bump dep

[mynameistito]

Summary by cubic

Bumps dev dependencies (including typescript@^6.0.2) and updates ultracite@^7.3.2 to resolve a CLI issue; includes small code/test fixes for reliability.

• Dependencies

  • Update ultracite to ^7.3.2.
  • Upgrade typescript to ^6.0.2 and esbuild to ^0.27.4.
  • Refresh @changesets/*, @biomejs/biome, and @types/bun.

• Bug Fixes

  • Use text.slice in truncate to avoid edge cases.
  • Restore GH_TOKEN correctly in tests when it was initially undefined.

^{Written for commit b7b4222. Summary will update on new commits.}

Greptile Summary

This PR bumps several dev dependencies (biome, TypeScript, ultracite, changesets, esbuild, @types/bun) and includes two small code fixes driven by the ultracite/biome linting update.

• package.json / bun.lock: Dev-only version bumps. The most notable change is typescript ^5.9.3 → ^6.0.2, which is a major version jump and may introduce new type errors or changed defaults that need to be validated via bun run typecheck.
• src/utils/formatting.ts: String.prototype.substring replaced with String.prototype.slice in truncate() — a style-guide-consistent modernization with identical runtime behaviour for non-negative indices.
• tests/unit/auth-manager.test.ts: The if/else branches in the GH_TOKEN environment-variable restore block were swapped (!== undefined → === undefined). Both orderings are logically equivalent; this resolves a biome/ultracite lint warning about negated conditions.

Confidence Score: 4/5

• Safe to merge once a typecheck pass confirms TypeScript 6 introduces no new errors.
• All changes are dev-only: no production runtime code is affected beyond a trivially equivalent .substring → .slice swap. The TypeScript 5 → 6 major bump is the only meaningful risk, as major TS releases can tighten type-checking and break compilation; confirming bun run typecheck passes cleanly is the one remaining gate before merging.
• package.json — verify bun run typecheck succeeds under TypeScript 6.

Important Files Changed

Filename	Overview
src/utils/formatting.ts	Single-line style fix: replaced .substring() with .slice() in truncate, consistent with modern JS/TS style guide preferences.
tests/unit/auth-manager.test.ts	Swapped !== undefined / === undefined branches in the GH_TOKEN env-var restore block — logically equivalent, resolves an ultracite/biome lint warning.
package.json	Dev-dependency bumps: TypeScript 5 → 6 (major), biome patch, esbuild patch, ultracite minor, changesets minor — all dev-only, but the TypeScript major bump warrants a typecheck pass to confirm no new errors.
.changeset/grumpy-places-rest.md	New changeset entry marking a patch release for "bump dep, fix ultracite issue".

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[PR: bump dep] --> B[Dev Dependency Bumps\npackage.json / bun.lock]
    A --> C[Code Fixes]
    
    B --> D["@biomejs/biome 2.4.3 → 2.4.8"]
    B --> E["typescript 5.9.3 → 6.0.2 ⚠️ major"]
    B --> F["ultracite 7.2.3 → 7.3.2"]
    B --> G["@changesets/* minor bumps"]
    B --> H["esbuild / @types/bun patches"]
    
    C --> I["src/utils/formatting.ts\n.substring() → .slice()"]
    C --> J["tests/unit/auth-manager.test.ts\nFlip undefined check order\n(lint fix, same behavior)"]
    
    E --> K{typecheck passes?}
    K -- yes --> L[Safe to merge]
    K -- no --> M[Fix TS6 type errors]

Loading

_{Reviews (1): Last reviewed commit: "bump dep" | Re-trigger Greptile}

Context used:

• Context used - AGENTS.md (source)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​changesets/​changelog-github@​0.5.2 ⏵ 0.6.0	+1		+1
	@​changesets/​get-github-info@​0.7.0 ⏵ 0.8.0	+1		+1
	typescript@​5.9.3 ⏵ 6.0.2	+1		+1

View full report

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[cubic-dev-ai]

1 issue found across 5 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="src/utils/formatting.ts">

<violation number="1" location="src/utils/formatting.ts:55">
P2: Using `slice` here changes negative-index behavior and can produce outputs longer than `maxLength` for small limits (e.g., `maxLength < 3`).</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P2: Using slice here changes negative-index behavior and can produce outputs longer than maxLength for small limits (e.g., maxLength < 3).

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At src/utils/formatting.ts, line 55:

<comment>Using `slice` here changes negative-index behavior and can produce outputs longer than `maxLength` for small limits (e.g., `maxLength < 3`).</comment>

<file context>
@@ -52,7 +52,7 @@ function truncate(text: string, maxLength: number): string {
     return text;
   }
-  return `${text.substring(0, maxLength - 3)}...`;
+  return `${text.slice(0, maxLength - 3)}...`;
 }
 
</file context>