fix(deps): update all dependencies

[mheob]

Summary by CodeRabbit

• New Features

  • Enhanced ESLint configuration with new rules for React development.
  • Introduction of a new sorting system in ESLint rules.

• Bug Fixes

  • Corrected sorting rules related to specific frameworks.

• Documentation

  • Updated comments and documentation for better clarity.

• Chores

  • Updated various dependencies to their latest versions across multiple packages.
  • Updated the package manager version for improved consistency.

[height]

Link Height tasks by mentioning a task ID in the pull request title or commit messages, or description and comments with the keyword link (e.g. "Link T-123").

💡Tip: You can also use "Close T-X" to automatically close a task when the pull request is merged.

[changeset-bot]

🦋 Changeset detected

Latest commit: 6214ffa

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
@mheob/eslint-config	Major
@mheob/commitlint-config	Patch
@mheob/prettier-config	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
eslint-config	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Dec 11, 2024 10:38am

[coderabbitai]

Walkthrough

This pull request introduces updates to several configuration packages, specifically @mheob/eslint-config, @mheob/commitlint-config, and @mheob/prettier-config. Key changes include the addition of new ESLint rules, updates to dependency versions, and modifications to the structure of configuration files. The @mheob/eslint-config package has undergone a major version update with breaking changes. The updates aim to enhance code quality and maintainability through improved linting and formatting standards.

Changes

File Path	Change Summary
.changeset/thick-fishes-tell.md	Updated configuration packages: @mheob/eslint-config, @mheob/commitlint-config, @mheob/prettier-config to utilize latest ESLint rules.
.changeset/tricky-wolves-return.md	Major update to @mheob/eslint-config, adding new sorting rules and breaking changes affecting existing configurations.
package.json	Updated devDependencies versions for multiple packages, including @changesets/cli, @commitlint/cli, cspell, husky, prettier, and others.
packages/commitlint-config/package.json	Updated devDependencies and peerDependencies, including @commitlint/cli, cz-git, and changes to eslint and typescript management.
packages/eslint-config/package.json	Updated package version to 6.2.0 and modified various dependency versions, including @typescript-eslint/eslint-plugin and others.
packages/eslint-config/scripts/typegen.ts	Reordered import statements for builtinRules without affecting functionality.
packages/eslint-config/src/configs/perfectionist.ts	Removed sorting rules for specific frameworks and modified internalPattern for sort-imports.
packages/eslint-config/src/configs/react.ts	Added new recommended ESLint rules for React and modified existing rules based on package presence.
packages/eslint-config/src/factory.ts	Restructured mheob function to utilize a new helper function iniConfig for improved modularity in configuration generation.
packages/eslint-config/src/types.ts	Updated TypedFlatConfigItem type definition to enhance flexibility in plugin management.
packages/prettier-config/src/index.ts	Added comment to disable perfectionist/sort-objects rule and removed an inline ESLint disable comment.
pnpm-workspace.yaml	Updated versions for eslint, prettier, and typescript in the catalog section.

Possibly related PRs

• chore(deps): update all dependencies #176: This PR updates the @mheob/eslint-config package, which is directly related to the main PR's updates to the same package.
• docs(commitlint,eslint,prettier): improve README.md file #182: This PR includes updates to the @mheob/commitlint-config and @mheob/eslint-config packages, which are relevant to the main PR's focus on configuration packages.
• chore(eslint): add ESLint Config Inspector to vercel #184: This PR modifies the eslint.config.js file, which is part of the @mheob/eslint-config package, aligning with the main PR's updates to ESLint configurations.
• chore(deps): update dependency node to v20.17.0 #188: This PR updates the eslint dependency in multiple packages, including @mheob/eslint-config, which is relevant to the main PR's changes.
• chore(deps): update dependencies #193: This PR updates dependencies in the package.json file, including eslint, which is related to the main PR's focus on configuration packages.
• ci: fix vercel build #194: This PR involves changes to the CI/CD pipeline that affect how ESLint is run, which is relevant to the main PR's updates to ESLint configurations.
• feat(tsconfig): sync astro with the latest docs #195: This PR updates TypeScript configurations, which may indirectly relate to the main PR's focus on improving code quality through configuration updates.

