🤖 Dep Updates: bump typescript-eslint from 8.44.1 to 8.46.3 #31
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import local Choice type to prevent conflict with external @inquirer/select types when using external aliases config. Cast choices array to use local Choice<string> type. Fixes TypeScript error when external Socket packages are detected.
Replace version tags with full commit SHAs to comply with repository security policy requiring explicit action versions: - actions/checkout@v4.3.0 → 08eba0b27e820071cde6df949e0beb9ba4906955 - actions/setup-node@v4.4.0 → 49933ea5288caeca8642d1e84afbd3f7d6820020 - actions/cache@v4.3.0 → 0057852bfaa89a56745cba8c7296529d2fc39830 - pnpm/action-setup@v4.2.0 → 41ff72655975bd51cab0327fa583b6e92b6d3061 All SHAs verified and include version comments for reference.
Wrap long path arrays across multiple lines to comply with line length limits for @socketsecurity/registry and @socketregistry/packageurl-js path mappings.
Remove matrix variable interpolation from job name as GitHub Actions doesn't support it at the job level. The matrix strategy still runs tests across all Node versions and OS combinations.
Change cache restore key from 'ubuntu-latest' to 'Linux' to match the
build job's save key. The build job uses ${{ runner.os }} which evaluates
to 'Linux' on ubuntu-latest, not 'ubuntu-latest'.
This resolves the "Failed to restore cache entry" error.
Add beforeEach hook to ensure theme is reset to 'socket' before each test runs, preventing test pollution from affecting "should default to socket theme" test. Fixes test failure where theme state leaked between tests.
Split tests requiring module-level isolation into separate test suite: - Created .config/vitest.config.isolated.mts with isolate: true - Moved themes.test.ts and logger.test.ts to test/isolated/ - Updated main vitest config to exclude isolated tests - Modified test script to run both main and isolated suites - Added separate test-isolated job in CI workflow This prevents theme state pollution between test files while keeping the main test suite fast with parallel execution. Fixes third-strike test failure for "should default to socket theme".
Added explicit alias for @socketsecurity/lib/prompts to prevent module resolution from incorrectly loading src/stdio/prompts.ts instead of src/prompts/index.ts stubs during test runs. The issue occurred because: - src/prompts/index.ts exports stub functions that throw errors - src/stdio/prompts.ts exports actual inquirer-wrapped prompts - Vitest's alias '@socketsecurity/lib' -> 'src' was causing ambiguous resolution that loaded the wrong module Fixed by adding specific alias that takes precedence: '@socketsecurity/lib/prompts' -> 'src/prompts/index.ts' This prevents prompts tests from timing out in CI.
Split cache restore into OS-specific steps: - Linux: Restore both dist and node_modules from cache - Windows: Only restore dist (node_modules are platform-specific) Windows then runs pnpm install to create its own node_modules. This prevents cache miss failures on Windows test jobs.
Tests run against source (via vitest alias), not built dist. Each job now simply installs deps (pnpm caches via setup-node) and runs. Removes: - dist artifact caching/restoring - Platform-specific cache key complexity - Cache miss failures Build job still verifies build works, but output isn't reused.
Tests need dist folder for circular dependency breaking require() calls.
Code uses require('#packages/operations') which loads from dist in tests.
Example from src/packages/normalize.ts:75:
require('#packages/operations') // Breaks circular dep
Without dist, these requires fail with 'Cannot find module'.
- Remove unused .config/isolated-tests.json (empty config) - Remove duplicate test/argv/flags.test.ts (kept more comprehensive test/argv-flags.test.ts with 106 tests vs 76) - Update plugins/README.md description for clarity - Remove .DS_Store file All tests pass (4489 tests, 84.19% cumulative coverage)
- Add convenience exports (getDefaultLogger, Logger, LOG_SYMBOLS, getDefaultSpinner, Spinner) to main index - Fix critical spinner crashes from removed logger export - Remove empty SocketRegistry class and exports - Update all spinner internal logger calls to use getDefaultLogger()
Critical fix for Node.js ESM compatibility. Previously, esbuild's minified
export pattern placed exports before variable definitions, causing
"Cannot access before initialization" errors when importing from Node ESM.
