chore: bump all (dev)Dependencies

[JounQin]

close #113

Important

Bump dependencies and add default exports to native bindings for improved module import handling.

• New Features:
  • Added default exports to native bindings in napi/index.js, napi/resolver.wasi-browser.js, and napi/resolver.wasi.cjs.
• Dependency Updates:
  • Updated libmimalloc-sys2 to 0.1.48, mimalloc-safe to 0.1.52, and napi to 3.0.0-beta.2 in Cargo.lock.
  • Updated pnp to 0.9.4 in Cargo.toml and Cargo.lock.
  • Updated @napi-rs/wasm-runtime to ^0.2.10 and @types/node to ^22.15.21 in package.json.
• Style:
  • Minor code formatting adjustments in napi/index.js and napi/resolver.wasi.cjs.

^{This description was created by for 4a90e39. You can customize this summary. It will automatically update as commits are pushed.}

---

Summary by CodeRabbit

• New Features

  • Added default exports to native modules, allowing direct import of the entire native binding in JavaScript and WASI environments.

• Chores

  • Updated several dependencies to their latest versions for improved stability and compatibility.
  • Refreshed GitHub Actions workflow to use the latest version of a setup action.

[coderabbitai]

Warning

Rate limit exceeded

@JounQin has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 17 minutes and 14 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between b0cbf31 and 4a90e39.

⛔ Files ignored due to path filters (2)

• Cargo.lock is excluded by !**/*.lock
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (7)

• .github/workflows/zizmor.yml (1 hunks)
• Cargo.toml (1 hunks)
• napi/Cargo.toml (1 hunks)
• napi/index.js (2 hunks)
• napi/resolver.wasi-browser.js (2 hunks)
• napi/resolver.wasi.cjs (2 hunks)
• package.json (1 hunks)

Walkthrough

This update revises dependency versions in Rust and JavaScript project files, including Cargo.toml, napi/Cargo.toml, and package.json. It also modifies module export patterns in several JavaScript files to introduce or clarify default exports, particularly for native bindings and WASI modules, without altering public APIs or functionality.

Changes

File(s)	Change Summary
Cargo.toml	Updated optional pnp dependency from version 0.9.3 to 0.9.4.
napi/Cargo.toml	Upgraded napi, napi-derive to 3.0.0-beta.2; mimalloc-safe to 0.1.52; napi-build to 2.2.0.
package.json	Updated devDependencies: @napi-rs/wasm-runtime, @types/node, and vitest to newer versions.
napi/index.js	Added module.exports = nativeBinding for default export; removed a trailing semicolon.
napi/resolver.wasi-browser.js	Reordered imports; added export default __napiModule.exports.
napi/resolver.wasi.cjs	Swapped import destructuring order; set module.exports = __napiModule.exports as default export; retained named exports.

Sequence Diagram(s)

sequenceDiagram
    participant JS_Module as JavaScript Module
    participant Native_Binding as Native Binding
    participant Exports as Module Exports

    JS_Module->>Native_Binding: Load native binding
    Native_Binding-->>JS_Module: Return nativeBinding object
    JS_Module->>Exports: Assign module.exports = nativeBinding
    JS_Module->>Exports: Export named properties (ResolverFactory, EnforceExtension, sync)

Loading

Possibly related PRs

• chore: bump pnp v0.9.3 #91: Updates the pnp dependency in Cargo.toml from 0.9.1 to 0.9.3, similar to this PR's update from 0.9.3 to 0.9.4.
• chore: bump all (dev)Dependencies #112: Contains related dependency version updates and export pattern changes in napi and package.json files.

Poem

A hop and a skip, new versions appear,
Rust and Node dependencies, all up to the year.
Exports now clearer, with bindings in tow,
The modules all sparkle, ready to go!
With a twitch of my nose, I declare with delight—
The code’s ever fresher, from morning to night!
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This PR updates various development dependencies and associated configurations to newer versions.

