Skip to content

chore(deps): update all dependencies#318

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all
Open

chore(deps): update all dependencies#318
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 18, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@types/node (source) ^25.8.0^25.9.0 age confidence
@typescript-eslint/eslint-plugin (source) ^8.59.3^8.59.4 age confidence
@typescript-eslint/parser (source) ^8.59.3^8.59.4 age confidence
typescript-eslint (source) ^8.59.3^8.59.4 age confidence

cc @skulidropek

Release Notes

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.59.4

Compare Source

🩹 Fixes
  • eslint-plugin: [no-floating-promises] stack overflow when using recursive types (#​12294)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.59.4

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (typescript-eslint)

v8.59.4

Compare Source

🩹 Fixes
  • typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#​12340)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from skulidropek May 18, 2026 14:16
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 18, 2026
edited
Loading

Review Change Stack

📝 Walkthrough

Summary by CodeRabbit

  • Chores
    • Обновлены разработки зависимости во всех пакетах: @types/node и пакеты семейства @typescript-eslint (плагин и парсер) до новых патч-версий, без изменений пользовательского API или скриптов.

Walkthrough

В devDependencies обновлён @types/node с ^25.8.0 до ^25.9.0 во всех четырёх пакетах (packages/api, packages/app, packages/docker-git-session-sync, packages/lib); в packages/app дополнительно синхронизированы версии @typescript-eslint/eslint-plugin, @typescript-eslint/parser и typescript-eslint до ^8.59.4.

Changes

Обновление devDependencies

Layer / File(s) Summary
Обновление @types/node и синхронизация ESLint/TS в app
packages/api/package.json, packages/app/package.json, packages/docker-git-session-sync/package.json, packages/lib/package.json		 Во всех пакетах обновлена версия @types/node с ^25.8.0 до ^25.9.0 в devDependencies. В packages/app дополнительно синхронизированы @typescript-eslint/eslint-plugin, @typescript-eslint/parser и typescript-eslint до ^8.59.4.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related issues

  • Dependency Dashboard #99: содержит аналогичные обновления @types/node и связанных devDependency-бамперов.

Possibly related PRs

  • ProverCoderAI/docker-git#301: Предыдущее PR с похожим набором обновлений @types/node в тех же пакетах.

Suggested reviewers

  • skulidropek

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name Status Explanation Resolution
Requirements Alignment ❌ Error PR использует несуществующие на npm версии: @types/node@25.9.0 (доступна 25.8.0) и @typescript-eslint/eslint-plugin@8.59.4 (доступна 8.59.3). Версия 25.x несовместима с Node.js 20. Использовать @types/node@^25.8.0 и @typescript-eslint/eslint-plugin@^8.59.3. Лучше: @types/node@^20.x для Node.js 20, требуемой vite конфигами проекта.
Description check ⚠️ Warning Описание PR отклоняется от требуемого шаблона репозитория; отсутствуют обязательные разделы (Issues, Requirements Alignment, Verification). Добавьте требуемые разделы из шаблона: Source TZ / Issues, Requirements Alignment и Verification для полного соответствия стандартам репозитория.
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed Заголовок точно отражает суть изменений — обновление зависимостей в multiple package.json файлах проекта.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Security Regression ✅ Passed PR содержит только изменения версий package.json. Отсутствуют инъекции команд, утечки учетных данных, постинсталл скрипты, бинарные файлы. GitHub Actions безопасна без pull_request_target.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/all

Comment @coderabbitai help to get the list of available commands and usage tips.

@renovate renovate Bot force-pushed the renovate/all branch from 9255104 to dff5d4e Compare May 18, 2026 19:27
@renovate renovate Bot changed the title chore(deps): update dependency @types/node to ^25.9.0 chore(deps): update all dependencies May 18, 2026
coderabbitai[bot]
coderabbitai Bot reviewed May 18, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/api/package.json`:
- Around line 42-45: Update the invalid dependency versions in package.json:
change "`@types/node`" to a published version (e.g., ^25.7.0) and align the
TypeScript ESLint packages so both "`@typescript-eslint/eslint-plugin`" and
"`@typescript-eslint/parser`" use the same existing release (e.g., ^8.59.3); save
the package.json, install, then run the project checks with `bun run typecheck`
and `bun run check` to validate compatibility of the updated versions (focus
edits around the dependency entries for "`@types/node`",
"`@typescript-eslint/eslint-plugin`", and "`@typescript-eslint/parser`").

