Dxp 117 dependency dashboard

[epsjunior]

What

• Updated multiple development dependencies to their latest major versions:
  • @release-it/conventional-changelog from ^8.0.2 to ^10.0.0
  • @types/jest from ^29.5.13 to ^30.0.0
  • eslint from ^8.57.0 to ^9.0.0
  • eslint-config-prettier from ^9.1.0 to ^10.0.0
  • eslint-import-resolver-typescript from ^3.6.3 to ^4.0.0
  • release-it from ^17.6.0 to ^19.0.0
  • vitest from ^2.1.1 to ^3.0.0
• Updated GitHub Actions in publish workflow:
  • tibdex/github-app-token from v1 to v2
  • Node.js version from 18 to 22
• Migrated ESLint configuration from v8 to v9 format:
  • Created new eslint.config.js using the flat config format (replacing .eslintrc.cjs)
  • Migrated all existing rules and settings to the new format
  • Updated globals configuration using the globals package
  • Added separate configurations for TypeScript files and test files
  • Integrated ignore patterns from .eslintignore into the new config
  • Removed deprecated .eslintrc.cjs and .eslintignore files
• Fixed TransactionResult enum in src/types/transactions.ts by consolidating duplicate definitions
• Updated package-lock.json to reflect all dependency changes

Why

• To keep dependencies up-to-date and secure by applying Renovate's automated dependency updates
• To consolidate multiple individual dependency update PRs into a single manageable update
• To ensure compatibility with newer versions of development tools and maintain code quality standards
• To improve CI/CD pipeline by using the latest GitHub Actions and Node.js version
• To maintain ESLint functionality after the major version update, as ESLint v9 introduced breaking changes requiring migration from .eslintrc.* files to the new flat config format

Testing done

• Verified that package-lock.json was properly updated with all dependency changes
• Ensured all merge conflicts were resolved during the consolidation process
• Confirmed that the branch builds successfully with the updated dependencies
• Verified ESLint configuration works correctly:
  • Fixed all 42+ global variable errors by properly configuring globals for Node.js, browser, ES2021, Jest, and Vitest environments
  • Resolved enum redeclaration issues in TypeScript files
  • Confirmed linting passes without errors or warnings
  • Ensured all existing ESLint rules and settings are preserved in the new format

Decisions made

• Decided to consolidate all pending Renovate updates into a single PR rather than managing multiple individual dependency update PRs
• Chose to update Node.js to version 22 in the CI pipeline to align with the latest LTS version
• Maintained existing dependency ranges (using ^) to allow for future patch and minor updates
• Chose to migrate to ESLint v9 flat config format rather than downgrading ESLint version, ensuring future compatibility
• Decided to consolidate duplicate TransactionResult enum definitions rather than creating separate enums

Checks

• I have tested this code
• I have reviewed my own PR
• I have created an issue for this PR
• I have set a descriptive PR title compliant with conventional commits

Reviewing tips

• This is a dependency update PR that consolidates multiple Renovate updates
• Most changes are version bumps in package.json and corresponding package-lock.json updates
• The GitHub workflow changes are minimal but important for maintaining CI/CD compatibility
• The ESLint migration from v8 to v9 required significant configuration changes due to the new flat config format - the new eslint.config.js replaces the old .eslintrc.cjs and .eslintignore files
• Pay attention to the TransactionResult enum consolidation in src/types/transactions.ts - duplicate definitions were merged
• All changes follow Renovate's automated suggestions and have been conflict-resolved

User facing release notes

Updated development dependencies to their latest versions, improving security and maintaining compatibility with modern tooling. Migrated ESLint configuration to the new v9 format for better future compatibility. This is an internal maintenance update with no breaking changes to the public API.

<!-- This is an auto-generated comment: release notes by coderabbit.ai -->
## Summary by CodeRabbit

* **Chores**
  * Updated development dependencies and GitHub Actions workflow to use newer versions and Node.js 22.
  * Added a new ESLint configuration file and removed legacy ESLint config files.
  * Removed the `.eslintignore` file; ignore patterns are now managed in the new ESLint config.

* **Refactor**
  * Consolidated transaction result statuses into a single enum, streamlining status management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

[coderabbitai]

Walkthrough

The changes update the GitHub Actions workflow to use newer versions of key actions and Node.js, upgrade several development dependencies in package.json to their latest major versions, remove the old ESLint configuration and ignore file, and introduce a new ESLint configuration file with tailored rules for JavaScript, TypeScript, and test files. Additionally, a standalone transaction-related enum is removed, consolidating transaction result statuses.

