Update non-major dependencies #38
Conversation
|
The CI workflows have been updated to use the latest actions/checkout release, and development dependencies in both the PR summary and PR review packages have been bumped to address minor fixes and compatibility improvements. Walkthrough
Model: o4-mini | Prompt Tokens: 1500 | Completion Tokens: 461 |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Your code review with AI support offers friendly suggestions. These ideas come from patterns, not certainties, so choose what aligns with your needs. You remain in control, and AI is simply here to help.
Model: o4-mini | Prompt Tokens: 2277 | Completion Tokens: 2197
| - name: Checkout source branch | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | ||
| with: | ||
| ref: ${{ env.SOURCE_BRANCH }} | ||
| path: source-folder |
There was a problem hiding this comment.
You have several repeated checkout steps pinned to a specific commit SHA (08eba0b27…). This pattern appears multiple times for both source and release branches. Consider refactoring this repetition by extracting a reusable workflow or using YAML anchors/aliases to DRY up the file and make future maintenance easier.
Also, instead of pinning to a full SHA, use a version tag like actions/checkout@v4. That way you get backward-compatible updates automatically and avoid manual bumps for every minor or patch release. For example:
uses: actions/checkout@v4
with:
ref: ${{ env.SOURCE_BRANCH }}
path: source-folder| pull-requests: write | ||
| steps: | ||
| - name: Checkout release branch | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | ||
| with: | ||
| ref: ${{ env.RELEASE_BRANCH }} | ||
| - name: Run the AI-assisted action (PR Summary) |
There was a problem hiding this comment.
This checkout-release block is duplicated in multiple jobs. Apply the same DRY principle here by using a composite action or YAML anchor to reduce duplication. And again, pin to actions/checkout@v4 instead of a specific commit SHA.
| - name: Checkout source branch | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 |
There was a problem hiding this comment.
This checkout step is pinned to a SHA. To simplify your workflow and reduce maintenance, pin to the major version tag (e.g., actions/checkout@v4) so that minor/patch updates are automatically adopted without changing the SHA manually.
| "@eslint/js": "9.33.0", | ||
| "@types/node": "22.17.1", | ||
| "@types/node": "22.17.2", | ||
| "@vercel/ncc": "0.38.3", |
There was a problem hiding this comment.
The dependency @types/node is pinned to an exact version (22.17.2). To allow backward-compatible patch updates without manual bumps, use a semver range like:
"@types/node": "^22.17.2"| "eslint-plugin-unicorn": "60.0.0", | ||
| "prettier": "3.6.2", | ||
| "tsx": "4.20.3", | ||
| "tsx": "4.20.4", |
There was a problem hiding this comment.
The tsx devDependency is pinned exactly (4.20.4). Apply a semver range ("^4.20.4") to automatically receive patch fixes and minimize manual version updates.
| "tsx": "4.20.4", | ||
| "typescript": "5.9.2", | ||
| "typescript-eslint": "8.39.0", | ||
| "typescript-eslint": "8.39.1", |
There was a problem hiding this comment.
Similarly, for typescript-eslint, use a semver range such as:
"typescript-eslint": "^8.39.1"This ensures future patch-level fixes are pulled in automatically.
| "@eslint/js": "9.33.0", | ||
| "@types/node": "22.17.1", | ||
| "@types/node": "22.17.2", | ||
| "@vercel/ncc": "0.38.3", |
There was a problem hiding this comment.
Versions of shared devDependencies (@types/node, tsx, typescript-eslint, etc.) should stay in sync between the pr-summary and pr-review packages. Consider centralizing shared config or adding a validation script to alert you when they diverge.
This PR contains the following updates:
22.17.1->22.17.2v4.2.2->v4.3.04.20.3->4.20.48.39.0->8.39.1Release Notes
actions/checkout (actions/checkout)
v4.3.0Compare Source
What's Changed
New Contributors
Full Changelog: actions/checkout@v4...v4.3.0
privatenumber/tsx (tsx)
v4.20.4Compare Source
typescript-eslint/typescript-eslint (typescript-eslint)
v8.39.1Compare Source
🩹 Fixes
file://urls in stack trace when inferringtsconfigRootDir(#11464)❤️ Thank You
You can read about our versioning strategy and releases on our website.
Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.