Skip to content

chore(deps): weekly CLI dependency update (2026-07-07) [RED-687] [show]#1389

Merged
sorccu merged 2 commits into
mainfrom
simo/red-687-weekly-cli-dependency-update
Jul 7, 2026
Merged

chore(deps): weekly CLI dependency update (2026-07-07) [RED-687] [show]#1389
sorccu merged 2 commits into
mainfrom
simo/red-687-weekly-cli-dependency-update

Conversation

@sorccu

@sorccu sorccu commented Jul 7, 2026

Copy link
Copy Markdown
Member

Linear: RED-687

Weekly dependency update. Bumps direct dependencies to the latest versions that are both compatible with our Node floor (20.19.0) and past the repo's 2-day minimumReleaseAge embargo (pnpm-workspace.yaml).

Updated

Package Type Owner From → To
@oclif/core dependency cli, create-cli ^4.11.11 → ^4.11.14
@typescript-eslint/typescript-estree dependency cli ^8.62.0 → ^8.62.1
p-queue dependency cli ^9.3.0 → ^9.3.1
oclif devDependency cli ^4.23.23 → ^4.23.24
typescript-eslint devDependency root ^8.62.0 → ^8.62.1

Not updated this week

Newer releases exist but fall inside the 2-day release-age embargo, so pnpm correctly refuses them (re-evaluate next run): vitest 3.2.7, @typescript-eslint/* 8.63.0, oclif 4.23.27.

Held back — newest major raises our Node floor

  • @commitlint/cli & @commitlint/config-conventional 21.x → needs Node ≥22.12.0 (kept at 20.5.3)
  • lint-staged 17.x → needs Node ≥22.22.1 (kept at 16.4.0)

Intentional exclusions

  • @types/node — kept near our minimum Node (^22.19.17), not latest
  • vitest v4 — known setup incompatibilities; stays on 3.x

Verification

Builds (both packages), lint, commitlint accept/reject smoke test, unit tests (checkly 1376 passed / 2 skipped; create-checkly 19 passed), and Node-floor re-confirmation for all 5 updated packages — all green, no engine warnings. Lockfile diff is minimal (no incidental transitive churn); pnpm install --frozen-lockfile confirms consistency. Rebased onto latest main and re-verified.

Other changes

  • Updated the .claude/commands/checkly-cli-update-dependencies.md command doc to account for the minimumReleaseAge embargo. Previously it computed "latest compatible" straight from the npm registry, ignoring the embargo, so it over-reported versions that pnpm won't install. The doc now treats the effective target as the latest version that is both floor-compatible and past the embargo, filters release age in its helper, and reports embargoed-this-week items separately.

@sorccu sorccu changed the title [RED-687] Weekly CLI dependency update (2026-07-07) chore(deps): weekly CLI dependency update (2026-07-07) [RED-687] Jul 7, 2026
sorccu and others added 2 commits July 7, 2026 16:35
Bump direct dependencies to the latest versions that are both compatible
with our Node floor (20.19.0) and older than the 2-day minimumReleaseAge
embargo:

- @oclif/core        ^4.11.11 -> ^4.11.14  (checkly, create-checkly)
- @typescript-eslint/typescript-estree  ^8.62.0 -> ^8.62.1  (checkly)
- p-queue            ^9.3.0   -> ^9.3.1    (checkly)
- oclif              ^4.23.23 -> ^4.23.24  (checkly, dev)
- typescript-eslint  ^8.62.0  -> ^8.62.1   (root, dev)

Not updated this week (newer release is within the 2-day embargo):
- vitest 3.2.7, @typescript-eslint 8.63.0, oclif 4.23.27

Held back (newest major raises the Node floor):
- @commitlint/cli & @commitlint/config-conventional 21.x (Node >=22.12.0)
- lint-staged 17.x (Node >=22.22.1)

Intentional exclusions: @types/node (kept near min Node), vitest v4
(known setup incompatibilities; stays on 3.x).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…eAge

The weekly dependency-update command queried the npm registry directly to
find the "latest compatible" version, ignoring the repo's
`minimumReleaseAge` embargo (pnpm-workspace.yaml). Since pnpm refuses to
install versions published within that window, the command over-reported
targets that could not actually be installed.

Teach the command to treat the effective target as the latest version that
is both floor-compatible AND older than the embargo:
- add a second guiding rule and explain that registry `latest` / raw
  `pnpm outdated` over-report, so pnpm's resolution is authoritative
- Phase 0 reads `minimumReleaseAge` live; Phase 2 helper filters out
  versions still inside the embargo window using their publish time
- Phase 3 notes `--latest` cannot overshoot into an embargoed version and
  adds a minimal-diff tip (restore lockfile + install) to avoid unrelated
  transitive churn
- Phase 5 reports embargoed-this-week items separately from held-back majors

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@sorccu sorccu force-pushed the simo/red-687-weekly-cli-dependency-update branch from 889ce84 to 6fff422 Compare July 7, 2026 07:37
@sorccu sorccu changed the title chore(deps): weekly CLI dependency update (2026-07-07) [RED-687] chore(deps): weekly CLI dependency update (2026-07-07) [RED-687] [show] Jul 7, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved: ship/show PR from a same-repo branch.

@sorccu sorccu merged commit 07b14d6 into main Jul 7, 2026
26 of 28 checks passed
@sorccu sorccu deleted the simo/red-687-weekly-cli-dependency-update branch July 7, 2026 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant