Dep Updates 2026-06-02#41
Conversation
📝 WalkthroughSummary by CodeRabbit
WalkthroughThis PR updates three dependencies in the project: bumps the production dependency ChangesDependency Version Updates
Possibly Related PRs
Estimated Code Review Effort🎯 1 (Trivial) | ⏱️ ~3 minutes Poem
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (2 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.changeset/dep-updates-1780361360886.md:
- Around line 5-6: Update the changeset to either list the dev dependency
upgrades (tsx, ultracite, `@biomejs/biome`) alongside the commander production
upgrade or add a brief note explaining why dev dependency updates are
intentionally omitted; specifically modify the .changeset entry that mentions
"commander: ^14.0.3 → ^15.0.0" to include lines for the dev packages (tsx,
ultracite, `@biomejs/biome`) with their new versions or a one-line justification
so release notes accurately reflect dependency changes.
In `@package.json`:
- Line 32: The package declares commander "^15.0.0" (ESM-only) but the
package.json engines.node field still allows ">=22.0.0"; update the Node engine
constraint to ">=22.12.0" (or a stricter range that includes 22.12.0+) so it
meets Commander 15's minimum required Node version; modify the engines.node
entry in package.json accordingly and ensure any CI/tooling that enforces
engines uses the new value.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: a0b240d8-7e87-469a-8078-abc61006ccd2
⛔ Files ignored due to path filters (1)
bun.lockis excluded by!**/*.lock
📒 Files selected for processing (2)
.changeset/dep-updates-1780361360886.mdpackage.json
| Updated dependencies: | ||
| - commander: ^14.0.3 → ^15.0.0 |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial | 💤 Low value
Dev dependencies not mentioned in changeset.
The changeset documents the commander production dependency upgrade but does not mention the dev dependency updates (tsx, ultracite, @biomejs/biome). This may be intentional for user-facing release notes, but consider whether dev dependency updates should also be documented.
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 5-5: First line in a file should be a top-level heading
(MD041, first-line-heading, first-line-h1)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.changeset/dep-updates-1780361360886.md around lines 5 - 6, Update the
changeset to either list the dev dependency upgrades (tsx, ultracite,
`@biomejs/biome`) alongside the commander production upgrade or add a brief note
explaining why dev dependency updates are intentionally omitted; specifically
modify the .changeset entry that mentions "commander: ^14.0.3 → ^15.0.0" to
include lines for the dev packages (tsx, ultracite, `@biomejs/biome`) with their
new versions or a one-line justification so release notes accurately reflect
dependency changes.
| }, | ||
| "dependencies": { | ||
| "commander": "^14.0.3", | ||
| "commander": "^15.0.0", |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
commander npm version 15.0.0 breaking changes and migration guide
💡 Result:
Commander.js version 15.0.0, released in late May 2026 [1], introduced several significant breaking changes centered on moving the project to an ESM-only (ECMAScript Modules) implementation [1][2]. Key Breaking Changes 1. ESM-Only Implementation: The library has migrated from CommonJS to ESM [1][2]. 2. Node.js Requirement: Commander 15 requires Node.js v22.12.0 or higher to support the required ESM functionality [1][2]. 3. Removal of Deprecated Exports: The previously deprecated export of commander/esm.mjs has been removed [1]. 4. Default Option Behavior: There was a breaking change regarding default option values; only lone --no-* options set the default value to true. Previously, default values could be implicitly set when defining both positive and negative options [1]. Migration Tips While Commander 15 is ESM-only, you do not necessarily need to migrate your entire codebase to ESM to continue using it [1][2]. Node.js, Bun, and Deno support importing ESM from CommonJS [1][2]. If you encounter issues due to your specific environment, bundler, or testing framework: - Check compatibility: Ensure your build tools and testing frameworks are configured to support ESM dependencies [1][2]. - Migration Resources: The project includes example configurations in the repository under examples/using-esm-from-commonjs, which may help bridge compatibility gaps for environments like Jest [1][2]. - Stay on Version 14: If your environment does not yet support importing ESM, you can remain on Commander 14. Commander 14 has been moved to maintenance mode and will receive security updates until May 2027 [1][2]. The release also included minor updates, such as showing excess command-arguments in error messages and internal refactoring, including switching from Jest to the node:test test runner [1][2].
Citations:
- 1: https://newreleases.io/project/github/tj/commander.js/release/v15.0.0
- 2: https://github.com/tj/commander.js/releases
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== package.json =="
ls -la package.json >/dev/null 2>&1 || true
cat -n package.json | sed -n '1,120p'
echo "== tsconfig(s) =="
fd -t f -a tsconfig.json tsconfig.*.json . | head -n 20 | cat
for f in $(fd -t f -a tsconfig.json tsconfig.*.json . | head -n 20); do
echo "--- $f (first 120 lines) ---"
cat -n "$f" | sed -n '1,120p'
done
echo "== commander import/usage (top results) =="
rg -n "from ['\"]commander['\"]|require\\(['\"]commander['\"]\\)|new Command\\(|parseAsync\\(|program\\." src package.json tsconfig.*.json 2>/dev/null || true
echo "== commander usage files (if present) =="
fd -t f -a "archive.ts" src || true
rg -n "parseAsync\\(" src 2>/dev/null || trueRepository: mynameistito/github-archiver
Length of output: 4802
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Read src/index.ts =="
sed -n '1,200p' src/index.ts
echo "== Read src/commands/archive.ts =="
sed -n '1,260p' src/commands/archive.ts
echo "== Read src/commands/auth.ts =="
sed -n '1,260p' src/commands/auth.ts
echo "== Search for --no- options =="
rg -n --fixed-string "--no-" src || true
echo "== Search for commander option() usage patterns =="
rg -n "option\\(|addOption\\(" src || trueRepository: mynameistito/github-archiver
Length of output: 15571
Commander 15 upgrade: tighten Node engine requirement
Commander 15 is ESM-only, and this repo already uses ESM ("type": "module" + import { Command } from "commander"), so that part is compatible. The remaining breaking risk is Node: Commander 15 requires Node >=22.12.0, but package.json currently allows >=22.0.0—update engines.node to >=22.12.0 (or otherwise enforce the minimum).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` at line 32, The package declares commander "^15.0.0" (ESM-only)
but the package.json engines.node field still allows ">=22.0.0"; update the Node
engine constraint to ">=22.12.0" (or a stricter range that includes 22.12.0+) so
it meets Commander 15's minimum required Node version; modify the engines.node
entry in package.json accordingly and ensure any CI/tooling that enforces
engines uses the new value.
