chore(deps): bump 5 Dependabot majors (commitlint x2, lint-staged, typescript, @types/node)#20
Merged
Merged
Conversation
Bundles three Dependabot major bumps that share a node-version floor and are dev-only (no runtime surface): - @commitlint/cli 19.8.1 -> 21.0.1 (#18) - @commitlint/config-conventional 19.8.1 -> 21.0.1 (#16) - lint-staged 15.5.2 -> 17.0.5 (#19) commitlint v21 and lint-staged v17 both require Node >= 22, with lint-staged v17 specifically requiring >= 22.22.1. Bump .nvmrc from 22.19.0 -> 22.22.1 to match. package.json engines already says ">=20" which is broader; left as-is. Drive-by: ignore .claude/** in eslint config so stale Claude Code worktree copies under .claude/worktrees/ don't pollute local lint runs. Holds for separate evaluation (not in this PR): - electron 41 -> 42 rejected per CLAUDE.md (MSVC + better-sqlite3) - @types/node 24 -> 25 skipped (runtime is Node 22 LTS) - typescript 5.9 -> 6.0 hold (strictness review) - eslint 9 -> 10 hold (flat config defaults review) - vite 7 -> 8 + plugin-react 5 -> 6 hold (electron-vite 5 compat) Verified locally: lint, typecheck, 95/95 vitest, build, 6/6 e2e.
Two more Dependabot majors that pass the full local gate after a small tsconfig migration: - typescript 5.9.3 -> 6.0.3 (#17) - @types/node 24.12.4 -> 25.8.0 (#15) TypeScript 6 errors on `baseUrl` ("deprecated, removed in TS 7"); both tsconfigs use it only as a path-mapping anchor. Removed `baseUrl` from tsconfig.node.json and tsconfig.web.json and prefixed `paths` entries with `./` so resolution stays relative to the tsconfig directory. No import-site changes needed (still `@shared/*`, `@main/*`, `@renderer/*`). @types/node 25 against Node 22.22.1 runtime: typecheck stays clean because no Node-25-only globals are referenced. Will revisit when Node 26 LTS lands and runtime catches up. Still held back (peer-dep walls): - electron 41 -> 42 @electron/rebuild can't find a better-sqlite3 12.10.x prebuild for ABI 147 -> falls through to node-gyp -> MSVC compile fails. Stay on 41 per CLAUDE.md. - eslint 9 -> 10 eslint-plugin-react@7.37.5 latest peer caps at eslint ^9.7. Blocked until v8 of the plugin ships. - vite 7 -> 8 + plugin-react 5 -> 6 electron-vite@5.0.0 peer caps at vite ^7. electron-vite@6 is still beta. Wait for stable. Verified locally: lint, typecheck (node + web), 95/95 vitest, build (main 75kB, preload 4kB, renderer 896kB), 6/6 e2e.
hoangsnowy
changed the title
CI lockfile-check runs `npm install --package-lock-only` on ubuntu, which captures all platform-specific optional subtrees. A full `npm install` on Windows strips the linux-only @tailwindcss/oxide-wasm32-wasi bundled-dep subtree, so the lock drifts and lockfile-check fails. This commit just re-resolves the lock via the same command CI uses, no package.json change. 45 lines re-added (4 bundled deps under @tailwindcss/oxide-wasm32-wasi: @emnapi/wasi-threads, @napi-rs/wasm-runtime, @tybys/wasm-util, tslib).
CI lockfile-check runs `npm install --package-lock-only` on ubuntu and expects @emnapi/core + @emnapi/runtime to be tagged `peer: true`. npm on Windows omits that marker even with the same command + same npm 11.6.2 pin. Regenerated via the same command inside node:22.22.1-bookworm to match CI exactly. This is a no-op for the actual installed dep tree; only the lockfile metadata changes.
Windows `npm install` produces a lockfile that drifts from what CI ubuntu generates, even with the same pinned npm 11.6.2. Documents the two known divergences (@tailwindcss/oxide-wasm32-wasi bundled subtree and "peer": true marker on @emnapi/core + @emnapi/runtime) and gives the Docker one-liner to regen the lock against node:22.22.1-bookworm so the lockfile-check job in CI stays green.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bundles 5 Dependabot major bumps that pass the full local gate, plus the small migration each one needed:
@commitlint/cli19.8.1 → 21.0.1@commitlint/config-conventional19.8.1 → 21.0.1lint-staged15.5.2 → 17.0.5.nvmrcto matchtypescript5.9.3 → 6.0.3@types/node24.12.4 → 25.8.0Migrations included
.nvmrc22.19.0→22.22.1for lint-staged 17.package.jsonengines.nodestays at>=20.tsconfig.{node,web}.jsonremovedbaseUrl(TS 6 deprecates it for removal in TS 7) and prefixed eachpathsentry with./so module resolution stays relative to the tsconfig directory. No import-site changes (@shared/*,@main/*,@renderer/*still work).eslint.config.mjsadded.claude/**to ignores so stale Claude Code worktree copies under.claude/worktrees/don't pollute local lint runs.Held back (peer-dependency walls — separate work needed)
@electron/rebuildcan't find a better-sqlite3 12.10.x prebuild for ABI 147 → falls through to node-gyp → MSVC compile fails. PerCLAUDE.md, stay on 41.@dependabot ignore this major versionalready commented on #12.eslint-plugin-react@7.37.5(latest) peer caps ateslint ^9.7. Blocked until plugin v8 ships.electron-vite@5.0.0peer caps atvite ^7.electron-vite@6is still beta. Wait for stable.Test plan
npm installclean (0 vuln, 1139 pkgs)npm run lint -- --max-warnings 0npm run typecheck(node + web, TS 6 with new tsconfigs)npm test— 95/95 pass, 14 filesnpm run build— main 75 kB, preload 4 kB, renderer 896 kBnpm run test:e2e— 6/6 pass