Conversation
Upgrade all dependencies and move to ESLint 10
|
||||||||||||||
There was a problem hiding this comment.
Pull request overview
Updates JavaScript/TypeScript tooling and rebuilds the packaged dist/ artifacts for the GitHub Action, primarily by bumping dependency versions in package.json/package-lock.json.
Changes:
- Bump
semverand multiple dev toolchain packages (ESLint, TypeScript-ESLint, Node types, globals). - Regenerate
dist/index.jsanddist/licenses.txtbased on the updated dependency graph. - Add
.npmrcto force npm to ignore peer dependency conflicts during install.
Reviewed changes
Copilot reviewed 2 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Dependency/devDependency version bumps (notably ESLint major upgrade). |
| package-lock.json | Lockfile regeneration reflecting updated dependency tree. |
| dist/index.js | Rebuilt bundled action output via ncc (module IDs/externals changed; includes minor comment text fixes). |
| dist/licenses.txt | Updated third-party license aggregation after rebuild. |
| .npmrc | Adds legacy-peer-deps=true impacting installation behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "eslint": "^10.0.2", | ||
| "eslint-import-resolver-typescript": "^4.4.4", | ||
| "eslint-plugin-github": "^6.0.0", | ||
| "eslint-plugin-import": "^2.32.0", |
There was a problem hiding this comment.
eslint-plugin-github@6.0.0 declares a peer dependency of eslint as ^8 || ^9 (see package-lock.json around the eslint-plugin-github entry). This PR bumps eslint to ^10.0.2 and then adds legacy-peer-deps=true to force installation anyway, which risks broken linting/runtime errors and makes installs non-deterministic across npm versions. Please either upgrade eslint-plugin-github (and any other plugins) to versions that support ESLint v10, or keep ESLint on a supported major version, and remove the legacy-peer-deps workaround.
| "@types/node": "^25.1.0", | ||
| "@eslint/eslintrc": "^3.3.4", | ||
| "@eslint/js": "^10.0.1", | ||
| "@types/eslint-scope": "^9.1.0", |
There was a problem hiding this comment.
@types/eslint-scope is a deprecated stub package (eslint-scope ships its own types). Adding it as a direct devDependency is likely unnecessary and can cause confusing/incorrect type resolution. Please remove this dependency unless you have a concrete TypeScript error that requires it, and prefer relying on the types bundled with eslint-scope/ESLint.
| "@types/eslint-scope": "^9.1.0", |
| @@ -0,0 +1 @@ | |||
| legacy-peer-deps=true | |||
There was a problem hiding this comment.
Setting legacy-peer-deps=true makes npm ignore peer dependency conflicts (and can mask real dependency incompatibilities). In this PR it appears to be used to bypass an ESLint v10 peer-dependency mismatch, which is better fixed by aligning package versions. Please remove this and resolve the underlying peer dependency issues instead.
| legacy-peer-deps=true | |
| ; .npmrc intentionally left without legacy-peer-deps overrides |
No description provided.