Update dependencies

[danielsitek]

This pull request updates the dependency versions in the package.json file to use exact version numbers instead of version ranges, and also bumps some dependencies to newer versions. These changes help ensure consistent builds and avoid unexpected issues from automatic updates.

Dependency version management:

• Changed all dependencies and devDependencies in package.json to use exact versions instead of caret (^) ranges, ensuring more predictable installs.
• Updated tateru-cli to version 1.6.0 and @types/node, @vitest/coverage-v8, and vitest to newer patch versions for improved compatibility and latest bug fixes.

Summary by CodeRabbit

• Chores
  • Updated all dependency and dev dependency version specifiers to exact pinned versions. Affected packages include plugin-error, tateru-cli, vitest, @types packages, gulp, through2, vinyl, and node types.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updated all dependency and devDependency version specifiers in package.json from caret ranges (^) to exact pinned versions for packages including plugin-error, tateru-cli, vitest, @types modules, gulp, through2, and vinyl. No changes to package names, structure, or public APIs.

Changes

Cohort / File(s)	Change Summary
Dependency Version Pinning package.json	Converted all caret (^) version ranges to exact pinned versions across dependencies and devDependencies (e.g., plugin-error 2.0.1, tateru-cli 1.6.0, @types/node 24.10.1, vitest 4.0.15, gulp, through2, vinyl, and related packages). No package names or structure changed.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Single file change (package.json) consisting of repetitive, homogeneous version specification updates
• No functional logic or control flow impacts to evaluate
• Standard version pinning pattern applied consistently across all dependencies

Possibly related PRs

• Update dependencies #4: Modifies overlapping dependency version specifiers for vinyl, gulp, vitest, @types/node, and other packages in package.json; this PR's pinning approach relates directly to that PR's dependency updates.

Poem

🐰 Hops through version ranges wide,
Pins them down with rabbit pride,
Caret signs take their final bow,
Exact versions matter now! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title 'Update dependencies' directly reflects the main change in the changeset, which converts all dependency versions to exact pinned versions in package.json.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/ds-update-dependencies

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (85a3c16) to head (965f13d).
⚠️ Report is 8 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main        #7   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines           21        21           
  Branches         5         5           
=========================================
  Hits            21        21           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 85a3c16 and 965f13d.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (2)

package.json (2)

45-58: No security vulnerabilities found in the pinned versions. Verification across Snyk, NVD, and other security databases shows no CVEs for tateru-cli@1.6.0, vitest@4.0.15, typescript@5.9.3, @types/node@24.10.1, or any other dependencies listed. All packages are security-clean and safe to use.

---

56-56: Gulp 5.0.1, through2 4.0.2, and vinyl 3.0.1 are compatible; this codebase's usage is safe.

The plugin explicitly rejects streaming Vinyl content (line 72) and works only with Buffer-mode files, avoiding the edge cases that could cause issues with Gulp 5's vinyl-fs v4.x changes. The Vinyl object construction uses standard properties and should work without issues. @types/gulp 4.0.18 is the correct typings source for Gulp 5.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat package.json | grep -A 2 '"engines"'

Repository: danielsitek/gulp-tateru-cli

Length of output: 109

---

🌐 Web query:

@types/node 24.10.1 Node.js 20 compatibility requirements

💡 Result:

Short answer: @types/node@24.10.1 corresponds to the Node.js v24 typings (it’s the v24 line of the DefinitelyTyped Node types). It does not declare a runtime peerDependency on Node, but it can include type definitions for APIs introduced in Node 24 that don’t exist in Node 20 — so using 24.x types while running Node 20 may produce incorrect/unsupported API typings. If you want exact Node‑20 typings, install the 20.x @types/node (for example @types/node@20.19.25). [1][2]

Sources:

• @types/node release listing (shows 24.10.1 and separate 20.x/22.x releases). [1]
• DefinitelyTyped discussion about matching @types/node major to Node major and the recommendation to use the matching major for your Node runtime. [2]

---

Update @types/node to version 20.x for Node.js >=20 compatibility.

@types/node 24.10.1 is the Node.js v24 type definitions and should not be used with Node.js >=20. Per DefinitelyTyped conventions, @types/node versions should match your Node.js runtime major version. Use @types/node@20.x (e.g., 20.19.25) to ensure correct type definitions for Node.js 20.

🤖 Prompt for AI Agents

In package.json around lines 51 to 58, the project currently pins "@types/node"
to "24.10.1" which targets Node.js v24; change this to a Node 20-compatible
version (e.g., "20.19.25" or "20.x") to match your runtime, update the
package.json dependency entry accordingly, then run your package manager
(npm/yarn/pnpm) to update the lockfile and reinstall dev dependencies and run
type-checks/tests to ensure no type regressions.