• Bumps dependency versions in package.json.
• Reorders and updates module exports in resolver files for both Node and browser environments.
• Updates Cargo.toml dependencies and build requirements.

Reviewed Changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
package.json	Updated versions for devDependencies like @napi-rs/wasm-runtime, @types/node, and vitest.
napi/resolver.wasi.cjs	Reordered destructured imports and adjusted module exports.
napi/resolver.wasi-browser.js	Reordered imports, updated destructuring, and added a default export.
napi/index.js	Modified module.exports assignment and removed a semicolon.
napi/Cargo.toml	Bumped dependency versions for napi, napi-derive, mimalloc-safe, and napi-build.
Cargo.toml	Updated version of pnp dependency.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​napi-rs/​wasm-runtime@​0.2.9 ⏵ 0.2.10
	vitest@​3.1.2 ⏵ 3.1.4	+1		+1	-1
	@​types/​node@​22.15.2 ⏵ 22.15.21	+1		+1
	napi-postinstall@​0.2.2 ⏵ 0.2.4			+1

View full report

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 93.40%. Comparing base (1e36ffe) to head (4a90e39).
Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #112   +/-   ##
=======================================
  Coverage   93.40%   93.40%           
=======================================
  Files          13       13           
  Lines        2865     2865           
=======================================
  Hits         2676     2676           
  Misses        189      189           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to b0cbf31 in 2 minutes and 20 seconds. Click for details.

• Reviewed 220 lines of code in 7 files
• Skipped 1 files when reviewing.
• Skipped posting 8 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. Cargo.lock:645

• Draft comment:
  Bump from alpha to beta (e.g. napi version) – ensure the beta releases are fully compatible with your API.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is related to a dependency change, specifically a version bump from alpha to beta. It advises ensuring compatibility, which is a general caution and not a specific actionable suggestion. According to the rules, comments on dependency changes or general advice to ensure compatibility should be removed.

2. Cargo.toml:81

• Draft comment:
  Updated 'pnp' dependency from 0.9.3 to 0.9.4; confirm that minor bump does not introduce unintended changes.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is asking the PR author to confirm that a minor version bump does not introduce unintended changes. This falls under the rule of not asking the author to confirm or ensure behavior, especially related to dependencies.

3. napi/Cargo.toml:14

• Draft comment:
  Bump for 'napi' and 'napi-derive' to beta versions; verify that downstream usage remains compatible.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is related to dependency changes, specifically bumping versions of napi and napi-derive. The comment asks to verify downstream compatibility, which is against the rules as it asks the author to ensure compatibility. This falls under the rule of not commenting on dependency changes or asking for verification of compatibility.

4. napi/index.js:374

• Draft comment:
  The explicit 'module.exports = nativeBinding' export is added; ensure this does not unintentionally override or duplicate exports.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the author to ensure that the export does not unintentionally override or duplicate exports. This is a request for confirmation of intention, which violates the rules.

5. napi/resolver.wasi-browser.js:28

• Draft comment:
  Usage of top‐level await in fetching the WASM file; verify that your target browsers or bundlers support this pattern.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

6. package.json:14

• Draft comment:
  Dev dependency versions have been updated; ensure that your test suite and build scripts function correctly with these new versions.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is asking the PR author to ensure that their test suite and build scripts function correctly with the updated dev dependency versions. This falls under the rule of not asking the author to ensure things are tested or verified, which is not allowed.

7. napi/resolver.wasi.cjs:59

• Draft comment:
  The option 'reuseWorker: true' is set; confirm that worker reuse does not lead to resource leaks or unexpected state in long-running processes.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

8. napi/index.js:71

• Draft comment:
  Typo: The semicolon was removed from loadErrors.push(err). Was this intentional? If not, please add a semicolon at the end of the statement.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 10% vs. threshold = 50% This is an auto-generated file that explicitly disables linting and formatting. The semicolon inconsistency appears throughout the file and doesn't cause any actual issues in JavaScript. Since the file is auto-generated, manual style fixes are likely to be overwritten anyway. The comment is purely stylistic and not about any functional issues. Maybe consistent semicolon usage is important for the project's style guide? Maybe the auto-generation should be fixed to be consistent? Even if semicolon consistency is desired, fixing it in the generated output is the wrong approach - it should be fixed in the generator. Making manual style fixes to generated code is anti-pattern. The comment should be deleted. It's a style-only comment on an auto-generated file that explicitly opts out of style enforcement.

