build(deps): consolidate 8 dependabot bumps post history-rewrite#91
Merged
Conversation
Re-applies the bumps from the now-stale dependabot branches that were rooted in pre-rewrite history. ### npm deps - `@aws-sdk/client-bedrock-runtime` 3.1043.0 → 3.1045.0 (was #82) - `@aws-sdk/client-sagemaker-runtime` 3.1043.0 → 3.1045.0 (was #86) - `@commitlint/cli` 20.5.3 → 21.0.0 (was #84) - `@commitlint/config-conventional` 20.5.3 → 21.0.0 (was #83) - `onnxruntime-node` 1.25.1 → 1.26.0 (was #85) - `write-file-atomic` 7.0.1 → 8.0.0 (was #81) - typescript-tooling group: `@biomejs/biome` 2.4.13 → 2.5.0, `@types/node` 25.6.0 → 25.7.0 (was #80) ### GitHub Actions - github-actions group: 3 updates (was #79) ## Test plan - [x] `pnpm install` clean - [x] `pnpm -r build` — all 18 packages build - [x] `pnpm run typecheck` — clean - [x] `pnpm run test` — 2019 pass, 0 fail across 18 packages - [x] No `pnpm.onlyBuiltDependencies` rewrite (verified)
This was referenced May 10, 2026
3 tasks
theagenticguy
added a commit
that referenced
this pull request
May 29, 2026
… node range (#155) ## Summary `write-file-atomic@8.0.0` declares `engines: { node: "^22.22.2 || ^24.15.0 || >=26.0.0" }` — which **excludes node 20 entirely, and node 22.0–22.22.1**. That contradicts this repo's own supported-node matrix and produces `EBADENGINE` on `npm install -g @opencodehub/cli@latest` (reported on node 22.22.0), plus a hard failure on the node-20 leg of Verify Global Install (we set `engineStrict: true`). | | node range | |---|---| | Repo `engines` (root) | `>=22.0.0` | | `cli` `engines` | `>=20.0.0` | | Verify Global Install matrix | node **20** / 22 / 24 | | `write-file-atomic@8.0.0` requires | `^22.22.2 \|\| ^24.15.0 \|\| >=26.0.0` ❌ | | `write-file-atomic@7.0.1` requires | `^20.17.0 \|\| >=22.9.0` ✅ covers the whole matrix | ## Changes Pin `write-file-atomic` `8.0.0 → 7.0.1` in the 4 packages that depend on it: **`cli`, `analysis`, `ingestion`, `wiki`**. Lockfile regenerated — 26 lines, only write-file-atomic (4 importer specifiers + package def + snapshot + time entry), same single transitive (`signal-exit@4.1.0`), no unrelated churn. ## Why this is safe - `write-file-atomic@8.0.0` arrived via a **Dependabot consolidation** (#91), not a deliberate security bump. The package has **no advisories** (clean on osv). - Our API usage — `wfa(path, content)` and `wfa(path, content, { raw: true })` — is unchanged since v4. `@types/write-file-atomic@4.0.3` (already a devDep) still applies; left untouched. ## Verification - `pnpm --filter @opencodehub/analysis --filter @opencodehub/cli build` (tsc -b) — clean - `pnpm --filter @opencodehub/analysis test` — 143/143 - Full recursive pre-push gate (`pnpm -r test` + typecheck + verdict) — green ## Test plan - [x] Lockfile resolves write-file-atomic@7.0.1 with engines covering node 20/22/24 - [x] Direct consumers (cli, analysis) typecheck + build - [x] Recursive test suite green
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Re-applies the bumps from the 8 dependabot branches that were rooted in
pre-rewrite history (and would otherwise carry stale blobs forward).
Closes #79, #80, #81, #82, #83, #84, #85, #86.
npm deps
@aws-sdk/client-bedrock-runtime3.1043.0 → 3.1045.0 (was build(deps): bump @aws-sdk/client-bedrock-runtime from 3.1043.0 to 3.1045.0 #82)@aws-sdk/client-sagemaker-runtime3.1043.0 → 3.1045.0 (was build(deps): bump @aws-sdk/client-sagemaker-runtime from 3.1043.0 to 3.1045.0 #86)@commitlint/cli20.5.3 → 21.0.0 (was build(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.0 #84)@commitlint/config-conventional20.5.3 → 21.0.0 (was build(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.0 #83)onnxruntime-node1.25.1 → 1.26.0 (was build(deps): bump onnxruntime-node from 1.25.1 to 1.26.0 #85)write-file-atomic7.0.1 → 8.0.0 (was build(deps): bump write-file-atomic from 7.0.1 to 8.0.0 #81)@biomejs/biome2.4.13 → 2.5.0,@types/node25.6.0 → 25.7.0 (was build(deps-dev): bump the typescript-tooling group across 1 directory with 2 updates #80)GitHub Actions
Test plan
pnpm installclean (no peer-dep regressions beyond what main already had)pnpm -r build— all 18 packages buildpnpm run typecheck— cleanpnpm run test— 2019 pass, 0 fail across 18 packagespnpm.onlyBuiltDependenciesrewrite (verified by diff)