Skip to content

Update all (major) #274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update all (major) #274

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- run: git fetch --prune --unshallow
- uses: actions/setup-node@v4
- uses: actions/setup-node@v6
with:
node-version: '22.15.0'
node-version: '24.14.0'
- name: cache node_modules
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: |
node_modules
Expand Down
22 changes: 11 additions & 11 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
with:
node-version: '22.15.0'
node-version: '24.14.0'
- name: cache node_modules
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: |
node_modules
Expand All @@ -29,12 +29,12 @@ jobs:
env:
BUILD_VERSION: ${{ env.VERSION }}
- name: upload build artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: build
path: packages/snage/build/npm
- name: upload docs artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: docs
path: site
Expand All @@ -43,8 +43,8 @@ jobs:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
- uses: actions/checkout@v6
- uses: actions/download-artifact@v8
with:
name: build
path: packages/snage/build/npm
Expand All @@ -62,7 +62,7 @@ jobs:
runs-on: ubuntu-latest
needs: deploy-docker-unstable
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Deploy changelog.snage.dev
run: |
export ANSIBLE_PRIVATE_KEY_FILE="$HOME/id_rsa"
Expand All @@ -77,8 +77,8 @@ jobs:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
- uses: actions/checkout@v6
- uses: actions/download-artifact@v8
with:
name: docs
path: site
Expand Down
22 changes: 11 additions & 11 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
with:
node-version: '22.15.0'
node-version: '24.14.0'
- name: cache node_modules
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: |
node_modules
Expand All @@ -28,7 +28,7 @@ jobs:
env:
BUILD_VERSION: ${{ env.VERSION }}
- name: upload build artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: build
path: packages/snage/build/npm
Expand All @@ -37,8 +37,8 @@ jobs:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
- uses: actions/checkout@v6
- uses: actions/download-artifact@v8
with:
name: build
path: packages/snage/build/npm
Expand All @@ -60,8 +60,8 @@ jobs:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
- uses: actions/checkout@v6
- uses: actions/download-artifact@v8
with:
name: build
path: packages/snage/build/npm
Expand All @@ -86,8 +86,8 @@ jobs:
runs-on: ubuntu-latest
needs: [build, release-artifact]
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
- uses: actions/checkout@v6
- uses: actions/download-artifact@v8
with:
name: build
- name: Get Version
Expand Down
8 changes: 4 additions & 4 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@
},
"devDependencies": {
"eslint-config-prettier": "10.1.2",
"eslint-plugin-jest": "28.11.0",
"eslint-plugin-jest": "29.15.0",
"eslint-plugin-promise": "7.2.1",
"eslint-plugin-react-hooks": "5.2.0",
"eslint-plugin-unicorn": "56.0.1",
"lerna": "8.2.2"
"eslint-plugin-react-hooks": "7.0.1",
"eslint-plugin-unicorn": "63.0.0",
"lerna": "9.0.7"
},
"resolutions": {
"@types/react": "19.1.2",
Expand Down
2 changes: 1 addition & 1 deletion packages/snage/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:22.15.0-alpine
FROM node:25.8.1-alpine
RUN apk add --no-cache git
WORKDIR /snage
COPY build/npm/snage.js /snage
Expand Down
18 changes: 9 additions & 9 deletions packages/snage/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@
"dependencies": {
"@js-joda/core": "5.6.5",
"ajv": "8.17.1",
"cross-env": "7.0.3",
"express": "4.21.2",
"cross-env": "10.1.0",
"express": "5.2.1",
"fp-ts": "2.16.10",
"io-ts": "2.2.22",
"parsimmon": "1.18.1",
Expand All @@ -32,29 +32,29 @@
"string-similarity": "4.0.4",
"winston": "3.17.0",
"yaml": "2.7.1",
"yargs": "17.7.2"
"yargs": "18.0.0"
Copy link

@cursor cursor bot Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Yargs 18 singleton API removed breaks CLI initialization

The yargs 18.0.0 upgrade removed the singleton usage pattern (yargs().argv). The CLI code in packages/snage/src/index.ts still uses this deprecated pattern, causing the CLI to fail at runtime or parse arguments incorrectly.

Fix in Cursor Fix in Web

Copy link

@cursor cursor bot Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Yargs 18 ESM-only breaks CommonJS require calls

The update to yargs 18.0.0 will break the application at runtime. Yargs 18 is ESM-only and cannot be imported using CommonJS require(). The docs.js file uses const yargs = require('yargs'), and the TypeScript source is configured to compile to CommonJS ("module": "commonjs" in tsconfig). When the code attempts to load yargs, it will fail because ESM-only packages cannot be loaded with require() in a CommonJS context.

Fix in Cursor Fix in Web

Copy link

@cursor cursor bot Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yargs 18 removes .argv and CJS require() support

High Severity

Upgrading yargs from 17 to 18 introduces two breaking changes that aren't addressed. First, yargs 18 removes the .argv property (singleton pattern), but both docs.js line 32 and packages/snage/src/index.ts line 35 rely on .argv to trigger argument parsing — these need to use .parse() instead. Second, yargs 18 is ESM-only, but docs.js uses require('yargs') which will fail. The application's main entry point and docs script will both break at runtime.

