Conversation
There was a problem hiding this comment.
Pull request overview
Updates project dependencies/tooling to newer releases, removes the no-longer-needed pnpm workspace configuration, and adjusts the Biome configuration schema reference to a local path.
Changes:
- Bumped
@commercelayer/*packages and CLI/tooling dependencies (oclif,@oclif/plugin-help,@types/node, etc.). - Updated
pnpm-lock.yamlaccordingly and removedpnpm-workspace.yaml. - Switched
biome.json$schemafrom a remote URL to a localnode_modulespath.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| pnpm-workspace.yaml | Removed workspace-level config previously used for onlyBuiltDependencies. |
| pnpm-lock.yaml | Lockfile updates reflecting dependency/tooling bumps (including new engine constraints). |
| package.json | Updated dependency and devDependency versions to the latest intended releases. |
| biome.json | Updated schema reference to a local Biome schema file. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…e constraint Agent-Logs-Url: https://github.com/commercelayer/commercelayer-cli-plugin-resources/sessions/88a2c672-20f1-478b-9adb-24abc6de9638 Co-authored-by: pviti <57948342+pviti@users.noreply.github.com>
malessani
left a comment
malessani
left a comment
There was a problem hiding this comment.
I suggest you to add in this PR also the dependency workflow, you can take a look here: https://github.com/commercelayer/mfe-cart/blob/master/.github/workflows/vulnerability-updates.yaml
There was a problem hiding this comment.
Pull request overview
This PR updates the project’s dependencies (primarily @commercelayer/* and CLI tooling) and aligns configuration/automation to support the updated toolchain and vulnerability-driven dependency updates.
Changes:
- Bumped
@commercelayer/*packages and CLI/tooling dependencies (incl.oclif,@types/node), and refreshedpnpm-lock.yaml. - Tightened the supported Node engine range to
>=20.18.1to match transitive dependency engine requirements. - Adjusted tooling/automation: removed
pnpm-workspace.yaml, updated Biome schema reference to a local path, and added a vulnerability-update GitHub workflow.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
pnpm-workspace.yaml |
Removed workspace-level config previously used for esbuild build dependency handling. |
pnpm-lock.yaml |
Updated lockfile to reflect new dependency versions across the tree. |
package.json |
Updated dependency versions and raised engines.node minimum to >=20.18.1. |
biome.json |
Switched $schema from remote URL to local node_modules schema path; reformatted file. |
.github/workflows/vulnerability-updates.yml |
Added workflow to run dependency updates when a vulnerability-labeled issue is opened/labeled/reopened (or via manual dispatch). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Matteo Alessani <97170183+malessani@users.noreply.github.com>
|
🎉 This PR is included in version 6.17.2 🎉 The release is available on: Your semantic-release bot 📦🚀 |
@commercelayer/*packages to their latest versions:cli-core:^5.10.8→^5.11.0cli-ux:^1.1.0→^1.2.0sdk:^6.55.0→^6.56.0cli-dev:^3.0.13→^3.1.1@oclif/plugin-help,@types/node,oclifpnpm-workspace.yaml(theonlyBuiltDependenciessetting foresbuildis no longer needed)biome.jsonto use the local schema path (./node_modules/@biomejs/biome/configuration_schema.json) instead of the remote URL