chore(deps): upgrade dependencies

[rhamzeh]

Description

What problem is being solved?

How is it being solved?

What changes are made to solve it?

References

Review Checklist

• I have clicked on "allow edits by maintainers".
• I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

• Chores
  • Updated development dependencies to the latest patch versions to improve tooling consistency and maintainability.
  • No changes to app behavior, performance, or user interface.
  • No action required for end-users.

[coderabbitai]

Walkthrough

Patch-level updates to devDependencies in package.json: @types/node, @typescript-eslint/eslint-plugin, and @typescript-eslint/parser. No source code or configuration changes beyond version bumps.

Changes

Cohort / File(s)	Summary of Changes
Dev dependency bumps package.json	Updated devDependencies: @types/node ^24.2.0 → ^24.2.1; @typescript-eslint/eslint-plugin ^8.39.0 → ^8.39.1; @typescript-eslint/parser ^8.39.0 → ^8.39.1

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• chore(deps): upgrade dependencies #241: Continues patch-level bumps for the same devDependencies (@types/node and @typescript-eslint/*).

Suggested reviewers

• sergiught

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/bump-deps

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​typescript-eslint/​parser@​8.39.0 ⏵ 8.39.1
	@​typescript-eslint/​eslint-plugin@​8.39.0 ⏵ 8.39.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		[email protected] has a License Policy Violation. License: CC-BY-4.0 (npm metadata) License: CC-BY-4.0 (package/LICENSE) License: CC-BY-4.0 (package/package.json) From: package-lock.json → npm/[email protected] → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.16%. Comparing base (2d57837) to head (b34c18c).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #248   +/-   ##
=======================================
  Coverage   88.16%   88.16%           
=======================================
  Files          23       23           
  Lines        1217     1217           
  Branches      216      216           
=======================================
  Hits         1073     1073           
  Misses         86       86           
  Partials       58       58           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2d57837 and b34c18c.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

🔇 Additional comments (2)

package.json (2)

32-32: Confirm Node types vs supported runtime (engines).

You're bumping @types/node to v24.x while "engines.node" declares support starting at 16.15. Using Node 24 types can surface APIs not available on Node 16/18 and may leak into generated .d.ts, giving consumers a false sense of availability.

Please verify one of:

• The SDK’s minimum supported Node version is actually >= 20/22/24 and engines should be updated.
• Or keep @types/node aligned to the lowest supported Node LTS (e.g., 16 or 18) to ensure type-level compatibility for consumers.

---

32-35: LGTM on patch bumps.

These are patch-level updates to devDependencies and should be low risk. Thanks for keeping them current.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Ensure CI/dev Node version satisfies @typescript-eslint v8 requirements.

@typescript-eslint v8 requires Node >= 18.18 in development environments. If your CI or local dev still uses Node 16 per the engines field, linting may fail.

Run this script to verify Node versions used in CI/dev and surface mismatches:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Package engines.node:"
jq -r '.engines.node // "N/A"' package.json

echo -e "\nDev deps of interest:"
jq -r '.devDependencies | {eslint, "@typescript-eslint/eslint-plugin", "@typescript-eslint/parser", "typescript", "@types/node"}' package.json

echo -e "\n.tsconfig files (if any):"
fd -a -H '^tsconfig.*\.json$' | while read -r f; do
  echo "==> $f"
  jq -r '{compilerOptions: .compilerOptions // {}}' "$f" | jq
done

echo -e "\n.nvmrc (if any):"
if [[ -f .nvmrc ]]; then cat .nvmrc; else echo "not found"; fi

echo -e "\nGitHub Actions node-version matrix (if any):"
fd -a -H '\.github/workflows/.*\.yml$' | while read -r wf; do
  echo "==> $wf"
  rg -n 'setup-node|node-version|matrix' -A2 -B2 "$wf" || true
done

Length of output: 1024

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Skip tsconfig parsing errors
echo "Package engines.node:"
jq -r '.engines.node // "N/A"' package.json || true

echo -e "\n.nvmrc (if any):"
if [[ -f .nvmrc ]]; then 
  cat .nvmrc
else 
  echo "not found"
fi

echo -e "\nGitHub Actions workflows Node versions:"
# List workflow files
fd .github/workflows -type f -name '*.yml' | while read -r wf; do
  echo "==> $wf"
  # Search for setup-node usage and node-version settings
  rg -n 'actions/setup-node' -A2 -B0 "$wf" && rg -n 'node-version' -A0 -B0 "$wf" || echo "  ⚠️ No setup-node or node-version found"
done

Length of output: 548

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Package engines.node:"
jq -r '.engines.node // "N/A"' package.json || true

echo -e "\n.nvmrc (if any):"
if [[ -f .nvmrc ]]; then
  cat .nvmrc
else
  echo "not found"
fi

echo -e "\nGitHub Actions workflows Node versions:"
# Use find instead of fd to locate workflow YAMLs
if [[ -d .github/workflows ]]; then
  find .github/workflows -type f -name '*.yml' | while read -r wf; do
    echo "==> $wf"
    # Look for setup-node usage and node-version keys
    grep -En 'actions/setup-node|node-version' "$wf" || echo "  ⚠️ No setup-node or node-version found"
  done
else
  echo "No .github/workflows directory found"
fi

Length of output: 670

---

Ensure CI and local Node ≥ 18.18 for @typescript-eslint v8

Your engines.node is currently set to >=16.15.0 (package.json) and there’s no .nvmrc or explicit Node version in CI (scorecard.yml). Since @typescript-eslint v8 requires Node ≥ 18.18, please:

• Update package.json

"engines": {
-   "node": ">=16.15.0"
+   "node": ">=18.18.0"
}

• Add or bump your .nvmrc to

18.18.0

• Pin Node in GitHub Actions (e.g. .github/workflows/scorecard.yml):

- uses: actions/setup-node@v3
  with:
-     node-version: 16
+     node-version: 18.18

This will ensure both your dev environment and CI satisfy @typescript-eslint v8’s minimum Node requirement.

🤖 Prompt for AI Agents

In package.json around lines 34-35, engines.node is too low for
@typescript-eslint v8; update package.json's "engines.node" to ">=18.18.0", add
a .nvmrc file containing "18.18.0" at repository root, and pin CI to Node 18.18
by updating the GitHub Actions workflow (e.g., .github/workflows/scorecard.yml)
to use actions/setup-node@v3 with node-version set to "18.18".

[sergiught]

Can we apply the suggestion from rabbitai? @rhamzeh updating node engine to 18?

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!