Changes:
- Use @babel/parser + magic-string instead of regex for safe AST parsing
- Remove early export pattern (before variable definitions)
- Replace dead-code stub (0&&module.exports={...}) with actual exports
- Place module.exports at end of file after all definitions
This ensures Node.js ESM can properly detect named exports like:
import { getDefaultLogger, Logger } from '@socketsecurity/lib/logger'
Fixes socket-cli issue where named imports were failing.
Add explicit type annotations to improve type coverage: - UNDEFINED_TOKEN: explicit undefined type - globs.ts: typed matcherCache Map, typed require() calls - signal-exit.ts: typed __signal_exit_emitter__ - sorts.ts: typed semver and fastSort require() imports These changes help move toward 99%+ type coverage goal.
Add 82 new tests improving code coverage: - test/dlx.test.ts: 42 tests for DLX package management utilities - Cache key generation, directory operations - Package installation/removal, sync/async variants - Edge cases and error handling - test/effects/pulse-frames.test.ts: 19 tests for spinner frame generation - Frame generation, intervals, ANSI codes - Unicode characters, animation patterns - test/effects/ultra.test.ts: 21 tests for rainbow gradient generation - Color cycling, RGB validation - Gradient distribution and consistency Coverage improvements: - dlx.ts: 12.5% → ~95% - pulse-frames.ts: 9.09% → ~100% - ultra.ts: 20% → ~100% - Overall code coverage: 70.76% → 71.99% - Test count: 4,483 → 4,565 (+82)
Fix critical ESM/CJS interop by disabling minification - Disable minification in esbuild config (libraries should not be minified) - Remove fix-commonjs-exports build step (no longer needed) - Unminified esbuild output has clear __export patterns Node.js ESM understands - Verified with real .mjs module imports from CJS dist
Add explicit type annotations to improve type safety: - sorts.ts: Add FastSortFunction type to _naturalSorter - themes/context.ts: Add Theme type to resolvedTheme variables - spinner.ts: Add explicit types for colors, YoctoCtor, etc. - objects.ts: Add type annotation for proto variable Tests: 4,565 passing
Fix race condition in "should return entries from both memory and persistent cache" test. The test was failing intermittently because cacache's persistent writes are asynchronous and may not complete immediately after await cache.set() returns. Solution: Add verification step to ensure persistent writes complete by reading entries back from persistent cache before testing getAll(). This eliminates the race condition and makes the test deterministic. Verified with 100+ consecutive test runs without failure.
…text
When withSpinner calls spinner.stop() with no arguments, the #apply method
was passing an empty string to yocto-spinner's stop(''), which could leave
spinner artifacts on the terminal. Now we call stop() with no args when
normalized text is empty, ensuring proper line cleanup.
Update Sunset theme colors to match name and Coana branding: - Change from azure blue to warm orange/purple gradient - Primary: #FF8C64 (warm orange) - Secondary: #C864B4 (purple/pink) - Add purple-to-orange shimmer effect - Update link and step colors to use warm palette Rename Brick theme to Terracotta: - More descriptive name matching the actual terracotta color - Update theme name from 'brick' to 'terracotta' - Update BRICK_THEME constant to TERRACOTTA_THEME - Update all references in docs, tests, and examples
Fix type compatibility issues: - Change step color from 'primary' reference to 'magentaBright' ColorValue - Change shimmer gradient from color references to actual RGB values (purple [200,100,180] to orange [255,140,100]) step field requires ColorValue, not ColorReference shimmer.color requires ColorReference | ColorValue[], not ColorReference[]
Update theme colors and naming for better clarity: - Sunset theme now uses warm orange/purple gradient - Brick theme renamed to Terracotta
Increase timing margins to prevent race conditions: - Increase TTL from 200ms to 300ms - Reduce second wait from 120ms to 100ms - Provides 200ms buffer instead of 80ms for more reliable timing
Fixes the breaking changes introduced in v3.0.0 where the prompts API was accidentally replaced with an unimplemented stub. Changes: - Consolidate all prompts functionality into src/stdio/prompts.ts - Remove src/prompts/ directory (stub implementation) - Remove src/prompts.ts (old direct re-export) - Update package.json: ./prompts now points to stdio/prompts - Add createSeparator() helper function - Update Choice interface to match @InQuirer API (uses 'name', not 'label') - Update tests to verify all exports work correctly Breaking change fix: - password, search, Separator exports now available again - Choice type now correctly uses 'name' property (matching @InQuirer) - All prompt functions now work (no longer throw "not yet implemented") Module paths: - @socketsecurity/lib/prompts (alias) → stdio/prompts - @socketsecurity/lib/stdio/prompts (canonical)
Prompts now automatically use the active theme colors for consistent visual experience: - Prompt messages: colors.prompt - Descriptions/disabled: colors.textDim - Answers/highlights: colors.primary - Errors: colors.error - Success indicators: colors.success Matches Logger and Spinner theme integration.
