Skip to content

chore: bump @expressots/shared from 4.0.0-preview.3.4 to 4.0.0#140

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/expressots/shared-4.0.0
Open

chore: bump @expressots/shared from 4.0.0-preview.3.4 to 4.0.0#140
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/expressots/shared-4.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown

Bumps @expressots/shared from 4.0.0-preview.3.4 to 4.0.0.

Release notes

Sourced from @​expressots/shared's releases.

@​expressots/shared 4.0.0

ExpressoTS shared contracts 4.0.0 — stable release.

Highlights

  • Cross-package interfaces, env loader, and ExpressoConfig types
  • Now dependency-free at runtime

Breaking changes

  • Removed the utils module (Compiler moved to @expressots/cli; the chalk logger printers were never exported)
  • Dropped the chalk dependency and optional ts-node peer
  • Node.js >= 20.19.0 required

Full details in CHANGELOG.md.

Changelog

Sourced from @​expressots/shared's changelog.

4.0.0 (2026-07-16)

Stable release.

BREAKING CHANGES

  • remove the utils module (Compiler and the chalk-based logger printers). The Compiler config loader now lives in @expressots/cli (src/utils/compiler.ts); the logger printers were never exported from the package barrel. The internal dotenv log helper moved to src/env/logger.ts and is unchanged.
  • drop the chalk runtime dependency and the optional ts-node peer dependency; both were only used by the removed utils module.
  • require Node.js >=20.19.0 (was >=20.18.0).

Build System

  • enable strictNullChecks and noImplicitAny; remove unused experimentalDecorators / emitDecoratorMetadata; CJS build now compiles with module: node16 / moduleResolution: node16 and an explicit rootDir.

Continuous Integrations

  • remove the pull_request_target trigger from the build workflow.

Bug Fixes

  • resolve js-yaml advisory and remove clear-text logging of env values (b56bc02)
  • bump undici to 7.28.0 and regenerate package-lock.json with npm 10 to resolve Dependabot alerts (ba875c4, 8c9b3d8)

Tests

  • cover Pattern enum and config vault fallback paths (cb6fa84)
Commits
  • 1c2451d chore(release): bump to 4.0.0
  • 421338c chore(shared): production hardening for 4.0 GA
  • 8c9b3d8 fix(ci): regenerate package-lock.json with npm 10 for npm ci
  • ba875c4 fix(security): bump undici to 7.28.0 to resolve Dependabot alerts
  • 1f17e94 chore: strip Cursor co-author trailers and fix README badges
  • 3a0eb89 Merge pull request #244 from expressots/fix/security-16-06-2026
  • 248c231 fix(ci): restore conventional-commits-parser entry in package-lock.json
  • b56bc02 fix(security): resolve js-yaml advisory and clear-text env logging
  • a6a9d22 Merge pull request #243 from expressots/feature/v4.0
  • cb6fa84 test: cover Pattern enum and config vault fallback paths
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@expressots/shared](https://github.com/expressots/shared) from 4.0.0-preview.3.4 to 4.0.0.
- [Release notes](https://github.com/expressots/shared/releases)
- [Changelog](https://github.com/expressots/shared/blob/main/CHANGELOG.md)
- [Commits](expressots/shared@v4.0.0-preview.3.4...v4.0.0)

---
updated-dependencies:
- dependency-name: "@expressots/shared"
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants