mono - chore: upgrade build tooling#1670
Conversation
Upgrade the non-major TypeScript/build tooling to their latest minimumReleaseAge-gated versions: - tsdown 0.22.0 -> 0.22.3 (bundler; 8 packages) - tsx 4.21.0 -> 4.23.0 (benchmark, website) - @arethetypeswrong/cli 0.18.3 -> 0.18.4 (root) typescript (5.9.3 -> 6.0.3, a major) and @types/node (Node-major target needs a decision) are handled separately. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01P1TBuMiXotBjpNHYcbwvqf
There was a problem hiding this comment.
Code Review
This pull request updates several development dependencies across the monorepo, including upgrading @arethetypeswrong/cli to ^0.18.4, tsx to ^4.23.0, and tsdown to ^0.22.3. The lockfile pnpm-lock.yaml has been regenerated to reflect these updates along with their transitive dependencies. I have no feedback to provide as there are no review comments.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1670 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 29 29
Lines 3504 3504
Branches 809 795 -14
=========================================
Hits 3504 3504 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
|
Re: Socket "Obfuscated code" alert on
The "Socket Security: Pull Request Alerts" check passed (this is a Warn-level advisory). I've deliberately not self-issued a Generated by Claude Code |
Please check if the PR fulfills these requirements
What kind of change does this PR introduce?
Maintenance (
chore) — upgrades the non-major TypeScript / build tooling to their latestminimumReleaseAge-gated versions. No source or public-API changes. Second PR of the dependency-management dev phase.Versions
tsdown^0.22.0→^0.22.3(bundler; 8 packages:cacheable,cache-manager,file-entry-cache,flat-cache,@cacheable/memory,@cacheable/net,@cacheable/node-cache,@cacheable/utils)tsx4.21.0→4.23.0(@cacheable/benchmark,@cacheable/website— existing pin styles preserved: caret for benchmark, exact for website)@arethetypeswrong/cli^0.18.3→^0.18.4(root)typescript(5.9.3→6.0.3) is a major and is deferred to its own PR;@types/node(24.12.2→26.1.0) is held pending a Node-major-version decision (.nvmrcsays22, but CI tests22/24/26and the current pin is^24).Verification
pnpm buildpassesnode scripts/test-build.mjs(build-output validation: runtime + publint + attw) passes for all packagespnpm test— every package passes at 100% coverage except the same 3 tests that fail onmainand are specific to this sandbox (not caused by this change):cacheable-request › return with url and port— real request to externalmockhttp.org:8080, unreachable here (the:80variant passes).file-entry-cache › should return a file descriptor with checksum and errorandnormalizeEntries() › should return all entries— bothchmod 0o000a file to force a read error, but this sandbox runs as root, which bypasses permission bits.All three pass on GitHub CI (non-root runner, full network).
Generated by Claude Code