In `@packages/docker-git-session-sync/package.json`:
- Line 41: The dependency "`@types/node`": "^25.9.0" is incompatible with the
project's Node targets (vite target "node20" and Docker Node 24); update the
package.json entry for "`@types/node`" to a matching major for your runtime (use
"^24.x" if the Docker images run Node 24, or "^20.x" if you intend Node 20),
then reinstall/update lockfile (npm/yarn/pnpm) and ensure the vite config target
and Docker base images remain consistent with the chosen `@types/node` version.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 9af3857a-48c8-48b7-a807-392a7c71e6ef

📥 Commits

Reviewing files that changed from the base of the PR and between 9255104 and dff5d4e.

⛔ Files ignored due to path filters (1)
  • bun.lock is excluded by !**/*.lock
📒 Files selected for processing (4)
  • packages/api/package.json
  • packages/app/package.json
  • packages/docker-git-session-sync/package.json
  • packages/lib/package.json
📜 Review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)
  • GitHub Check: Test
  • GitHub Check: Final build (windows-latest)
  • GitHub Check: E2E (Clone cache)
  • GitHub Check: E2E (Runtime volumes + SSH)
  • GitHub Check: E2E (Browser command)
  • GitHub Check: E2E (OpenCode)
  • GitHub Check: Lint
  • GitHub Check: E2E (Login context)
  • GitHub Check: Snapshot
🧰 Additional context used
📓 Path-based instructions (3)
**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

  • packages/api/package.json
  • packages/lib/package.json
  • packages/docker-git-session-sync/package.json
  • packages/app/package.json
**/{package*.json,requirements*.txt,setup.py,setup.cfg,Pipfile,Pipfile.lock,pyproject.toml,pom.xml,build.gradle,Gemfile,Gemfile.lock,go.mod,go.sum,composer.json,Cargo.toml,Cargo.lock}

📄 CodeRabbit inference engine (Custom checks)

Fail if dependency or package-manager changes materially increase supply-chain risk without justification

Files:

  • packages/api/package.json
  • packages/lib/package.json
  • packages/docker-git-session-sync/package.json
  • packages/app/package.json
**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

  • packages/api/package.json
  • packages/lib/package.json
  • packages/docker-git-session-sync/package.json
  • packages/app/package.json
🔇 Additional comments (4)
packages/api/package.json (1)

44-45: Несоответствие с AI-сводкой.

AI-сводка утверждает, что изменилась только версия @types/node, но строки 44-45 показывают, что также обновлены @typescript-eslint/eslint-plugin и @typescript-eslint/parser до версии ^8.59.4.

packages/lib/package.json (2)

65-67: Несоответствие с AI-сводкой.

AI-сводка утверждает, что обновлен только пакет @types/node, но строки 65-67 показывают, что также обновлены @typescript-eslint/eslint-plugin, @typescript-eslint/parser и typescript-eslint до версии ^8.59.4.

64-67: ⚡ Quick win

Проверьте совместимость обновленных зависимостей.

Обновления @types/node@^25.9.0 и инструментов @typescript-eslint могут вызвать проблемы типизации в общей библиотеке. CI автоматически проверяет совместимость через typecheck и lint для packages/lib, но убедитесь, что эти проверки проходят без ошибок.

			> Likely an incorrect or invalid review comment.
packages/app/package.json (1)

99-104: ⚡ Quick win

CI-конвейер уже автоматически проверяет совместимость этих зависимостей.

Обновления будут проверены автоматически при запуске GitHub Actions на этом PR. В рабочем процессе check.yml уже определены задачи Types, Lint и Test, которые выполняют необходимые проверки:

  • bun run --cwd packages/app check (typecheck)
  • bun run --cwd packages/app lint
  • bun run --cwd packages/app test

Версии совместимы: все пакеты @typescript-eslint/* используют одинаковую версию ^8.59.4, что необходимо для правильной работы.

			> Likely an incorrect or invalid review comment.

Comment thread packages/api/package.json
Comment on lines +42 to +45
"@types/node": "^25.9.0",
"@types/ws": "^8.18.1",
"@typescript-eslint/eslint-plugin": "^8.59.3",
"@typescript-eslint/parser": "^8.59.3",
"@typescript-eslint/eslint-plugin": "^8.59.4",
"@typescript-eslint/parser": "^8.59.4",
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

Does @types/node version 25.9.0 exist on npm and are there any known security issues?

