Upgrade deps and modernize eslint usage

[markstos]

• deps: upgrade axios
• chore: modernize eslint usage and resolving linting issues.

Summary by CodeRabbit

• Chores
  • Updated axios dependency to version 1.13.5 for enhanced performance and bug fixes.
  • Modernized development tooling including ESLint configuration for better code quality.
  • Refactored internal code and removed obsolete lint directives for improved maintainability.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR migrates to ESLint's new flat config format (eslint.config.mjs), updates ESLint from v8 to v10, removes obsolete ESLint directive comments throughout the codebase, refactors affected code for compatibility, and updates dependencies including axios and mocha.

Changes

Cohort / File(s)	Summary
ESLint Configuration eslint.config.mjs, package.json	Introduces new flat config file (eslint.config.mjs) with recommended JS rules and custom globals/rules. Updates ESLint to v10.0.1, removes legacy ESLint plugins (standard, import, node, promise), and adds @eslint/js and globals packages.
Dependency Updates package.json	Updates axios from ^1.12.2 to 1.13.5; mocha from 11.7.4 to ^11.7.5.
ESLint Directive Removals index.js, lib/httpClient.js, lib/rateLimiting.js	Removes inline ESLint disable comments (eslint-disable-next-line) that are no longer needed under the new configuration.
Code Refactoring lib/authenticator.js, lib/uploads.js, test/athletes.js, test/pushSubscriptions.js	Modernizes error handling with bare catch syntax; simplifies control flow in \_uploadIsDone function to return directly from switch cases; updates property checks to use Object.prototype.hasOwnProperty.call(); removes unused parameters from nock reply handlers.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• node-strava/node-strava-v3#176: Modifies lib/uploads.js \_uploadIsDone function with related refactoring logic.

Poem

🐰 Flat configs bloom where standards grew,
ESLint ten makes old rules new,
Comments trimmed, logic flows clear,
Dependencies fresh, no linting fear!
Hop, skip, jump—configs take flight! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main changes: upgrading dependencies and modernizing ESLint usage, which aligns with the actual changeset modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch deps-and-eslint

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

package.json (2)

53-62: ⚠️ Potential issue | 🟡 Minor

Remove the stale eslintConfig block — it's dead config.

The eslintrc config system has been completely removed in ESLint v10.0.0. That means "eslintConfig" in package.json is silently ignored by ESLint v10. Additionally, eslint-config-standard was removed from devDependencies in this PR, so the "extends": "standard" inside this block references an uninstalled package. Leaving it here will mislead anyone reading the configuration.

🗑️ Proposed fix — remove the dead section

-  "eslintConfig": {
-    "extends": "standard",
-    "env": {
-      "mocha": true,
-      "node": true
-    },
-    "rules": {
-      "no-return-await": "off"
-    }
-  },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 53 - 62, Remove the stale eslintConfig block from
package.json: delete the entire "eslintConfig" object (including "extends":
"standard", the "env" and "rules" entries) so the package.json no longer
contains dead ESLint configuration that is ignored by ESLint v10 and references
an uninstalled eslint-config-standard.

---

63-65: ⚠️ Potential issue | 🟠 Major

engines.node is incompatible with ESLint v10's Node.js requirement.

ESLint v10 requires Node.js (^20.19.0, ^22.13.0, or >=24) built with SSL support. The current engines field (>=20.0.0) permits Node 20.0.0–20.18.x, on which ESLint v10 will refuse to install, breaking npm test and npm run lint for those developers. The engines field should be tightened to match.

🔧 Proposed fix

-    "node": ">=20.0.0"
+    "node": "^20.19.0 || ^22.13.0 || >=24"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 63 - 65, Update the package.json "engines" node
semver to match ESLint v10's supported Node versions: replace the current
"engines": { "node": ">=20.0.0" } with a range that excludes Node
20.0.0–20.18.x, e.g. set the "node" value to ">=20.19.0 <21 || >=22.13.0 <23 ||
>=24.0.0" so ESLint v10 can install reliably; modify the "engines" -> "node"
string accordingly.

🧹 Nitpick comments (1)

eslint.config.mjs (1)

14-16: "no-return-await": "off" is redundant — the rule is deprecated.

The no-return-await rule was deprecated in ESLint v8.46.0 and there is no replacement rule. It is also not enabled by js.configs.recommended, so this "off" entry has no effect. It can be safely removed.

♻️ Suggested cleanup

-        rules: {
-            "no-return-await": "off",
-        },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@eslint.config.mjs` around lines 14 - 16, Remove the redundant
"no-return-await" property from the rules object in eslint.config.mjs (the rules
block that currently contains "no-return-await": "off"); simply delete that
key/value entry and adjust commas/formatting so the rules object remains valid
JSON/JS syntax.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 32: The package.json dependency for axios is pinned to an exact version
("axios": "1.13.5"); change it to a caret semver range (e.g. "axios": "^1.13.5")
so consumers can benefit from compatible minor/patch updates; update the
lockfile by running your package manager (npm install or yarn install)
afterwards to persist the change.

---

Outside diff comments:
In `@package.json`:
- Around line 53-62: Remove the stale eslintConfig block from package.json:
delete the entire "eslintConfig" object (including "extends": "standard", the
"env" and "rules" entries) so the package.json no longer contains dead ESLint
configuration that is ignored by ESLint v10 and references an uninstalled
eslint-config-standard.
- Around line 63-65: Update the package.json "engines" node semver to match
ESLint v10's supported Node versions: replace the current "engines": { "node":
">=20.0.0" } with a range that excludes Node 20.0.0–20.18.x, e.g. set the "node"
value to ">=20.19.0 <21 || >=22.13.0 <23 || >=24.0.0" so ESLint v10 can install
reliably; modify the "engines" -> "node" string accordingly.

---

Nitpick comments:
In `@eslint.config.mjs`:
- Around line 14-16: Remove the redundant "no-return-await" property from the
rules object in eslint.config.mjs (the rules block that currently contains
"no-return-await": "off"); simply delete that key/value entry and adjust
commas/formatting so the rules object remains valid JSON/JS syntax.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

axios should use a semver range, not an exact pin, for a library package.

The runtime dependency changed from "^1.12.2" to "1.13.5" (exact pin). For a published library, an exact version pin in dependencies forces every consumer to install that exact version, breaking npm's deduplication and preventing automatic uptake of security patches (e.g., a future 1.13.6). Revert to a caret range.

🔧 Proposed fix

-    "axios": "1.13.5",
+    "axios": "^1.13.5",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"axios": "1.13.5",
	"axios": "^1.13.5",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 32, The package.json dependency for axios is pinned to
an exact version ("axios": "1.13.5"); change it to a caret semver range (e.g.
"axios": "^1.13.5") so consumers can benefit from compatible minor/patch
updates; update the lockfile by running your package manager (npm install or
yarn install) afterwards to persist the change.