chore: be more accepting of linter semver updates #376
Conversation
There was a problem hiding this comment.
Pull request overview
This PR aims to make the project more accepting of dependency updates by changing from exact version pins to semver ranges in package.json. However, the changes go beyond just adding version ranges - they also include actual dependency updates and a restructuring of the dependency tree.
Changes:
- Modified all dev dependencies in
package.jsonto use semver ranges (^ for some, ~ for others) instead of exact versions - Updated
package-lock.jsonwith corresponding dependency resolution changes - Updated several packages to newer versions (@types/node, ignore, esquery, @jridgewell/source-map)
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Changed 9 dev dependencies from exact versions to semver ranges; inconsistent use of ^ (caret) vs ~ (tilde) ranges; @types/node bumped from 25.0.6 to 25.0.7 |
| package-lock.json | Updated lock file with new version ranges; includes major version update for ignore (5.3.2→7.0.5), minor updates for esquery and @jridgewell/source-map, and dependency tree restructuring (fdir/picomatch moved to top level) |
| "@eslint/js": "^9.39.2", | ||
| "@types/node": "~25.0.7", | ||
| "@typescript-eslint/eslint-plugin": "^8.52.0", | ||
| "@typescript-eslint/parser": "^8.52.0", | ||
| "eslint": "^9.39.2", | ||
| "eslint-plugin-security": "^3.0.1", |
There was a problem hiding this comment.
Inconsistent semver range strategy across dependencies. Some use caret (^) for minor updates while others use tilde (~) for patch-only updates. Consider establishing a consistent policy:
- Caret (^) is used for: @eslint/js, @typescript-eslint/*, eslint, eslint-plugin-security
- Tilde (~) is used for: @types/node, globals, terser, typescript
For better predictability and to avoid unexpected breaking changes, consider using tilde (~) consistently for all dev dependencies, or document the rationale for when each range type should be used (e.g., tilde for build tools that could affect output, caret for linting tools that only affect development).
| "@eslint/js": "^9.39.2", | |
| "@types/node": "~25.0.7", | |
| "@typescript-eslint/eslint-plugin": "^8.52.0", | |
| "@typescript-eslint/parser": "^8.52.0", | |
| "eslint": "^9.39.2", | |
| "eslint-plugin-security": "^3.0.1", | |
| "@eslint/js": "~9.39.2", | |
| "@types/node": "~25.0.7", | |
| "@typescript-eslint/eslint-plugin": "~8.52.0", | |
| "@typescript-eslint/parser": "~8.52.0", | |
| "eslint": "~9.39.2", | |
| "eslint-plugin-security": "~3.0.1", |
There was a problem hiding this comment.
@copilot I reject the suggestion. The intent is tilde for build tools that could affect output, caret for linting tools that only affect development.
| "terser": "5.44.1", | ||
| "typescript": "5.9.3" | ||
| "@eslint/js": "^9.39.2", | ||
| "@types/node": "~25.0.7", |
There was a problem hiding this comment.
The @types/node package was updated from 25.0.6 to 25.0.7 as part of this change. This appears to be an unintentional version bump that goes beyond just adding semver ranges. If the goal is only to "be more accepting of linter semver updates," the version should remain at 25.0.6 with the ~ prefix (which would be ~25.0.6), not update to 25.0.7. Consider whether this version update was intentional or if it should be reverted to maintain the scope of this PR as purely a semver range configuration change.
| "@types/node": "~25.0.7", | |
| "@types/node": "~25.0.6", |
There was a problem hiding this comment.
@copilot I reject this suggestion. The change to @types/node ~25.0.7 is intentional
|
@mobilemind I've opened a new pull request, #377, to work on those changes. Once the pull request is ready, I'll request review from you. |
|
@mobilemind I've opened a new pull request, #378, to work on those changes. Once the pull request is ready, I'll request review from you. |
chore: be more accepting of linter semver updates in package.json