Conversation
|
You have run out of free Bugbot PR reviews for this billing cycle. This will reset on April 11. To receive reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial. |
There was a problem hiding this comment.
Pull request overview
This PR updates several npm dependencies (including major bumps) to keep SlackONOS’s tooling and integrations current, primarily affecting coverage tooling (c8) and the Soundcraft mixer integration (soundcraft-ui-connection).
Changes:
- Bump
c8to v11 (major) and refresh its transitive deps (e.g.,test-exclude,glob,minimatch). - Bump
soundcraft-ui-connectionto v5 (major) and refresh lockfile accordingly. - Update lockfile-resolved versions for
openai,posthog-node,@simplewebauthn/server, and others.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Updates c8 (major) and soundcraft-ui-connection (major) version ranges. |
| package-lock.json | Updates resolved versions/metadata for the bumped deps and their transitive dependency graph. |
| "sonos": "^1.14.2", | ||
| "soundcraft-ui-connection": "^4.1.1", | ||
| "soundcraft-ui-connection": "^5.0.0", | ||
| "urlencode": "^2.0.0", |
There was a problem hiding this comment.
soundcraft-ui-connection@^5.0.0 declares engines.node >=22 (see lockfile), but the project package.json still advertises engines.node >=17 and CI currently runs tests on Node 20. Since index.js requires the Soundcraft handler at startup, this dependency bump effectively raises the minimum supported Node version and may break installs/runs on Node <22. Please either bump the project's Node engine (and align CI/Docker/docs), or keep soundcraft-ui-connection on v4 / make the Soundcraft integration an optional/conditional dependency so the app can still run on older Node versions.
| "devDependencies": { | ||
| "c8": "^10.1.3", | ||
| "c8": "^11.0.0", | ||
| "chai": "6.2.2", | ||
| "mocha": "^11.7.5", |
There was a problem hiding this comment.
c8@^11.0.0 requires Node 20 || >=22 (per its published engines). With package.json currently declaring engines.node >=17, developers may try running coverage on unsupported Node versions and hit install/runtime issues. Consider updating the project's Node engine range to match the strictest dependency requirement.
- Override serialize-javascript, undici, diff, ip to patched versions - Add docs/SECURITY.md (overrides + known npm audit false positive for ip/sonos) - Link to SECURITY.md from README Made-with: Cursor
Summary
Updates multiple dependencies including two major version bumps.
Dependency Updates
minimatch: 9.0.5 → 9.0.9c8: 10.1.3 → 11.0.0 (major)openai: 6.22.0 → 6.25.0posthog-node: 5.24.15 → 5.26.2soundcraft-ui-connection: 4.1.1 → 5.0.0 (major)@simplewebauthn/server: 13.2.2 → 13.2.3Testing
Made with Cursor