Changes

Files/Paths	Change Summary
.github/workflows/publish.yml	Updated workflow: upgraded tibdex/github-app-token and actions/setup-node actions, set Node.js to v22.
package.json	Upgraded devDependencies: major version bumps for release, linting, changelog, and testing tools; added globals.
.eslintignore, .eslintrc.cjs	Removed old ESLint ignore file and comprehensive ESLint config.
eslint.config.js	Added new ESLint configuration with multiple configs for JS, TS, and test files, including tailored rules.
src/types/transactions.ts	Removed standalone TransactionResult enum with SUCCESS and FAILURE members; consolidated statuses.

Possibly related issues

• Dependency Dashboard #57: Updates to GitHub Actions workflow versions and devDependencies directly correspond to this issue's objectives.

Poem

🐇✨
Hopping through the fields of code,
Upgrades bloom along my road.
Node and actions, fresh and new,
Dev dependencies get a tune-up too.
With every leap, the garden grows—
Release and test, the bunny knows!
🌱💻

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6319e76 and 88e609d.

📒 Files selected for processing (1)

• src/types/transactions.ts (0 hunks)

💤 Files with no reviewable changes (1)

• src/types/transactions.ts

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.github/workflows/publish.yml (1)

25-28: Pin Node with a minor wildcard and enable npm cache for faster jobs.

1. Use 22.x instead of plain "22" so you automatically get the latest security-patch release:

-          node-version: "22"
+          node-version: "22.x"

2. While you are touching this, consider turning on the built-in npm cache:

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22.x'
          cache: 'npm'

This typically cuts ~30-50 % off the install step.

package.json (1)

34-35: Stale Jest typings detected.

@types/jest bumped to 30 but the project does not list jest itself and uses Vitest for testing.
If nothing in the source actually relies on Jest globals, drop the dependency to speed up install and avoid type pollution.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fea59a1 and 2901acb.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• .github/workflows/publish.yml (2 hunks)
• package.json (1 hunks)

🔇 Additional comments (1)

.github/workflows/publish.yml (1)

14-18: Confirm v2 inputs/outputs of tibdex/github-app-token.

v2 is a breaking-change release; some input names and the output key have changed in previous major bumps.
Please double-check that:

• app_id / private_key are still the expected input names.
• the output is still exposed as token, because the next step uses
  ${{ steps.ci_bot_token.outputs.token }}.

A silent change here will break the whole pipeline at runtime.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

eslint.config.js (3)

68-84: Consider re-enabling some TypeScript rules for better code quality.

Many important TypeScript rules are disabled, which reduces type safety and code quality:

• @typescript-eslint/no-explicit-any allows any types
• @typescript-eslint/no-non-null-assertion allows non-null assertions (!)
• @typescript-eslint/ban-ts-comment allows @ts-ignore comments

While this might be necessary for legacy code compatibility, consider gradually re-enabling these rules to improve type safety.

---

93-141: Reduce code duplication between TypeScript and test configurations.

The test configuration (lines 93-141) duplicates most of the TypeScript configuration (lines 44-91). Consider extracting the common configuration to reduce duplication.

+const commonTypeScriptConfig = {
+  languageOptions: {
+    parser: typescriptParser,
+    parserOptions: {
+      project: ['./tsconfig.json'],
+      sourceType: 'module',
+    },
+    globals: {
+      ...globals.node,
+      ...globals.browser,
+      ...globals.es2021,
+      ...globals.jest,
+    },
+  },
+  plugins: {
+    '@typescript-eslint': typescript,
+    import: importPlugin,
+  },
+  rules: {
+    ...js.configs.recommended.rules,
+    ...typescript.configs.recommended.rules,
+    ...prettierConfig.rules,
+    // ... other rules
+  },
+  settings: {
+    'import/resolver': {
+      typescript: {},
+    },
+  },
+};

{
  files: ['**/*.ts'],
- languageOptions: { /* ... */ },
- plugins: { /* ... */ },
- rules: { /* ... */ },
- settings: { /* ... */ },
+ ...commonTypeScriptConfig,
},

{
  files: ['**/*.test.ts', '**/*.test-d.ts', 'tests/**/*'],
+ ...commonTypeScriptConfig,
+ languageOptions: {
+   ...commonTypeScriptConfig.languageOptions,
+   globals: {
+     ...commonTypeScriptConfig.languageOptions.globals,
+     ...globals.vitest,
+   },
+ },
},

---

10-19: Review the specificity of ignore patterns.

Some ignore patterns seem overly specific (e.g., commitLint.config.ts on line 17). Consider if these are necessary or if more general patterns would suffice.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2901acb and 6319e76.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (5)

• .eslintignore (0 hunks)
• .eslintrc.cjs (0 hunks)
• eslint.config.js (1 hunks)
• package.json (1 hunks)
• src/types/transactions.ts (1 hunks)

💤 Files with no reviewable changes (2)

• .eslintignore
• .eslintrc.cjs

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json