Skip to content

Full dependency audit, chores and fixes Rust and JS #381

Open
Cristian-Vogel wants to merge 27 commits intocrabnebula-dev:mainfrom
Cristian-Vogel:main
Open

Full dependency audit, chores and fixes Rust and JS #381
Cristian-Vogel wants to merge 27 commits intocrabnebula-dev:mainfrom
Cristian-Vogel:main

Conversation

@Cristian-Vogel
Copy link

@Cristian-Vogel Cristian-Vogel commented Mar 8, 2026

This PR covers a series of dependency maintenance tasks, security updates, and a major migration of the linting infrastructure.

Summary of Changes

  • Major Dependency Upgrades:

    • Migrated to ESLint v9 (Flat Config) including updates to @typescript-eslint/eslint-plugin, @typescript-eslint/parser, and associated plugins (eslint-plugin-solid, eslint-config-prettier).
    • Updated Vite to v7.x and Vitest to v4.x.
    • Updated Shiki to v1.29.2 and SolidJS to v1.9.11.
    • Bumped jsdom to v28.1 and TypeScript to v5.9.3.
    • Upgraded @sentry/vite-plugin to v5.1 and other Sentry-related packages.
    • Brought all @protobuf-ts/* packages to v2.11.1.

  • Infrastructure & Configuration:

    • Introduced pnpm-workspace.yaml to manage dependencies across clients/web and examples/ consistently.
    • Added dependabot.yml configuration to automate future dependency security audits and updates.
    • Converted ESLint configuration to the new flat config format (eslint.config.js).

  • Build & Code Quality Fixes:

    • Updated vite.config.ts asset paths to accommodate breaking changes in shiki v1.29.2.
    • Resolved various linting issues triggered by the stricter ESLint v9 rules (e.g., no-unassigned-vars for SolidJS refs, unused variables in catch blocks).
    • Improved ignores list to exclude generated files (src/lib/proto/, monitor-data.ts) and build artifacts from linting.

Commit History Highlights (since 2fd3ce7)

  • f8eebf3: Initial pnpm update run.
  • 106a615: Critical dependency bumps (jsdom/form-data).
  • 3f2f89c: Setup of pnpm-workspace.
  • 89899c7: Final ESLint v9 migration, build fixes, and code cleanup.

@Cristian-Vogel
chore: ran pnpm update
f8eebf3
@Cristian-Vogel
fix: correctly exclude v1, path was incorrect
4dde7f2
@Cristian-Vogel
chore: bump dependabot critical deps first
106a615 
* jsdom (transitive form-data 4.0.0)
@Cristian-Vogel
chore: bump eslint ^10.0
22efcd9
@Cristian-Vogel
chore: bump
3f947c8 
* eslint-config-prettier
* eslint-plugin-solid
@Cristian-Vogel
chore: bump
5571f7c 
* @sentry/vite-plugin (transients:* @sentry/bundler-plugin-core -> glob, whatwg-encoding)

* eslint-plugin-solid
@Cristian-Vogel
chore: bump
4e66d38 
* @sentry/vite-plugin (transients:* @sentry/bundler-plugin-core -> glob, whatwg-encoding)
* eslint
* @typescript-eslint/eslint-plugin and @typescript-eslint/parser
@Cristian-Vogel
Create dependabot.yml
cba4fb8 
npm , weekly
@Cristian-Vogel
Merge pull request #1 from Cristian-Vogel/Cristian-Vogel-patch-depend…
2f36865 
…abot-setup

Create dependabot.yml
@Cristian-Vogel
Create dependabot.yml
a72cfe1
@Cristian-Vogel
Update dependabot.yml
1756ea0 
cargo packages only
@Cristian-Vogel
chore: bump jsdom version to 28.1
6e7943f
@Cristian-Vogel
Update dependabot.yml
354f702
@Cristian-Vogel
Merge branch 'main' into cristian/audit
c15cc9f
@Cristian-Vogel
Merge pull request #2 from Cristian-Vogel/cristian/audit
c3b7da3 
Cristian/audit
@Cristian-Vogel
Merge remote-tracking branch 'origin/cristian/audit' into cristian/audit
aef6008
@Cristian-Vogel
Merge pull request #3 from Cristian-Vogel/cristian/audit
1a88ae5 
Cristian/audit
@Cristian-Vogel
chore: use a pnpm-workspace to scan deps properly in all folders
3f2f89c
@Cristian-Vogel
mitigate breaking changes:
3a36de2 
* update formatters test because "00:00:00" is now the standard representation for the start of a day in a 24-hour clock

* migrate to eslint.config.js usage
@Cristian-Vogel
Added src/lib/console/fixtures/monitor-data.ts to the ignores list
8a1dc67 
* it's 5000 lines of fake monitor data for testing, was generating 2300 warnings after eslint upgrade
@Cristian-Vogel
### ESLint v9 Migration, Build Fixes, and Code Cleanup
89899c7 
This change completes the migration to ESLint v9 and addresses several build and linting issues introduced by recent dependency updates.

#### Highlights:
*   **ESLint v9 Flat Config Migration**: Successfully transitioned from `.eslintrc.json` to the new `eslint.config.js` format.
*   **Dependency Updates**: Added required ESLint v9 packages (`@eslint/js`, `globals`, `typescript-eslint`, etc.) to `clients/web/package.json`.
*   **Build Fixes**: Updated `shiki` asset paths in `vite.config.ts` to match the new package structure in v1.29.2, resolving a critical build failure in `vite-plugin-static-copy`.
*   **Code Quality & Linting**: Fixed over 21 linting errors and warnings, including:
    *   Addressing `no-unassigned-vars` for SolidJS `ref` variables by adjusting the ESLint configuration.
    *   Cleaning up unused `eslint-disable` directives and redundant non-null assertions.
    *   Standardizing `_` prefixing for unused variables in `catch` blocks.
    *   Implementing the `preserve-caught-error` rule by adding `cause` to re-thrown errors.
*   **Performance & Noise Reduction**: Added `dist/` and `src/lib/proto/` to ESLint ignores to prevent linting minified bundles and generated code.

The project now passes both `pnpm build` and `pnpm lint` without errors.
@netlify
Copy link

netlify bot commented Mar 8, 2026
edited
Loading

👷 Deploy request for cn-devtools-app pending review.

Visit the deploys page to approve it

Name Link
🔨 Latest commit 9e0d201

@Cristian-Vogel Cristian-Vogel changed the title Full Dependency Updates and ESLint v9 Migration Full dependency audit, chores and fixes Rust and JS Mar 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Cristian-Vogel