Update non-major dependencies #86
Conversation
|
Updated the PR tools’ package manifests to the latest patch versions for core and development dependencies, ensuring alignment with recent bug fixes and minor improvements across both the review and summary workflows. Walkthrough
Model: o4-mini-2025-04-16 | Prompt Tokens: 721 | Completion Tokens: 630 |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
I’m here to share helpful suggestions and code insights with AI support. Remember that they’re educated guesses, not guaranteed solutions. Use what suits your goals best. You remain in control, making the final calls—AI is just a friendly guide along the way.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1309 | Completion Tokens: 4119
| "tsx": "4.21.0", | ||
| "typescript": "5.9.3", | ||
| "typescript-eslint": "8.51.0", | ||
| "typescript-eslint": "8.52.0", |
There was a problem hiding this comment.
It looks like you’re depending on a non-scoped package named typescript-eslint, which doesn’t match the official ESLint ecosystem. I recommend switching to the scoped packages:
// Replace this
"typescript-eslint": "8.52.0"
// With these
"@typescript-eslint/eslint-plugin": "^8.52.0",
"@typescript-eslint/parser": "^8.52.0",This will give you the proper parser and plugin for TypeScript linting and avoid confusing npm resolution.
| "@eslint/js": "9.39.2", | ||
| "@types/node": "24.10.4", | ||
| "@types/node": "24.10.5", | ||
| "@vercel/ncc": "0.38.4", | ||
| "eslint": "9.39.2", |
There was a problem hiding this comment.
I see both @eslint/js and the core eslint package listed in devDependencies. If you only need the standard ESLint configuration, you can remove one of them for clarity. For example, to rely solely on @eslint/js (which already brings in ESLint):
"devDependencies": {
"@eslint/js": "^9.39.2",
"eslint-plugin-import": "^2.32.0",
// remove: "eslint": "9.39.2"
// ...other deps
}Or vice versa—just pick the one that matches your intended setup to reduce redundancy.
| }, | ||
| "dependencies": { | ||
| "@actions/core": "2.0.1", | ||
| "@actions/core": "2.0.2", |
There was a problem hiding this comment.
Pinning dependencies to exact versions requires manual bumps for every patch release. To automatically receive non-breaking updates, consider using a caret (^) range instead:
- "@actions/core": "2.0.2"
+ "@actions/core": "^2.0.2"You can apply the same approach to other dependencies and devDependencies to streamline patch-level maintenance.
| "prettier:fix": "prettier --write ." | ||
| }, |
There was a problem hiding this comment.
It can be helpful to declare an engines field so that everyone uses the same Node version when running your scripts:
"engines": {
"node": ">=16"
},Add this just below your name/version metadata to enforce a minimum runtime version.
| "tsx": "4.21.0", | ||
| "typescript": "5.9.3", | ||
| "typescript-eslint": "8.51.0", | ||
| "typescript-eslint": "8.52.0", |
There was a problem hiding this comment.
Same as in your other package, this looks like a non-scoped typescript-eslint entry. You should replace it with the official scoped packages:
// Replace this
"typescript-eslint": "8.52.0"
// With these
"@typescript-eslint/eslint-plugin": "^8.52.0",
"@typescript-eslint/parser": "^8.52.0",| "@eslint/js": "9.39.2", | ||
| "@types/node": "24.10.4", | ||
| "@types/node": "24.10.5", | ||
| "@vercel/ncc": "0.38.4", | ||
| "eslint": "9.39.2", |
There was a problem hiding this comment.
You’re installing both @eslint/js and eslint itself. To avoid duplication, choose one approach:
Option A - rely on @eslint/js:
"devDependencies": {
"@eslint/js": "^9.39.2",
// remove: "eslint"
// ...other packages
}Option B - drop @eslint/js and keep core eslint:
"devDependencies": {
"eslint": "^9.39.2",
// remove: "@eslint/js"
// ...other plugins
}This will simplify your lint setup.
| }, | ||
| "dependencies": { | ||
| "@actions/core": "2.0.1", | ||
| "@actions/core": "2.0.2", |
There was a problem hiding this comment.
Consider using caret ranges for patch updates so you don’t need to bump every time a new patch releases:
- "@actions/core": "2.0.2"
+ "@actions/core": "^2.0.2"Apply this consistently across dependencies and devDependencies to reduce manual maintenance.
pr-summary/package.json
Outdated
| "@actions/github": "6.0.1", | ||
| "@octokit/plugin-retry": "6.1.0", | ||
| "@octokit/plugin-throttling": "8.2.0", |
There was a problem hiding this comment.
I notice that pr-review uses @octokit/action but here you have @octokit/plugin-throttling. If these workflows share logic, you might unify both modules or clearly document why they differ. For example, if you intend to throttle all Octokit calls in this summary action, add a comment in your code or README explaining the rationale.
renovate
bot
force-pushed
the
renovate/non-major-dependencies
branch
from
ebe27eb to
c537823
Compare
|
This update bumps several GitHub Actions libraries and TypeScript tooling dependencies in both the Walkthrough
Model: o4-mini-2025-04-16 | Prompt Tokens: 779 | Completion Tokens: 474 | Diff Range: ebe27eb...c537823 |
There was a problem hiding this comment.
Welcome to your supportive AI-powered code review. Insights offered are helpful ideas, not ironclad rules. Feel free to apply whatever suits your style and goals. You drive the choices—AI is simply here to help.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1085 | Completion Tokens: 2552 | Diff Range: ebe27eb...c537823
| }, | ||
| "dependencies": { | ||
| "@actions/core": "2.0.1", | ||
| "@actions/core": "2.0.2", |
There was a problem hiding this comment.
You’ve pinned @actions/core to an exact patch version (2.0.2). To automatically pull in future compatible patch releases (e.g., security fixes), consider using a caret range:
"@actions/core": "^2.0.2",This will still lock to 2.x.x but include all 2.0.x patches without manual bumps.
| "devDependencies": { | ||
| "@eslint/js": "9.39.2", | ||
| "@types/node": "24.10.4", | ||
| "@types/node": "24.10.6", |
There was a problem hiding this comment.
Similarly, you’re using an exact patch for @types/node. Switching to a caret range will automatically include future type patch updates:
"@types/node": "^24.10.6",This reduces the frequency of manual version updates for patch releases.
| }, | ||
| "dependencies": { | ||
| "@actions/core": "2.0.1", | ||
| "@actions/core": "2.0.2", |
There was a problem hiding this comment.
You’ve updated @actions/core to a specific version. To stay current with patch fixes automatically, use a caret range instead of pinning:
"@actions/core": "^2.0.2",This follows semver best practices by allowing non-breaking patch updates.
| "devDependencies": { | ||
| "@eslint/js": "9.39.2", | ||
| "@types/node": "24.10.4", | ||
| "@types/node": "24.10.6", |
There was a problem hiding this comment.
The @types/node entry is pinned to an exact release. Adopting a caret-based version range will include future patch-level improvements without manual bumps:
"@types/node": "^24.10.6",This helps keep your types in sync with Node.js patch updates effortlessly.
This PR contains the following updates:
2.0.1→2.0.224.10.4→24.10.68.51.0→8.52.0Release Notes
typescript-eslint/typescript-eslint (typescript-eslint)
v8.52.0Compare Source
This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.
You can read about our versioning strategy and releases on our website.
Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.