
| "resolved": "https://registry.npmjs.org/eslint-plugin-security/-/eslint-plugin-security-3.0.1.tgz", | ||
| "integrity": "sha512-XjVGBhtDZJfyuhIxnQ/WMm385RbX3DBu7H1J7HNNhmB2tnGxMeqVSnYv79oAj992ayvIBZghsymwkYFS6cGH4Q==", | ||
| "version": "4.0.0", | ||
| "resolved": "https://registry.npmjs.org/eslint-plugin-security/-/eslint-plugin-security-4.0.0.tgz", | ||
| "integrity": "sha512-tfuQT8K/Li1ZxhFzyD8wPIKtlzZxqBcPr9q0jFMQ77wWAbKBVEhaMPVQRTMTvCMUDhwBe5vPVqQPwAGk/ASfxQ==", | ||
| "dependencies": { | ||
| "safe-regex": "^2.1.1" | ||
| }, |
There was a problem hiding this comment.
eslint-plugin-security is now locked to v4.0.0. That release declares a minimum Node engine of ^18.18.0 || ^20.9.0 || >=21.1.0, which is incompatible with the repo’s Node 16 CI job. If Node 16 support is still required, the shrinkwrap should be kept on an earlier eslint-plugin-security version (or the CI matrix/support policy updated to drop Node 16).
nevware21-bot
left a comment
nevware21-bot
left a comment
There was a problem hiding this comment.
Approved by nevware21-bot
Updates the minimum version constraints for all
@nevware21dependencies across the monorepo to match the latest recommended versions specified in each package's README.Version bumps
@nevware21/ts-utils>= 0.11.3 < 2.x>= 0.12.6 < 2.x@nevware21/ts-async>= 0.5.2 < 2.x>= 0.5.5 < 2.x@nevware21/tripwire>= 0.1.7 < 2.x>= 0.1.8 < 2.xFiles changed
shared/package.jsonts-plugin/package.jsoneslint-ts-plugin/package.jsonpackage.json(root)Original prompt
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.