Suggested labels

bug_fix, Review effort [1-5]: 3

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 6214ffa and 8aeb826.

📒 Files selected for processing (2)

• packages/commitlint-config/package.json (1 hunks)
• packages/eslint-config/package.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/commitlint-config/package.json
• packages/eslint-config/package.json

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (7)

.changeset/tricky-wolves-return.md (1)

5-5: Fix spelling and formatting issues

The description has spelling and formatting issues that should be addressed.

-add the newest rules, espacially a new sorting system which has breaking changes
+Add the newest rules, especially a new sorting system which has breaking changes.

packages/commitlint-config/package.json (1)

33-33: Consider synchronizing cz-git versions

While the current versions are compatible, consider updating peerDependencies to match the newer minor version for consistency.

Apply this diff to synchronize the versions:

  "peerDependencies": {
    "@commitlint/cli": "^19.6.0",
    "commitizen": "^4.3.0",
-   "cz-git": "^1.10.0"
+   "cz-git": "^1.11.0"
  },

Also applies to: 40-40

packages/eslint-config/src/factory.ts (1)

Line range hint 75-81: Consolidate isInEditor calculation to avoid redundancy

The isInEditor variable is calculated in both iniConfig (lines 78-81) and mheob (lines 134-139) using identical logic. Consider computing isInEditor once and passing it as a parameter to iniConfig to improve maintainability and prevent potential inconsistencies.

Also applies to: 133-139

packages/eslint-config/package.json (1)

Line range hint 96-106: Peer dependency version mismatch

Several peer dependencies have older version requirements than what's specified in dependencies:

• @eslint-react/eslint-plugin: ^1.15.0 (peer) vs ^1.19.0 (dev)
• svelte-eslint-parser: ^0.41.0 (peer) vs ^0.43.0 (dev)

Update peer dependency versions to match the actual requirements to avoid potential compatibility issues.

packages/eslint-config/src/types.ts (1)

Line range hint 14-23: LGTM! Well-documented type enhancement

The updated type definition improves flexibility for plugin handling while maintaining type safety for the rest of the configuration. The documentation clearly explains the rationale.

Consider adding an example of plugin usage in the documentation comment to make it even more helpful:

 /**
  * An object containing a name-value mapping of plugin names to plugin objects. When `files` is
  * specified, these plugins are only available to the matching files.
  *
+ * @example
+ * {
+ *   plugins: {
+ *     myPlugin: require('eslint-plugin-my-plugin')
+ *   }
+ * }
  *
  * @see [Using plugins in your configuration](https://eslint.org/docs/latest/user-guide/configuring/configuration-files-new#using-plugins-in-your-configuration)
  */

packages/eslint-config/src/configs/react.ts (2)

68-80: LGTM! Well-structured DOM safety rules.

The new DOM-related rules are well-chosen with appropriate severity levels - critical security issues as errors and best practices as warnings.

Consider documenting these rules in your project's contributing guidelines to help developers understand why certain DOM manipulations trigger warnings or errors.

---

81-83: Consider enhancing exhaustive-deps configuration.

While the core hooks rules are correctly configured, the exhaustive-deps rule could benefit from additional configuration to handle specific dependencies.

Consider adding custom configurations for common scenarios:

 'react-hooks/exhaustive-deps': [
   'warn',
+  {
+    additionalHooks: '(useRecoilCallback|useRecoilTransaction_UNSTABLE)',
+    enableDangerousAutofixThisMayCauseInfiniteLoops: false
+  }
 ],

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 91792ac and 6214ffa.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (12)

• .changeset/thick-fishes-tell.md (1 hunks)
• .changeset/tricky-wolves-return.md (1 hunks)
• package.json (1 hunks)
• packages/commitlint-config/package.json (1 hunks)
• packages/eslint-config/package.json (1 hunks)
• packages/eslint-config/scripts/typegen.ts (1 hunks)
• packages/eslint-config/src/configs/perfectionist.ts (1 hunks)
• packages/eslint-config/src/configs/react.ts (1 hunks)
• packages/eslint-config/src/factory.ts (2 hunks)
• packages/eslint-config/src/types.ts (2 hunks)
• packages/prettier-config/src/index.ts (1 hunks)
• pnpm-workspace.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (5)