Fix in Cursor Fix in Web

Copy link

@cursor cursor bot Mar 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yargs 18 removes singleton API used throughout codebase

High Severity

yargs is bumped from 17 to 18, which removes the singleton pattern. The code in index.ts calls yargs.version(...)...argv directly on the default import — this singleton usage was explicitly removed in yargs 18. Additionally, all command files reference yargs.CommandModule via the namespace, which is also removed in v18. The application will fail to start.

Fix in Cursor Fix in Web

Copy link

@cursor cursor bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yargs 18 ESM-only breaks CommonJS test execution

High Severity

yargs is updated to 18.0.0, which is ESM-only, but the project's tsconfig.json uses "module": "commonjs". When ts-jest or ts-node compiles TypeScript, import yargs from 'yargs' becomes require('yargs'), which fails for ESM-only packages. This will break test execution and the ts-node dev command for any code path that transitively imports yargs. The webpack production build may still work since webpack handles ESM natively.

Fix in Cursor Fix in Web

Copy link

@cursor cursor bot Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yargs 18 removed .argv and singleton usage

High Severity

Upgrading yargs to 18.0.0 will break the CLI entirely. Yargs 18 removed singleton .argv usage, which index.ts relies on (yargs.version(...)...argv). Additionally, yargs 18 is ESM-first while the project uses CommonJS ("module": "commonjs"), and the yargs.CommandModule namespace type used across all command files may no longer be available.

Fix in Cursor Fix in Web

},
"devDependencies": {
"@types/body-parser": "1.19.5",
"@types/express": "5.0.1",
"@types/get-port": "4.2.0",
"@types/inquirer": "8.2.10",
"@types/jest": "29.5.14",
"@types/jest": "30.0.0",
"@types/nock": "11.1.0",
"@types/node": "22.15.3",
"@types/node": "25.5.0",
"@types/parsimmon": "1.10.9",
"@types/query-string": "6.3.0",
"@types/semver": "7.7.0",
"@types/string-similarity": "4.0.2",
"@types/supertest": "6.0.3",
"@types/supertest": "7.2.0",
"@types/winston": "2.4.4",
"@types/yaml": "1.9.7",
"copy-webpack-plugin": "9.1.0",
"env-editor": "0.5.0",
"get-port": "7.1.0",
"jest": "29.7.0",
"jest": "30.3.0",
"jest-junit": "16.0.0",
"lerna": "8.2.2",
"lerna": "9.0.7",
"nock": "14.0.4",
"nodemon": "3.1.10",
"npm-run-all": "4.1.5",
Expand All @@ -68,7 +68,7 @@
"tslib": "2.8.1",
"typescript": "5.8.3",
"webpack": "5.99.7",
"webpack-cli": "6.0.1",
"webpack-cli": "7.0.2",
"webpack-dev-server": "5.2.1",
"webpack-shell-plugin-next": "2.3.2"
}
Expand Down
10 changes: 5 additions & 5 deletions packages/ui/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,20 @@
"dependencies": {
"@emotion/react": "11.14.0",
"@emotion/styled": "11.14.0",
"@mui/icons-material": "6.4.11",
"@mui/material": "6.4.11",
"@mui/icons-material": "7.3.9",
"@mui/material": "7.3.9",
"@mui/styles": "6.4.8",
"@types/axios": "0.14.4",
"@types/node": "22.15.3",
"@types/node": "25.5.0",
"@types/react": "19.1.2",
"@types/react-dom": "19.1.2",
"axios": "1.9.0",
"github-markdown-css": "5.8.1",
"react": "19.1.0",
"react-dom": "19.1.0",
"react-markdown": "9.1.0",
"react-markdown": "10.1.0",
Copy link

@cursor cursor bot Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Removed className prop used with react-markdown v10

The upgrade from react-markdown 9.1.0 to 10.1.0 introduces a breaking change: the className prop was removed in v10.0.0. However, the code in packages/ui/src/ReactMarkdown.tsx at line 40 still passes className={classes.root + ' markdown-body'} to the <Markdown> component. This prop will now be silently ignored, causing the markdown content to render without the intended styling. The migration requires wrapping the component in an element with the desired class instead.

Fix in Cursor Fix in Web

Copy link

@cursor cursor bot Mar 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

react-markdown 10 removes className prop and ExtraProps

Medium Severity

react-markdown is bumped from 9 to 10, which removed the className prop and the ExtraProps type export. ReactMarkdown.tsx imports ExtraProps from react-markdown (no longer exported) and passes className to the <Markdown> component (no longer accepted). The UI build will fail, and if somehow bypassed, the markdown styling will be lost.

Fix in Cursor Fix in Web

"react-scripts": "5.0.1",
"react-syntax-highlighter": "15.6.1",
"react-syntax-highlighter": "16.1.1",
"react-virtualized": "9.22.6",
"remark-gfm": "4.0.1",
"typescript": "5.8.3",
Expand Down
Loading
Loading