chore: bump all (dev)Dependencies

[JounQin]

Important

Bump dependencies and add release profile optimizations for smaller binary size.

• Dependencies:
  • Updated autocfg to 1.5.0, criterion2 to 3.0.1, indexmap to 2.10.0, libc to 0.2.174, napi to 3.0.0-beta.11, napi-build to 2.2.2, napi-derive to 3.0.0-beta.11, papaya to 0.2.3, and windows-sys to 0.60.2 in Cargo.lock.
  • Updated indexmap to 2.10.0, papaya to 0.2.3, windows-sys to 0.60inCargo.toml`.
  • Updated napi to 3.0.0-beta.11, napi-derive to 3.0.0-beta.11, napi-build to 2.2.2 in napi/Cargo.toml.
  • Updated napi-postinstall to 0.2.5, @types/node to 22.16.0, prettier to 3.6.2 in package.json.
• Release Profile:
  • Added new release profile configurations in Cargo.toml to optimize regex-automata and regex-syntax for smaller binary size.

^{This description was created by for 4f19a59. You can customize this summary. It will automatically update as commits are pushed.}

---

Summary by CodeRabbit

• Chores
  • Updated several dependencies to their latest versions for improved stability and compatibility.
  • Added new release profile configurations to optimize specific packages for smaller binary size.
  • Simplified update configuration by removing restrictions on certain package updates.

[coderabbitai]

Walkthrough

This update revises dependency versions in Rust and Node.js configuration files. It upgrades several Rust crate dependencies and dev-dependencies, adds release profile optimizations for specific crates, and bumps Node.js package and devDependency versions. Additionally, it simplifies the Renovate configuration by removing package rules for windows-sys.

Changes

File(s)	Change Summary
Cargo.toml	Updated indexmap, papaya, windows-sys, and criterion2 dependencies; added release profile optimizations for regex-automata and regex-syntax.
napi/Cargo.toml	Updated napi, napi-derive, and napi-build dependency versions.
package.json	Updated napi-postinstall, @types/node, and prettier dependency versions.
renovate.json	Removed packageRules section that disabled updates for windows-sys.

Possibly related PRs

• chore: bump all (dev) deps #51: Updates the indexmap dependency version in Cargo.toml, similar to this PR.
• fix: bump napi-postinstall to fix yarn pnp compatibility issue #106: Bumps the napi-postinstall package version in package.json, matching this PR's change.
• chore: bump napi v3.0.0-beta.7 #133: Updates napi, napi-derive, and napi-build crate versions in napi/Cargo.toml and related dependencies in package.json.

Poem

Hopping through the fields of code,
Dependencies get a lighter load.
Crates and packages, fresh and new,
Optimized for size—what a view!
With every bump, the garden grows,
A rabbit cheers as progress shows. 🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1b151cc and 4f19a59.

⛔ Files ignored due to path filters (2)

• Cargo.lock is excluded by !**/*.lock
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (4)

• Cargo.toml (2 hunks)
• napi/Cargo.toml (2 hunks)
• package.json (1 hunks)
• renovate.json (0 hunks)

💤 Files with no reviewable changes (1)

• renovate.json

🚧 Files skipped from review as they are similar to previous changes (3)

• napi/Cargo.toml
• package.json
• Cargo.toml

⏰ Context from checks skipped due to timeout of 90000ms (9)

• GitHub Check: Benchmark
• GitHub Check: Test (macos-14)
• GitHub Check: Test (windows-latest)
• GitHub Check: Test (ubuntu-latest)
• GitHub Check: Test wasi target
• GitHub Check: Lint
• GitHub Check: Code Coverage
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: Analyze (actions)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

Bumps multiple dependencies and updates build configurations for size optimizations across the JS and Rust parts of the repo.

• Updated JavaScript dependencies in package.json
• Bumped N-API crates and build tools in napi/Cargo.toml
• Bumped various Rust crates, removed a lint allowance, and added per-package release profile tweaks in Cargo.toml

Reviewed Changes

Copilot reviewed 3 out of 5 changed files in this pull request and generated no comments.

File	Description
package.json	Bumped napi-postinstall, @types/node, and prettier to newer patch/minor versions
napi/Cargo.toml	Upgraded napi, napi-derive to 3.0.0-beta.11 and napi-build to 2.2.2
Cargo.toml	Upgraded indexmap, papaya, criterion2; removed multiple_crate_versions lint allowance; added size-focused release profiles for regex crates

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

Comments suppressed due to low confidence (2)

Cargo.toml:74

• The multiple_crate_versions = "allow" lint allowance was removed; ensure this change is intentional to avoid new Clippy warnings or CI failures, or update the lint config if needed.

missing_const_for_fn = "allow"

package.json:1

• Dependencies were bumped in package.json but the lockfile (package-lock.json or yarn.lock) isn't updated; please commit the updated lock file to ensure reproducible installs.

