Skip to content

Bump dev dependencies and fix audit vulnerabilities#168

Merged
Kamirus merged 2 commits intomainfrom
chore/bump-deps
Mar 28, 2026
Merged

Bump dev dependencies and fix audit vulnerabilities#168
Kamirus merged 2 commits intomainfrom
chore/bump-deps

Conversation

@Kamirus
Copy link
Copy Markdown
Collaborator

@Kamirus Kamirus commented Mar 27, 2026

Summary

  • TypeScript 4 → 5, Jest 28 → 29, Prettier 2 → 3, Husky 8 → 9
  • lint-staged 13 → 15, ts-jest 28 → 29, @types/node 18 → 22
  • Bumped size-limit presets, debug, sanitize-filename, @wasmer/wasi, ts-node
  • Fixed 3 npm audit vulnerabilities (brace-expansion, picomatch, yaml)
  • Removed unused cross-env and eslint-config-prettier
  • Added rimraf as explicit dev dependency (was implicitly available via npm-run-all)
  • Migrated Husky config to v9 format (simplified .husky/pre-commit, updated prepare script)
  • Applied Prettier 3 formatting to 3 files (line-break changes only)

Intentionally not bumped

Package Current Latest Reason
cross-fetch 3.1.5 4.1.0 Production dep, breaking API — separate PR
@dfinity/pic 0.13.1 0.21.0 Domain-specific, major jump
jest 29 30 30 is very new, 29 is proven
typescript 5 6 6 just released, 5.x is stable
size-limit 11 12 Blocked by preset peer dep requiring ^11

Test plan

  • npm run build passes with TypeScript 5
  • All 40 tests pass with Jest 29
  • npm audit reports 0 vulnerabilities
  • CI passes on Node.js 22.x and 24.x

Made with Cursor

@Kamirus
Bump dev dependencies and fix audit vulnerabilities
1f92980 
- TypeScript 4 → 5, Jest 28 → 29, Prettier 2 → 3, Husky 8 → 9
- Bump lint-staged, ts-jest, size-limit presets, @types/node, and others
- Fix 3 npm audit vulnerabilities (brace-expansion, picomatch, yaml)
- Remove unused cross-env and eslint-config-prettier
- Add rimraf as explicit dev dependency (was implicit via npm-run-all)
- Migrate Husky config to v9 format
- Apply Prettier 3 formatting to affected files

Made-with: Cursor
@Kamirus Kamirus requested a review from a team as a code owner March 27, 2026 16:57
@Kamirus Kamirus enabled auto-merge (squash) March 28, 2026 15:46
@Kamirus Kamirus merged commit 5084790 into main Mar 28, 2026
6 checks passed
@Kamirus Kamirus deleted the chore/bump-deps branch March 28, 2026 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@rvanasa rvanasa rvanasa approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Kamirus @rvanasa