Workflow ID: wflow_SPOQn6jVstWyAo0v

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[codspeed-hq]

CodSpeed Performance Report

Merging #112 will not alter performance

_{Comparing chore/deps (4a90e39) with main (1e36ffe)}

Summary

✅ 3 untouched benchmarks

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed 4a90e39 in 1 minute and 57 seconds. Click for details.

• Reviewed 233 lines of code in 8 files
• Skipped 1 files when reviewing.
• Skipped posting 8 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. Cargo.lock:575

• Draft comment:
  Dependency version bumps (e.g. libmimalloc-sys2, mimalloc-safe, napi, napi-build, napi-derive, napi-derive-backend, pnp) have been updated (including new checksum and extra dependencies). Verify that these beta releases and checksums are as expected and remain compatible.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is asking the PR author to verify dependency changes, which is against the rules. It does not provide a specific suggestion or point out a specific issue with the code.

2. Cargo.toml:16

• Draft comment:
  The pnp version is bumped from 0.9.3 to 0.9.4. Ensure that this update does not affect module resolution behavior.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

3. napi/Cargo.toml:14

• Draft comment:
  Bumps for napi, napi-derive, mimalloc-safe, and napi-build (from alpha to beta versions) have been applied. Confirm these changes are compatible with your codebase.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is about dependency version changes, which is not allowed according to the rules. It asks the author to confirm compatibility, which is also not allowed.

4. napi/index.js:345

• Draft comment:
  A default export is now set (module.exports = nativeBinding) and additional named exports are attached. Ensure that nativeBinding is an object so that these properties remain accessible.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

5. napi/resolver.wasi-browser.js:63

• Draft comment:
  The module now exports a default (__napiModule.exports) along with named exports. Also, top‐level await is used; ensure that your target browsers/environments support this usage.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is informative and suggests ensuring compatibility with target environments, which violates the rules. It doesn't provide a specific code suggestion or ask for a specific test to be written.

6. napi/resolver.wasi.cjs:87

• Draft comment:
  The CommonJS module now consistently sets the default export and attaches named properties. Review the fallback logic for locating the WASM file and the configuration of shared WebAssembly.Memory for safety.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

7. package.json:13

• Draft comment:
  Dev dependency versions (e.g. @napi-rs/wasm-runtime, vitest, @types/node) have been bumped. Confirm that these updates integrate smoothly with your CI and development workflows.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is asking the PR author to confirm that the updates integrate smoothly with their CI and development workflows, which is against the rules. It is not making a specific code suggestion or pointing out a specific issue.

8. napi/index.js:71

• Draft comment:
  Typographical issue: A semicolon is missing at the end of loadErrors.push(err). It should be loadErrors.push(err); for consistency.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 10% vs. threshold = 50% Since this is an auto-generated file, style consistency is likely handled by the generator itself. Making manual style fixes in generated code is generally not a good practice since they'll be overwritten on the next generation. The inconsistency in semicolon usage throughout the file suggests the generator itself is inconsistent, which should be fixed at the generator level, not in the output file. The comment is technically correct about the inconsistency. Maybe consistent style is important enough to warrant manual fixes even in generated files? No, fixing style in generated files is fighting against the tooling. Style issues should be fixed in the generator, not the output. The comment should be deleted. While technically correct, suggesting style fixes in auto-generated code is not useful since changes will be lost on regeneration.

Workflow ID: wflow_zQfnudkLxY2JiYSn

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}