• packages/eslint-config/scripts/typegen.ts
• .changeset/thick-fishes-tell.md
• packages/prettier-config/src/index.ts
• pnpm-workspace.yaml
• package.json

🔇 Additional comments (5)

packages/commitlint-config/package.json (1)

34-35: LGTM! Good practice using catalog versioning

The switch to catalog: notation for eslint and typescript is a good practice for maintaining consistent versions across the monorepo.

Let's verify this is consistent across other packages:

✅ Verification successful

Excellent! All packages consistently use catalog versioning

The verification confirms that all packages in the monorepo (prettier-config, eslint-config, commitlint-config, and root package.json) consistently use the catalog: notation for both eslint and typescript dependencies, which is indeed a good practice for version consistency across the monorepo.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if other packages in the monorepo also use catalog versioning for eslint and typescript

# Search for eslint and typescript version specifications in all package.json files
echo "Checking eslint and typescript versions in package.json files:"
fd package.json --type f | xargs rg '"(eslint|typescript)": "(?!catalog:)'

Length of output: 475

---

Script:

#!/bin/bash
# Description: Check if other packages in the monorepo also use catalog versioning for eslint and typescript

# Search for eslint and typescript version specifications in all package.json files
echo "Checking eslint and typescript versions in package.json files:"
fd package.json --type f | xargs rg '"(eslint|typescript)": ".+?"' -g '!**/node_modules/**'

Length of output: 746

packages/eslint-config/src/configs/perfectionist.ts (1)

43-43: Breaking Change: Import sorting pattern modified

The internalPattern regex has been updated to be more precise. This change could affect how internal imports are sorted in existing codebases.

Let's check for potential impact:

✅ Verification successful

No impact detected - pattern change is safe

The regex pattern change from '@/**' to '^@/.*' in perfectionist.ts appears to be safe as there are no imports using the @/ pattern across the codebase. The only occurrence of @/ is in the configuration file itself where the pattern is defined.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Find files with imports that might be affected by the pattern change
# Look for imports starting with @/ that might be sorted differently

rg --type ts --type tsx --type jsx "^import.*['|\"]@/" -l

Length of output: 89

---

Script:

#!/bin/bash
# Let's try a different approach to find imports with @/ pattern
# Using ripgrep without file type filters first

# Search for import statements with @/ pattern
rg "^import.*['|\"]@/" -l

# Also search for any usage of @/ in the codebase to understand the scope
rg "@/" -l

Length of output: 92

packages/eslint-config/package.json (1)

41-42: Verify compatibility with TypeScript-ESLint update

The update to @typescript-eslint/* packages (8.8.1 → 8.18.0) includes multiple releases. Please ensure compatibility with your TypeScript version.

✅ Verification successful

Let me gather more information about TypeScript dependencies across the workspace.

---

Let me try a different approach to check the dependencies.

---

Based on the package.json content, I can now generate the final response:

TypeScript-ESLint update appears safe to proceed

The package uses TypeScript from the catalog (likely a workspace-level version control), and all TypeScript-related peer dependencies are marked as optional. The update to @typescript-eslint v8.18.0 should be safe as the package properly manages its dependencies through the workspace catalog system.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for TypeScript version compatibility
jq -r '.dependencies["typescript"], .devDependencies["typescript"]' package.json

Length of output: 96

---

Script:

#!/bin/bash
# Find all package.json files and check for typescript dependencies
fd package.json --exec jq -r '. | select(.dependencies.typescript or .devDependencies.typescript) | "File: {}\nTypeScript version: \(.dependencies.typescript // .devDependencies.typescript)"'

# Also check for typescript-eslint peer dependencies
rg '"peerDependencies".*typescript' -A 5 -g 'package.json'

Length of output: 252

---

Script:

#!/bin/bash
# Check the direct content of the package.json in the eslint-config package
cat packages/eslint-config/package.json

# Also check the @typescript-eslint/eslint-plugin's required peer dependencies
cat node_modules/@typescript-eslint/eslint-plugin/package.json 2>/dev/null || echo "Module not found"

Length of output: 3932

packages/eslint-config/src/configs/react.ts (2)

Line range hint 1-104: Verify impact of rule changes on existing codebase.

