Update dev dependencies #119
Description
Goal
Update all outdated devDependencies to their latest major versions and perform the necessary configuration migrations to keep the project maintainable and secure.
Problem
Most devDependencies are multiple major versions behind and some introduce security vulnerabilities:
| Package | Current | Latest |
|---|---|---|
eslint |
^6.8.0 |
^10.0.3 |
husky |
^4.2.3 |
^9.1.7 |
jasmine-node |
^1.16.0 |
^3.0.0 (CVEs, see below) |
lint-staged |
^10.0.8 |
^16.3.2 |
postcss |
^8.0.0 |
^8.5.8 |
prettier |
^1.19.1 |
^3.8.1 |
Additionally, the CI workflow tests against Node.js 8, 10, and 12 — all of which are End-of-Life.
Plan
Replace jasmine-node with jasmine
jasmine-node@3 (the latest version) has unresolvable critical CVEs in its transitive dependencies (underscore, minimatch). Migrate to the official jasmine package, which is the actively maintained successor and a drop-in replacement for this test suite.
Migrate ESLint to flat config
ESLint v9+ dropped support for the legacy .eslintrc.* format:
- Delete
.eslintrc.jsandexample/.eslintrc.js - Create
eslint.config.jswith equivalent rules
Migrate Husky to v9
Husky v5+ dropped the package.json-based hooks format:
- Remove
husky.hooksblock frompackage.json - Add
"prepare": "husky"script topackage.json - Create
.husky/pre-commitshell script
Update CI workflow
- Update Node.js matrix from
[8.x, 10.x, 12.x]to[18.x, 20.x, 22.x] - Bump
actions/checkout@v2→v4andactions/setup-node@v1→v4 - Replace
npm installwithnpm cifor reproducible installs - Add
cache: 'npm'to speed up CI runs
Fix stale test assertion
The test "should remain unitless if 0" was never updated after commit a90b209 changed how zero values are handled. Correct the expected value (0px → 0rem).