refactor: bump minors package versions#7356
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request updates development and production dependencies to their latest minor/patch versions and removes the release-it package along with its configuration. However, the PR has a critical issue: it removes the release-it package but leaves all the npm scripts that depend on it, which will break the release workflow.
Changes:
- Updated multiple devDependencies including major version changes for commitlint (v17 → v20), and minor/patch updates for Babel, ESLint, Karma, Mocha, and others
- Updated production dependencies
follow-redirectsandform-datato newer patch versions - Removed
release-it,@release-it/conventional-changelogpackages and the entirerelease-itconfiguration block
![cubic-dev-ai[bot]](proxy.php?url=https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 2 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="package.json">
<violation number="1" location="package.json:168">
P2: This change lowers the minimum required follow-redirects version from ^1.15.11 to ^1.15.10, which regresses the dependency floor. If the goal is to bump minors, this should stay at the newer version to avoid allowing older releases.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="package.json">
<violation number="1" location="package.json:52">
P2: The new test:package script includes a bare "npm run" command, which fails because no script is specified. This will make test:package exit with an error instead of running the remaining tests.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name=".github/workflows/run-ci.yml">
<violation number="1" location=".github/workflows/run-ci.yml:38">
P2: Installing a specific package before `npm ci` mutates the lockfile and causes CI to test dependencies that don’t match the committed lockfile. This defeats reproducible installs and can mask dependency issues. Drop this install step (or revert to the cache-clear step) so `npm ci` uses the repo’s lockfile.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Description
This pull request updates several development and production dependencies in
package.jsonto their latest versions and removes the customrelease-itconfiguration block. These changes help keep the project up to date and simplify the release process configuration.Dependency version updates:
devDependenciesto their latest versions, including@babel/core,@commitlint/cli,body-parser,chalk,eslint,express,formidable,karma,mocha, and others inpackage.json.follow-redirectsandform-datato newer versions inpackage.json.Release process configuration:
release-itconfiguration block frompackage.json, which previously handled git, GitHub, npm publishing, plugins, and hooks for releases.Summary by cubic
Bumped minor versions across dev and runtime dependencies to stay current and pick up fixes. Removed release tooling, the old typings test, and CodeQL, adjusted CI installs for Node 14, and dropped Node 12 to stabilize builds.
Dependencies
Refactors
Written for commit e655589. Summary will update on new commits.