Merged
Conversation
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.4.2 to 28.11.0. - [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases) - [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md) - [Commits](jest-community/eslint-plugin-jest@v27.4.2...v28.11.0) --- updated-dependencies: - dependency-name: eslint-plugin-jest dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.7.5 to 6.21.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.21.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.2.0 to 4.4.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@1d0ff46...49933ea) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>
Bumps [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) from 17.8.0 to 19.8.1. - [Release notes](https://github.com/conventional-changelog/commitlint/releases) - [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md) - [Commits](https://github.com/conventional-changelog/commitlint/commits/v19.8.1/@commitlint/config-conventional) --- updated-dependencies: - dependency-name: "@commitlint/config-conventional" dependency-version: 19.8.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.3.3 to 4.7.1. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@72eb03d...da24556) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.7.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.4 to 5.4.3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@eaaf4be...18283e0) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.4.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.10 to 3.28.18. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@23acc5c...ff0a06e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.18 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>
Bumps [SonarSource/sonarcloud-github-action](https://github.com/sonarsource/sonarcloud-github-action) from 5ee47de3c96f0c1c51b09d2ff1fec0cfeefcf67c to 13a24e453e2e6262f3bb0c5fa8241031e637a028. - [Release notes](https://github.com/sonarsource/sonarcloud-github-action/releases) - [Commits](SonarSource/sonarcloud-github-action@5ee47de...13a24e4) --- updated-dependencies: - dependency-name: SonarSource/sonarcloud-github-action dependency-version: 13a24e453e2e6262f3bb0c5fa8241031e637a028 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.dev>
Signed-off-by: Sam Gammon <sam@elide.dev>
Signed-off-by: Sam Gammon <sam@elide.dev>
There was a problem hiding this comment.
Pull Request Overview
Applies pending Dependabot updates and runs pnpm update to keep dependencies and CI actions current.
- Bumps project dependencies and devDependencies in
package.jsonto newer versions. - Updates various GitHub Actions in workflow YAML files to the latest revisions.
Reviewed Changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Updated dependency and devDependency versions (commitlint, ESLint, TypeScript, actions, etc.) |
| .github/workflows/scorecards.yml | Upgraded github/codeql-action/upload-sarif to v3.28.18 |
| .github/workflows/dependency-review.yml | Updated actions/dependency-review-action to v4.7.1 |
| .github/workflows/codeql-analysis.yml | Upgraded CodeQL actions (init, autobuild, analyze) to v3.28.18 |
| .github/workflows/ci.yml | Updated actions/setup-node, SonarCloud action, and codecov-action to newer versions |
| .github/workflows/check-dist.yml | Updated actions/setup-node to v4.4.0 |
Comments suppressed due to low confidence (3)
package.json:40
- [nitpick] Major version bumps for commitlint core and its conventional config may introduce breaking changes; ensure your commitlint configuration file is updated and validated against v19 syntax.
"@commitlint/cli": "19.8.1",
package.json:45
- [nitpick] Updating ESLint plugin and parser from v6 to v8 may include deprecated rule changes; verify your ESLint configuration and CI linting passes with these new versions.
"@typescript-eslint/eslint-plugin": "8.32.1",
.github/workflows/ci.yml:72
- The Codecov action major version bump from v3 to v5 may change supported inputs and environment variables; ensure the workflow syntax is updated to match v5 requirements.
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
Signed-off-by: Sam Gammon <sam@elide.dev>
Signed-off-by: Sam Gammon <sam@elide.dev>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #153 +/- ##
==========================================
+ Coverage 93.22% 93.78% +0.56%
==========================================
Files 7 7
Lines 177 177
Branches 20 20
==========================================
+ Hits 165 166 +1
+ Misses 11 10 -1
Partials 1 1 🚀 New features to boost your workflow:
|
Dario Valdespino (darvld)
approved these changes
May 21, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Applies pending Dependabot updates, plus a pnpm update run.