There was a problem hiding this comment.
3 issues found across 3 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".changeset/dep-updates-1780361360886.md">
<violation number="1" location=".changeset/dep-updates-1780361360886.md:2">
P2: The changeset marks this as a `patch` bump, but the underlying dependency (commander) is being updated from v14 to v15 — a major version with real breaking changes (ESM-only migration, Node.js `>=22.12.0` requirement). This may understate the risk to consumers who auto-accept patch updates via `^` ranges.</violation>
<violation number="2" location=".changeset/dep-updates-1780361360886.md:6">
P2: The codebase uses `.addHelpCommand(true)` which has been deprecated since commander v12 in favor of `.helpCommand()` or passing a `Command` object. Upgrading to commander v15 is an ideal opportunity to migrate off this deprecated API before it is potentially removed in a future major version.</violation>
</file>
<file name="package.json">
<violation number="1" location="package.json:32">
P1: Upgrading to Commander 15 raises the effective Node minimum above the package's declared `engines.node` range, introducing an undeclared compatibility break.</violation>
</file>
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
| }, | ||
| "dependencies": { | ||
| "commander": "^14.0.3", | ||
| "commander": "^15.0.0", |
There was a problem hiding this comment.
P1: Upgrading to Commander 15 raises the effective Node minimum above the package's declared engines.node range, introducing an undeclared compatibility break.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At package.json, line 32:
<comment>Upgrading to Commander 15 raises the effective Node minimum above the package's declared `engines.node` range, introducing an undeclared compatibility break.</comment>
<file context>
@@ -29,21 +29,21 @@
},
"dependencies": {
- "commander": "^14.0.3",
+ "commander": "^15.0.0",
"octokit": "^5.0.5",
"p-queue": "^9.3.0",
</file context>
| --- | ||
|
|
||
| Updated dependencies: | ||
| - commander: ^14.0.3 → ^15.0.0 |
There was a problem hiding this comment.
P2: The codebase uses .addHelpCommand(true) which has been deprecated since commander v12 in favor of .helpCommand() or passing a Command object. Upgrading to commander v15 is an ideal opportunity to migrate off this deprecated API before it is potentially removed in a future major version.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .changeset/dep-updates-1780361360886.md, line 6:
<comment>The codebase uses `.addHelpCommand(true)` which has been deprecated since commander v12 in favor of `.helpCommand()` or passing a `Command` object. Upgrading to commander v15 is an ideal opportunity to migrate off this deprecated API before it is potentially removed in a future major version.</comment>
<file context>
@@ -0,0 +1,6 @@
+---
+
+Updated dependencies:
+- commander: ^14.0.3 → ^15.0.0
</file context>
| @@ -0,0 +1,6 @@ | |||
| --- | |||
| "github-archiver": patch | |||
There was a problem hiding this comment.
P2: The changeset marks this as a patch bump, but the underlying dependency (commander) is being updated from v14 to v15 — a major version with real breaking changes (ESM-only migration, Node.js >=22.12.0 requirement). This may understate the risk to consumers who auto-accept patch updates via ^ ranges.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .changeset/dep-updates-1780361360886.md, line 2:
<comment>The changeset marks this as a `patch` bump, but the underlying dependency (commander) is being updated from v14 to v15 — a major version with real breaking changes (ESM-only migration, Node.js `>=22.12.0` requirement). This may understate the risk to consumers who auto-accept patch updates via `^` ranges.</comment>
<file context>
@@ -0,0 +1,6 @@
+---
+"github-archiver": patch
+---
+
</file context>
Dep Updates 2026-06-02
Summary by cubic
Update runtime and dev dependencies to keep the project current and compatible. Notable: upgrades
commanderto ^15.0.0.commander: ^14.0.3 → ^15.0.0@biomejs/biome: ^2.4.15 → ^2.4.16tsx: ^4.22.3 → ^4.22.4ultracite: ^7.8.0 → ^7.8.1Written for commit 96073b1. Summary will update on new commits.
Note
Update commander, @biomejs/biome, tsx, and ultracite dependencies
Bumps four dependencies in package.json:
commander^14.0.3 → ^15.0.0,@biomejs/biome^2.4.15 → ^2.4.16,tsx^4.22.3 → ^4.22.4, andultracite^7.8.0 → ^7.8.1. The lockfile reflects the resolved versions and a newultracite/commanderalias pointing to commander@14.0.3. Risk:commanderis a major version bump (14 → 15) and may include breaking API changes.Macroscope summarized 96073b1.