Replace echo with printf in git hooks for consistent ANSI color rendering across platforms. The echo command behavior varies between shells (some require -e, others don't support it), while printf consistently interprets escape sequences on all platforms.
Remove get-local-package-aliases.mjs and update test/main.mjs to remove its usage. This utility is replaced by the more focused build-externals/local-packages.mjs implementation which better serves socket-lib's needs. Simplify tsconfig selection by always using tsconfig.check.json instead of conditionally selecting based on external package detection.
Remove unused get-local-package-aliases import and createAliasPlugin function from esbuild configuration. This fixes build errors after removing the get-local-package-aliases utility. The build system now relies on the more focused local-packages.mjs implementation in scripts/build-externals/ for local package resolution.
Add *.tmp to .gitignore to explicitly ignore temporary files. This standardizes temporary file handling across all Socket repositories.
- Add canonical reference to socket-registry/CLAUDE.md - Add mandatory protocol sections (PRE-ACTION, VERIFICATION) - Add ABSOLUTE RULES, ROLE, and EVOLUTION sections - Enhance SHARED STANDARDS with backward compat, work safeguards, safe deletion - Standardize header formatting across Socket projects
Convert these modules to use clean named exports instead of default exports:
- lifecycle-script-names: export { lifecycleScriptNames }
- maintained-node-versions: export { maintainedNodeVersions }
- package-default-node-range: export { packageDefaultNodeRange }
- package-default-socket-categories: export { packageDefaultSocketCategories }
- package-extensions: export { packageExtensions }
This eliminates the need for .default access in both CommonJS and ESM
consumers, providing consistent dual-format compatibility.
Before: require('./module').default or import value from './module'
After: const { value } = require('./module') or import { value } from './module'
Verified with comprehensive testing:
- All 131 library modules now use named exports only
- 100% CJS/ESM compatibility
- Zero modules requiring .default access
Update getMaintainedNodeVersions() to use the new named export pattern:
- Before: require('#lib/maintained-node-versions').default
- After: require('#lib/maintained-node-versions').maintainedNodeVersions
This completes the transition away from default exports, ensuring
consistent named export usage throughout the codebase.
…xports Update getters to use named exports from the 5 fixed modules: - getPackageDefaultNodeRange: use packageDefaultNodeRange - getPackageDefaultSocketCategories: use packageDefaultSocketCategories - getPackageExtensions: use packageExtensions - getLifecycleScriptNames: use lifecycleScriptNames This completes the transition from default exports to named exports, fixing runtime errors where modules were returning undefined.
Change from default import to named import:
- Before: import maintainedNodeVersionsModule from '...'
- After: import { maintainedNodeVersions } from '...'
Removes ESM/CJS interop workaround now that the module properly
exports named exports only.
