Skip to content

build(deps): bump dependencies #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
FlandiaYingman wants to merge 5 commits into
base: main
Choose a base branch
from
Open

build(deps): bump dependencies #60

FlandiaYingman wants to merge 5 commits into from

Conversation

@FlandiaYingman
Copy link
Member

@FlandiaYingman FlandiaYingman commented Feb 8, 2026

No description provided.

Copilot AI review requested due to automatic review settings February 8, 2026 21:21
Copilot AI reviewed Feb 8, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the project’s Node/Fastify toolchain by bumping a broad set of runtime and dev dependencies (Fastify ecosystem, MongoDB driver, ESLint, TypeScript ESLint, Prettier/plugins). It also changes the Yarn install strategy via .yarnrc.yml.

Changes:

  • Bump various dependencies in package.json and refresh yarn.lock accordingly (Fastify plugins, auth libs, lint/format tooling).
  • Update the example MongoDB type annotation in init-mongo.ts comments.
  • Switch Yarn’s nodeLinker from node-modules to pnpm.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

File Description
yarn.lock Large lockfile refresh to match dependency bumps and transitive changes.
package.json Updates runtime/dev dependency versions (Fastify, MongoDB, ESLint, Prettier, etc.).
src/plugins/init-mongo.ts Comment-only update to the example collection generic type.
.yarnrc.yml Changes Yarn nodeLinker to pnpm, affecting install layout/behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI mentioned this pull request Feb 9, 2026
Merged
Copy link
Contributor

Copilot AI commented Feb 9, 2026

@FlandiaYingman I've opened a new pull request, #63, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Feb 9, 2026
Merged
Copy link
Contributor

Copilot AI commented Feb 9, 2026

@FlandiaYingman I've opened a new pull request, #64, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI and others added 3 commits February 9, 2026 12:41
@FlandiaYingman
Revert nodeLinker configuration change (#64)
ef64c18 
* Initial plan

* revert: change nodeLinker back to node-modules

Co-authored-by: FlandiaYingman <9929037+FlandiaYingman@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: FlandiaYingman <9929037+FlandiaYingman@users.noreply.github.com>
@FlandiaYingman
Merge branch 'main' into dependencies
2b88afa
@FlandiaYingman
Migrate from @sinclair/typebox to typebox package (#63)
28b68d1 
* Initial plan

* feat: migrate from @sinclair/typebox to typebox package

Co-authored-by: FlandiaYingman <9929037+FlandiaYingman@users.noreply.github.com>

* docs: add clarification about oneOf validation in UnionOneOf

Co-authored-by: FlandiaYingman <9929037+FlandiaYingman@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: FlandiaYingman <9929037+FlandiaYingman@users.noreply.github.com>
Co-authored-by: Flandia <me@flandia.dev>
Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 10 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@FlandiaYingman
Update src/utils/typebox/union-oneof.ts
db550de 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@polyipseity
Copy link
Member

polyipseity commented Feb 11, 2026

Let's sort out #59 before doing this. After #66 is merged, next time we can let dependabot do the dirty work instead.

@FlandiaYingman
Copy link
Member Author

FlandiaYingman commented Feb 11, 2026

After #66 is merged, next time we can let dependabot do the dirty work instead.

Sometimes there will be breaking changes that require manual update

@polyipseity
Copy link
Member

polyipseity commented Feb 11, 2026

After #66 is merged, next time we can let dependabot do the dirty work instead.

Sometimes there will be breaking changes that require manual update

Yes. Dependabot does not directly commit to the repository, it opens a PR so you can fix anything needed in the PR and then merge it instead. It simply saves the work of having to look up versions yourself, changing the versions in package.json, and then running yarn install.

@FlandiaYingman
Copy link
Member Author

FlandiaYingman commented Feb 11, 2026

Yes. Dependabot does not directly commit to the repository, it opens a PR so you can fix anything needed in the PR and then merge it instead. It simply saves the work of having to look up versions yourself, changing the versions in package.json, and then running yarn install.

Oh does it always update to the latest version or just the latest compatible version specified in package.json?

@polyipseity
Copy link
Member

polyipseity commented Feb 11, 2026
edited
Loading

Yes. Dependabot does not directly commit to the repository, it opens a PR so you can fix anything needed in the PR and then merge it instead. It simply saves the work of having to look up versions yourself, changing the versions in package.json, and then running yarn install.

Oh does it always update to the latest version or just the latest compatible version specified in package.json?

It should be latest version by default. It looks like we can set versioning-strategy to lockfile-only to make it update to the lastest compatible version instead of latest version: https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#versioning-strategy--.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@polyipseity polyipseity Awaiting requested review from polyipseity

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@FlandiaYingman @polyipseity