💡 Result:

The npm package @types/node does not have a version 25.9.0 [1][2]. While Node.js itself has a version 25.9.0 [3][4], the @types/node package follows a different versioning scheme where the major and minor versions align with Node.js, but the patch version is managed independently by the DefinitelyTyped project [5]. As of May 18, 2026, the latest available version of @types/node is 25.7.0 [2]. Regarding security, there are no direct vulnerabilities reported for the @types/node package in the Snyk vulnerability database [2]. It is important to note that @types/node is a development dependency containing only TypeScript type definitions and does not contain executable code, which significantly reduces its security risk profile. Users should be aware of a separate, malicious package named types-node (note the missing @ symbol), which has been identified as malicious and should be avoided [6]. Additionally, while there have been recent, unrelated supply chain attacks targeting other popular Node.js packages like node-ipc [7][8][9], these do not affect @types/node.

Citations:

🌐 Web query:

Does @typescript-eslint/eslint-plugin version 8.59.4 exist on npm and are there any known security issues?

💡 Result:

As of May 18, 2026, version 8.59.4 of @typescript-eslint/eslint-plugin does not exist on npm [1][2]. The latest stable releases for the 8.x branch have reached 8.59.3 [1]. There are no known direct security vulnerabilities associated with the current versions of @typescript-eslint/eslint-plugin [3]. While security tools like Snyk and other vulnerability databases monitor the package, it is consistently reported as having no known direct security issues [3][4]. Users are generally advised to keep the package updated to the latest stable version to ensure they have the most recent security patches for any transitive dependencies [5]. If you encounter security warnings in your project, they often stem from transitive dependencies (such as minimatch) rather than the plugin itself, and these are typically resolved by updating to the latest version of @typescript-eslint/eslint-plugin [5].

Citations:

🏁 Script executed:

#!/bin/bash
# Verify that typecheck passes with updated dependencies
cd packages/api
bun run typecheck

Repository: ProverCoderAI/docker-git

Length of output: 112

Указанные версии пакетов не существуют на npm.

Версия @types/node@25.9.0 не опубликована на npm. На май 2026 г. последняя доступная версия — 25.7.0. Версия @typescript-eslint/eslint-plugin@8.59.4 также не существует; в ветке 8.x последняя стабильная версия — 8.59.3.

Обновите package.json, используя существующие версии:

  • @types/node@^25.7.0 (или актуальнейшую доступную)
  • @typescript-eslint/eslint-plugin@^8.59.3 (или актуальнейшую доступную)
  • @typescript-eslint/parser@^8.59.3 (синхронизируйте версию с eslint-plugin)

После исправления разрешений версий выполните bun run typecheck и bun run check для проверки совместимости обновленных зависимостей с кодовой базой.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/api/package.json` around lines 42 - 45, Update the invalid
dependency versions in package.json: change "`@types/node`" to a published version
(e.g., ^25.7.0) and align the TypeScript ESLint packages so both
"`@typescript-eslint/eslint-plugin`" and "`@typescript-eslint/parser`" use the same
existing release (e.g., ^8.59.3); save the package.json, install, then run the
project checks with `bun run typecheck` and `bun run check` to validate
compatibility of the updated versions (focus edits around the dependency entries
for "`@types/node`", "`@typescript-eslint/eslint-plugin`", and
"`@typescript-eslint/parser`").

Comment thread packages/docker-git-session-sync/package.json
"devDependencies": {
"@effect/vitest": "^0.29.0",
"@types/node": "^25.8.0",
"@types/node": "^25.9.0",
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify typecheck passes with updated `@types/node`
cd packages/docker-git-session-sync
bun run typecheck

Repository: ProverCoderAI/docker-git

Length of output: 112

🏁 Script executed:

#!/bin/bash
# Check Node.js version target and existing dependencies
cd packages/docker-git-session-sync
echo "=== package.json content ===" 
cat package.json | head -50

echo -e "\n=== Root package.json for Node version info ===" 
cat ../../package.json | grep -A 5 -B 5 "engines\|node"

echo -e "\n=== Check for tsconfig.json ===" 
find . -name "tsconfig.json" -o -name "tsconfig*.json" | xargs cat 2>/dev/null || echo "No tsconfig found in this package"

Repository: ProverCoderAI/docker-git

Length of output: 3023

🏁 Script executed:

#!/bin/bash
# Search for `@types/node` and TypeScript version info in repository
echo "=== Looking for TypeScript version ===" 
rg "`@types/node`|typescript" package.json --max-count=5 -A 1 | head -30

echo -e "\n=== Check root package.json ===" 
cat package.json | grep -E "typescript|`@types/node`" -A 1 -B 1

echo -e "\n=== Node.js engine requirements ===" 
cat package.json | grep -E "engines|\"node\""