Re-enable post-build validation scripts: - scripts/validate/esm-named-exports.mjs - Validates named exports - scripts/validate/dist-exports.mjs - Validates no .default access needed Improve esm-named-exports validation: - Handle require() errors gracefully instead of throwing - Allow empty exports for type-only files (*/types.js) - Better error messages for debugging These validations ensure 100% CJS/ESM compatibility is maintained in the build output, catching any regressions automatically.
Add noDefaultExport linting rule to prevent default export patterns
that break dual CJS/ESM compatibility.
This prevents new modules from using:
- export default value
- export default X; export { X as 'module.exports' }
Named exports work consistently across both module systems, while
default exports require .default access, breaking the API consistency.
Add comprehensive export pattern guidelines: - Named exports ONLY (default exports forbidden) - Rationale: dual CJS/ESM compatibility - Enforcement: Biome linting + build-time validation Documents the mandatory pattern for all library modules to ensure consistent API surface across CommonJS and ESM consumers.
Add security warning to normalizePath() JSDoc explaining that the function resolves '..' patterns as part of normalization. Developers processing untrusted user input (HTTP requests, file uploads, URL parameters) must validate for path traversal attacks BEFORE calling this function. Include examples showing how normalizePath() resolves traversal patterns: - '/../etc/passwd' → '/etc/passwd' - '/safe/../../unsafe' → '/unsafe' This prevents misuse of normalizePath() on untrusted input where path traversal validation should happen first.
Split long require statement across multiple lines for better readability and to comply with line length limits.
Convert default exports to named exports for consistency:
- babel-plugin-inline-const-enum.mjs → exports inlineConstEnum
- babel-plugin-inline-process-env.mjs → exports inlineProcessEnv
- babel-plugin-inline-require-calls.js → exports { inlineRequireCalls }
- babel-plugin-strip-debug.mjs → exports stripDebug
- transform-url-parse-plugin.mjs → exports transformUrlParse
- transform-set-proto-plugin.mjs → exports transformSetProto
Named exports improve discoverability and encourage consistent naming
across the codebase.
Export both named and default exports from config files:
- eslint.config.mjs → exports { eslintConfig }
- taze.config.mts → exports { tazeConfig }
- vitest.config.mts → exports { vitestConfig }
- vitest.config.isolated.mts → exports { vitestConfigIsolated }
Default exports are retained for tool compatibility (ESLint, Vitest, Taze
expect default exports), while named exports improve discoverability.
Add biome override to permit default exports in .config/ directory. Config files require default exports for tool compatibility (ESLint, Vitest, Taze) while the rest of the codebase uses named exports only.
Add **/docs/archive/ pattern to .gitignore to prevent archival documentation from being tracked in version control.
Replaced all echo statements with printf in git hooks for better cross-platform compatibility and consistent output formatting.
…sorting Reorganize .gitignore to improve maintainability and align with Socket.dev ecosystem standards. Changes: - Add clear section dividers with 7 logical groups - Alphabetically sort patterns within each section - Add missing patterns: .nvm, *.log, *.old, *~ (editor files) - Add missing backup patterns: *.backup, *.bak, *.orig - Standardize directory patterns with trailing slashes - Move negation patterns to dedicated section for clarity Organization structure: 1. OS-specific files 2. Environment and secrets 3. Node.js dependencies and configuration 4. Build outputs and artifacts 5. Editor and IDE files 6. Development and debugging 7. Backup and temporary files 8. Archive directories Aligns with ultrathink and socket-cli conventions while maintaining minimal library-appropriate pattern set.
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.44.1 to 8.46.3. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.3/packages/typescript-eslint) --- updated-dependencies: - dependency-name: typescript-eslint dependency-version: 8.46.3 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps typescript-eslint from 8.44.1 to 8.46.3.
Release notes
Sourced from typescript-eslint's releases.
... (truncated)
Changelog
Sourced from typescript-eslint's changelog.
Commits
d9f3497chore(release): publish 8.46.355ca033chore(release): publish 8.46.23f5fbf6chore(release): publish 8.46.1aec785echore(release): publish 8.46.05c1a159feat(typescript-eslint): export util types (close #10848) (#10849)255e9e2chore(release): publish 8.45.0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)