{

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	napi-postinstall@​0.2.4 ⏵ 0.2.5	+1		+1	+4
	prettier@​3.6.0 ⏵ 3.6.2	+1			+3
	@​types/​node@​22.15.32 ⏵ 22.16.0	+1		+21	+5

View full report

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.22%. Comparing base (4154853) to head (4f19a59).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #170   +/-   ##
=======================================
  Coverage   92.22%   92.22%           
=======================================
  Files          13       13           
  Lines        3060     3060           
=======================================
  Hits         2822     2822           
  Misses        238      238           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 1b151cc in 1 minute and 8 seconds. Click for details.

• Reviewed 225 lines of code in 4 files
• Skipped 1 files when reviewing.
• Skipped posting 3 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. Cargo.toml:92

• Draft comment:
  The workspace Cargo.toml declares windows-sys version "0.59", but the lock file now shows version "0.60.2". For pre-1.0 releases, ^0.59 only allows 0.59.x. Please update the version constraint if the bump is intended.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

2. napi/Cargo.toml:25

• Draft comment:
  Bumped versions for 'napi' and 'napi-derive' to beta.11. Verify that no breaking changes were introduced compared to beta.9.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

3. package.json:29

• Draft comment:
  The 'napi-postinstall' version is updated to ^0.2.5. Ensure this version is compatible with your postinstall process and native binding expectations.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

Workflow ID: wflow_uWXFPe66J5QuwGru

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

package.json (1)

34-34: Node 22 type stubs may outpace your runtime matrix

@types/node@22 targets the current release line. If your consumers still test on active LTS (v18/20), the newer lib dom/shims may creep in. Consider pinning to the lowest supported major (^20) unless you officially drop older LTS lines.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4154853 and 1b151cc.

⛔ Files ignored due to path filters (2)

• Cargo.lock is excluded by !**/*.lock
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• Cargo.toml (3 hunks)
• napi/Cargo.toml (2 hunks)
• package.json (1 hunks)

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: JounQin
PR: unrs/unrs-resolver#136
File: src/tests/extension_alias.rs:36-46
Timestamp: 2025-06-05T18:52:30.363Z
Learning: The fixtures/yarn directory in the unrs-resolver project requires running `yarn install` to install TypeScript dependencies before tests can run, similar to other fixture directories like fixtures/pnp. The test in src/tests/extension_alias.rs depends on the installed TypeScript package providing lib/typescript.d.ts and related files.

Learnt from: JounQin
PR: unrs/unrs-resolver#136
File: src/tests/extension_alias.rs:36-46
Timestamp: 2025-06-05T18:52:30.363Z
Learning: The fixtures/yarn directory in the unrs-resolver project requires running `yarn install` to install TypeScript dependencies before tests can run, similar to other fixture directories like fixtures/pnp. The test in src/tests/extension_alias.rs depends on the installed TypeScript package providing lib/typescript.d.ts and related files.

package.json (6)

Learnt from: JounQin
PR: unrs/unrs-resolver#75
File: fixtures/pnp/package.json:11-14
Timestamp: 2025-04-21T08:11:41.469Z
Learning: The project uses a justfile with an `install` task that includes running yarn in the fixtures/pnp directory to install dependencies with the command: `cd fixtures/pnp && yarn`.

Learnt from: JounQin
PR: unrs/unrs-resolver#40
File: src/tests/resolve.rs:121-136
Timestamp: 2025-03-29T04:14:03.715Z
Learning: For tests involving npm/yarn package resolution in the unrs-resolver project, dependencies must be installed first using the appropriate package manager commands (pnpm i, yarn) in both the root directory and fixture directories like fixtures/pnp and fixtures/misc/nested-package-json.

Learnt from: JounQin
PR: unrs/unrs-resolver#144
File: napi/patch.mjs:5-5
Timestamp: 2025-06-10T13:53:02.983Z
Learning: Build-time scripts in napi/patch.mjs and similar build pipeline contexts don't require error handling for reading expected files like index.js, as these files are guaranteed to be present during the build process.

Learnt from: JounQin
PR: unrs/unrs-resolver#136
File: src/tests/extension_alias.rs:36-46
Timestamp: 2025-06-05T18:52:30.363Z
Learning: The fixtures/yarn directory in the unrs-resolver project requires running `yarn install` to install TypeScript dependencies before tests can run, similar to other fixture directories like fixtures/pnp. The test in src/tests/extension_alias.rs depends on the installed TypeScript package providing lib/typescript.d.ts and related files.

Learnt from: JounQin
PR: unrs/unrs-resolver#136
File: src/tests/extension_alias.rs:36-46
Timestamp: 2025-06-05T18:52:30.363Z
Learning: The fixtures/yarn directory in the unrs-resolver project requires running `yarn install` to install TypeScript dependencies before tests can run, similar to other fixture directories like fixtures/pnp. The test in src/tests/extension_alias.rs depends on the installed TypeScript package providing lib/typescript.d.ts and related files.

Learnt from: JounQin
PR: unrs/unrs-resolver#115
File: tests/resolve_test.rs:251-263
Timestamp: 2025-05-28T02:21:41.547Z
Learning: In pnpm workspaces, `pnpm install` must be run first to initialize dependencies and create the proper node_modules/.pnpm structure before tests can pass. Tests that rely on resolving packages will fail if dependencies haven't been installed yet.

napi/Cargo.toml (7)

Learnt from: JounQin
PR: unrs/unrs-resolver#136
File: src/tests/extension_alias.rs:36-46
Timestamp: 2025-06-05T18:52:30.363Z
Learning: The fixtures/yarn directory in the unrs-resolver project requires running `yarn install` to install TypeScript dependencies before tests can run, similar to other fixture directories like fixtures/pnp. The test in src/tests/extension_alias.rs depends on the installed TypeScript package providing lib/typescript.d.ts and related files.

Learnt from: JounQin
PR: unrs/unrs-resolver#136
File: src/tests/extension_alias.rs:36-46
Timestamp: 2025-06-05T18:52:30.363Z
Learning: The fixtures/yarn directory in the unrs-resolver project requires running `yarn install` to install TypeScript dependencies before tests can run, similar to other fixture directories like fixtures/pnp. The test in src/tests/extension_alias.rs depends on the installed TypeScript package providing lib/typescript.d.ts and related files.

Learnt from: JounQin
PR: unrs/unrs-resolver#129
File: src/tests/pnp.rs:6-6
Timestamp: 2025-06-02T15:57:50.888Z
Learning: In the unrs-resolver project, std::env is acceptable for test cases even when deprecated, as the user prefers simpler approaches in test code compared to production code standards.

Learnt from: JounQin
PR: unrs/unrs-resolver#75
File: src/tests/pnp.rs:116-133
Timestamp: 2025-04-21T08:17:34.175Z
Learning: Test cases in unrs-resolver that intentionally document failing behavior should make the intent clear by either: 1) asserting on the expected error condition rather than the desired behavior, 2) using #[should_panic] for tests expected to panic, or 3) using #[ignore] with a reason to skip known failing tests in CI.

Learnt from: JounQin
PR: unrs/unrs-resolver#40
File: src/tests/resolve.rs:121-136
Timestamp: 2025-03-29T04:14:03.715Z
Learning: For tests involving npm/yarn package resolution in the unrs-resolver project, dependencies must be installed first using the appropriate package manager commands (pnpm i, yarn) in both the root directory and fixture directories like fixtures/pnp and fixtures/misc/nested-package-json.

Learnt from: JounQin
PR: unrs/unrs-resolver#75
File: src/tests/pnp.rs:116-133
Timestamp: 2025-04-21T08:13:59.358Z
Learning: In the unrs-resolver project, tests that intentionally document failing behavior (regression tests) should either use #[should_panic], assert on the expected error, or include clear documentation indicating they are intentional failing test cases.

Learnt from: JounQin
PR: unrs/unrs-resolver#144
File: napi/patch.mjs:5-5
Timestamp: 2025-06-10T13:53:02.983Z
Learning: Build-time scripts in napi/patch.mjs and similar build pipeline contexts don't require error handling for reading expected files like index.js, as these files are guaranteed to be present during the build process.

Cargo.toml (2)

Learnt from: JounQin
PR: unrs/unrs-resolver#75
File: src/tests/pnp.rs:116-133
Timestamp: 2025-04-21T08:17:34.175Z
Learning: Test cases in unrs-resolver that intentionally document failing behavior should make the intent clear by either: 1) asserting on the expected error condition rather than the desired behavior, 2) using #[should_panic] for tests expected to panic, or 3) using #[ignore] with a reason to skip known failing tests in CI.

Learnt from: JounQin
PR: unrs/unrs-resolver#75
File: src/tests/pnp.rs:116-133
Timestamp: 2025-04-21T08:13:59.358Z
Learning: In the unrs-resolver project, tests that intentionally document failing behavior (regression tests) should either use #[should_panic], assert on the expected error, or include clear documentation indicating they are intentional failing test cases.