Repository: ProverCoderAI/docker-git

Length of output: 177

🏁 Script executed:

#!/bin/bash
# Check root tsconfig.base.json and Node.js version requirement
echo "=== Root tsconfig.base.json ===" 
cat tsconfig.base.json | head -30

echo -e "\n=== Root package.json - engines/node requirement ===" 
cat package.json | grep -A 10 "\"engines\""

Repository: ProverCoderAI/docker-git

Length of output: 939

🌐 Web query:

@types/node 25.9.0 TypeScript 6.0 compatibility Node.js version

💡 Result:

The @types/node package version 25.9.0 is designed to provide TypeScript type definitions for Node.js version 25.9.0 [1]. Regarding compatibility and versioning: 1. Node.js Version: The major and minor versions of @types/node generally correspond directly to the Node.js version they support [2]. Therefore, @types/node 25.9.0 is intended for use with Node.js 25.9.0 [1]. 2. TypeScript Compatibility: There is no strict, hard-coded dependency between specific versions of @types/node and TypeScript versions [3]. Instead, @types/node is compatible with any TypeScript version that supports the syntax used in its declaration files [3]. As of May 2026, TypeScript 6.0 is the current stable release [4][5], and @types/node 25.9.0 is fully compatible with it. While older versions of @types/node have occasionally dropped support for very old TypeScript versions (e.g., versions older than 3.7) [3], modern releases like 25.9.0 are designed to work with contemporary TypeScript environments, including TypeScript 6.0 [4]. In summary, you can safely use @types/node 25.9.0 with Node.js 25.9.0 and TypeScript 6.0 [1][4][2].

Citations:

🏁 Script executed:

#!/bin/bash
# Check for Node.js version specifications
echo "=== Looking for .nvmrc or .node-version ===" 
find . -name ".nvmrc" -o -name ".node-version" | xargs cat 2>/dev/null || echo "Not found"

echo -e "\n=== Check CI/CD workflows ===" 
find . -path "*/.*github/workflows" -o -path "*/.gitlab-ci.yml" | head -10

echo -e "\n=== Look for Dockerfile Node base image ===" 
find . -name "Dockerfile*" | xargs grep -i "FROM.*node" 2>/dev/null | head -5

echo -e "\n=== Check package.json packageManager and Node version ===" 
cat package.json | grep -E "packageManager|engines|node" || echo "No explicit engine requirement"

echo -e "\n=== Check if there are other `@types/node` versions in workspace ===" 
find packages -name "package.json" | xargs grep "`@types/node`" | head -20

Repository: ProverCoderAI/docker-git

Length of output: 794

🏁 Script executed:

#!/bin/bash
# Search for actual Node.js usage and version clues
echo "=== Check for minimum Node.js version in code comments ===" 
rg "node.*20|node.*22|node.*24|Node.js.*2[0-9]" --max-count=10

echo -e "\n=== Check if this is a type definitions only package ===" 
cat packages/docker-git-session-sync/package.json | grep -E "\"main\"|\"types\"|\"exports\"" -A 1

Repository: ProverCoderAI/docker-git

Length of output: 4078

Версия @types/node 25.9.0 несовместима с целевыми версиями Node.js проекта.

Проект использует target: "node20" в vite конфигах и Docker образы с Node.js 24, но @types/node: ^25.9.0 соответствует Node.js 25.x (будущая версия). Версионирование @types/node напрямую следует за версиями Node.js: @types/node 20.x для Node.js 20, @types/node 24.x для Node.js 24.x и т.д.

Используйте:

  • @types/node: ^24.x если проект ориентирован на Node.js 24
  • @types/node: ^20.x если проект ориентирован на Node.js 20

Текущая версия вызовет несоответствия типов и проблемы при типизации.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/docker-git-session-sync/package.json` at line 41, The dependency
"`@types/node`": "^25.9.0" is incompatible with the project's Node targets (vite
target "node20" and Docker Node 24); update the package.json entry for
"`@types/node`" to a matching major for your runtime (use "^24.x" if the Docker
images run Node 24, or "^20.x" if you intend Node 20), then reinstall/update
lockfile (npm/yarn/pnpm) and ensure the vite config target and Docker base
images remain consistent with the chosen `@types/node` version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@skulidropek skulidropek Awaiting requested review from skulidropek

Assignees

@skulidropek skulidropek

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@skulidropek