chore(deps): weekly CLI dependency update (2026-07-07) [RED-687] [show]#1389
Merged
Conversation
Bump direct dependencies to the latest versions that are both compatible with our Node floor (20.19.0) and older than the 2-day minimumReleaseAge embargo: - @oclif/core ^4.11.11 -> ^4.11.14 (checkly, create-checkly) - @typescript-eslint/typescript-estree ^8.62.0 -> ^8.62.1 (checkly) - p-queue ^9.3.0 -> ^9.3.1 (checkly) - oclif ^4.23.23 -> ^4.23.24 (checkly, dev) - typescript-eslint ^8.62.0 -> ^8.62.1 (root, dev) Not updated this week (newer release is within the 2-day embargo): - vitest 3.2.7, @typescript-eslint 8.63.0, oclif 4.23.27 Held back (newest major raises the Node floor): - @commitlint/cli & @commitlint/config-conventional 21.x (Node >=22.12.0) - lint-staged 17.x (Node >=22.22.1) Intentional exclusions: @types/node (kept near min Node), vitest v4 (known setup incompatibilities; stays on 3.x). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…eAge The weekly dependency-update command queried the npm registry directly to find the "latest compatible" version, ignoring the repo's `minimumReleaseAge` embargo (pnpm-workspace.yaml). Since pnpm refuses to install versions published within that window, the command over-reported targets that could not actually be installed. Teach the command to treat the effective target as the latest version that is both floor-compatible AND older than the embargo: - add a second guiding rule and explain that registry `latest` / raw `pnpm outdated` over-report, so pnpm's resolution is authoritative - Phase 0 reads `minimumReleaseAge` live; Phase 2 helper filters out versions still inside the embargo window using their publish time - Phase 3 notes `--latest` cannot overshoot into an embargoed version and adds a minimal-diff tip (restore lockfile + install) to avoid unrelated transitive churn - Phase 5 reports embargoed-this-week items separately from held-back majors Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
889ce84 to
6fff422
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Linear: RED-687
Weekly dependency update. Bumps direct dependencies to the latest versions that are both compatible with our Node floor (
20.19.0) and past the repo's 2-dayminimumReleaseAgeembargo (pnpm-workspace.yaml).Updated
@oclif/core@typescript-eslint/typescript-estreep-queueocliftypescript-eslintNot updated this week
Newer releases exist but fall inside the 2-day release-age embargo, so pnpm correctly refuses them (re-evaluate next run):
vitest3.2.7,@typescript-eslint/*8.63.0,oclif4.23.27.Held back — newest major raises our Node floor
@commitlint/cli&@commitlint/config-conventional21.x → needs Node ≥22.12.0 (kept at 20.5.3)lint-staged17.x → needs Node ≥22.22.1 (kept at 16.4.0)Intentional exclusions
@types/node— kept near our minimum Node (^22.19.17), not latestvitestv4 — known setup incompatibilities; stays on 3.xVerification
Builds (both packages), lint, commitlint accept/reject smoke test, unit tests (
checkly1376 passed / 2 skipped;create-checkly19 passed), and Node-floor re-confirmation for all 5 updated packages — all green, no engine warnings. Lockfile diff is minimal (no incidental transitive churn);pnpm install --frozen-lockfileconfirms consistency. Rebased onto latestmainand re-verified.Other changes
.claude/commands/checkly-cli-update-dependencies.mdcommand doc to account for theminimumReleaseAgeembargo. Previously it computed "latest compatible" straight from the npm registry, ignoring the embargo, so it over-reported versions that pnpm won't install. The doc now treats the effective target as the latest version that is both floor-compatible and past the embargo, filters release age in its helper, and reports embargoed-this-week items separately.