⏰ Context from checks skipped due to timeout of 90000ms (10)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Code Coverage
• GitHub Check: Benchmark
• GitHub Check: Lint
• GitHub Check: Test (ubuntu-latest)
• GitHub Check: Test wasi target
• GitHub Check: Test (macos-14)
• GitHub Check: Test (windows-latest)
• GitHub Check: Analyze (actions)
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (8)

napi/Cargo.toml (2)

39-39: Keep napi-build in lock-step with napi

napi-build 2.2.2 is designed for napi ≥ 3 beta 11, so this bump is correct. No action required beyond ensuring Cargo.lock is committed after running cargo update -p napi-build.

---

25-26: Please verify N-API feature flags locally

The sandbox environment couldn’t run cargo check (missing /proc/self/exe), so please confirm on your machine that both napi3 and serde-json still exist in 3.0.0-beta.11. You can do this with:

cargo check -p unrs_resolver_napi --manifest-path napi/Cargo.toml --all-features

If either feature was renamed or removed, update the features list accordingly before merging.

package.json (2)

29-29: Verify CLI arg compatibility after napi-postinstall bump

postinstall calls napi-postinstall … check. 0.2.5 introduced a breaking rename in the sub-command options in some earlier betas; please run the script locally (pnpm i --ignore-scripts && node ./node_modules/.bin/napi-postinstall --help) to be sure the argument order is unchanged.

---

37-37: Watch for Prettier 3.x config warnings

Prettier 3.6 introduced stricter config-file discovery; projects with a nested root need an explicit "prettier" field or .prettierrc. Just make sure CI formatting checks still pass.

Cargo.toml (4)

83-83: indexmap 2.10 drops the serde re-export on default

Version 2.10 gated serde behind the same feature but stopped auto-enabling it in certain transitive scenarios. You’re enabling features = ["serde"] explicitly, so all good, but keep an eye on downstream crates that relied on the implicit behaviour.

---

86-86: papaya 0.2.3 added no_std tweaks

Nothing breaking for std builds, but if you compile with --no-default-features anywhere, re-audit its new feature matrix.

---

100-101: criterion2 3.0.1 fixes a soundness issue – good catch

This brings the upstream #![feature(test)] guard removal; benches should continue to compile untouched.

---

145-149: Size-optimising regex crates may hurt hot-path perf

opt-level="z" trades ~10-20 % throughput for a few KB. If resolver hot-spots rely on heavy regex parsing (e.g. PNP patterns), run a quick bench (cargo bench --bench resolver) to ensure the regression is acceptable.

[codspeed-hq]

CodSpeed Performance Report

Merging #170 will not alter performance

_{Comparing chore/deps (4f19a59) with main (4154853)}

Summary

✅ 3 untouched benchmarks

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed 4f19a59 in 1 minute and 13 seconds. Click for details.

• Reviewed 251 lines of code in 5 files
• Skipped 1 files when reviewing.
• Skipped posting 8 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. Cargo.lock:1353

• Draft comment:
  Updated 'windows-sys' to v0.60.2. Verify that this dependency bump doesn’t introduce any API or compatibility issues downstream.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

2. Cargo.toml:85

• Draft comment:
  Bumped 'indexmap' to v2.10.0. Please ensure that any API changes are compatible with its usage.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

3. Cargo.toml:88

• Draft comment:
  Upgraded 'papaya' to v0.2.3. Confirm that no breaking changes affect your code.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

4. Cargo.toml:96

• Draft comment:
  Updated 'windows-sys' dependency to version 0.60 with required features. Verify compatibility with Windows-specific code.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

5. Cargo.toml:103

• Draft comment:
  Bumped 'criterion2' to v3.0.1 in dev-dependencies. Make sure this update doesn't affect your benchmarking setup.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

6. napi/Cargo.toml:25

• Draft comment:
  Bumped 'napi' and 'napi-derive' to 3.0.0-beta.11 and 'napi-build' to 2.2.2. Confirm that these beta updates integrate well with your N-API interface.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

7. package.json:29

• Draft comment:
  Updated npm dependencies: 'napi-postinstall' to ^0.2.5, '@types/node' to ^22.16.0, and 'prettier' to ^3.6.2. Verify these changes align with your build and CI processes.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

8. renovate.json:3

• Draft comment:
  The ignore rule for 'windows-sys' has been removed. Ensure that allowing its updates won’t lead to unexpected frequent update PRs.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

Workflow ID: wflow_Jf7SdBOsur5j0fmn

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}