Since this is a major update with new and modified rules, it's important to assess the impact on the existing codebase.

Let's check for potential violations of the new rules:

✅ Verification successful

Let me gather more information to verify the impact comprehensively.

---

Rule changes appear safe to implement

Based on the verification results, the new and modified rules in the React ESLint configuration appear safe to implement as:

• No actual usage of dangerous patterns was found in the codebase (only type definitions)
• All matches were found only in the typegen.d.ts file, which contains rule definitions
• No instances of problematic patterns like unsafe button usage, void DOM elements with children, or unsafe target="_blank" were detected

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for potential violations of new rules in the codebase

# Check for void DOM elements with children
echo "Checking for void DOM elements with children..."
ast-grep --pattern 'img { $$ }'

# Check for dangerous innerHTML usage
echo "Checking for innerHTML usage..."
rg -l "dangerouslySetInnerHTML"

# Check for missing button types
echo "Checking for buttons without type..."
ast-grep --pattern '<button>$$$</button>'

# Check for target="_blank" without rel="noopener"
echo "Checking for unsafe target blank..."
ast-grep --pattern 'target="_blank"'

Length of output: 530

---

Script:

#!/bin/bash
# Let's check more specific patterns and get context

# Check dangerouslySetInnerHTML usage with context
echo "Checking dangerouslySetInnerHTML context..."
rg "dangerouslySetInnerHTML" -A 2 -B 2

# Check for button elements with more context
echo "Checking button elements..."
ast-grep --pattern '<button $$$>$$$</button>'

# Check for iframe elements
echo "Checking iframe elements..."
ast-grep --pattern '<iframe $$$>'

# Check for find DOM node usage
echo "Checking findDOMNode usage..."
rg "findDOMNode"

# Check for script URLs
echo "Checking script: URLs..."
rg "javascript:" -A 2 -B 2

Length of output: 2236

---

85-104: Verify framework-specific export names.

The configuration intelligently handles different frameworks, but the allowed export names might need regular updates as Next.js and Remix evolve.

Let's verify the current export names against the framework documentation:

✅ Verification successful

Framework exports configuration appears to be up-to-date

The configuration in the ESLint rule aligns with the current framework conventions:

• For Next.js: The exports (config, generateStaticParams, metadata, generateMetadata, viewport, generateViewport) match the App Router conventions for page/layout exports
• For Remix: The exports (meta, links, headers, loader, action) correspond to the standard route module exports

The rule is properly configured as a warning rather than an error, which is appropriate given the evolving nature of these frameworks. The allowConstantExport flag is also dynamically configured based on the environment.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if the configured export names match the latest framework documentation

# Check Next.js exports in their documentation
echo "Checking Next.js exports..."
rg --type md -l "export.*metadata|generateMetadata|config|generateStaticParams|viewport|generateViewport" \
  $(fd -t f "README.md|documentation" | grep -i "next")

# Check Remix exports in their documentation
echo "Checking Remix exports..."
rg --type md -l "export.*meta|links|headers|loader|action" \
  $(fd -t f "README.md|documentation" | grep -i "remix")

Length of output: 689

---

Script:

#!/bin/bash
# Let's try a more focused search for framework-specific exports in the actual code

# Search for Next.js exports in TypeScript/JavaScript files
echo "Searching for Next.js exports..."
rg -t ts -t js "export\s+(const|async function|function)?\s*(metadata|generateMetadata|config|generateStaticParams|viewport|generateViewport)" -A 2

# Search for Remix exports in TypeScript/JavaScript files
echo "Searching for Remix exports..."
rg -t ts -t js "export\s+(const|async function|function)?\s*(meta|links|headers|loader|action)" -A 2

# Search for any React Refresh related configurations or discussions
echo "Searching for React Refresh related configurations..."
rg "react-refresh/only-export-components" -A 5

Length of output: 1963

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud