2025 Updates #47
2025 Updates #47
Conversation
There was a problem hiding this comment.
Pull request overview
This PR modernizes the project's dependencies, tooling, and configuration for 2025, updating from Node 18 to Node 22 as the baseline, and upgrading all development dependencies to their latest versions. The changes include fixing a bug in the encryption logic, improving type definitions, and updating CI/CD workflows.
Key Changes
- Updated TypeScript configuration to target Node 22 and reorganized compiler options for better clarity
- Upgraded all development dependencies (ESLint, Vitest, TypeScript, etc.) and GitHub Actions to newer versions
- Fixed encryption logic by adding missing
continuestatement forcleartextMetadatahandling - Corrected import paths from
utils.jstoutilities.jsand improved type definitions in the encryption API
Reviewed changes
Copilot reviewed 15 out of 17 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vitest.config.ts | Updated to use mode parameter in loadEnv for proper environment variable loading |
| tsconfig.json | Migrated to @tsconfig/node22, reorganized compiler options, added moduleDetection and target settings |
| test/info.test.ts | Added eslint-disable comment for sonarjs/no-hardcoded-passwords |
| test/encrypt.test.ts | Added eslint-disable comment and removed @ts-expect-error that's no longer needed |
| test/encrypt-and-decrypt.test.ts | Added eslint-disable comment for sonarjs/no-hardcoded-passwords |
| test/decrypt.test.ts | Added eslint-disable comment for sonarjs/no-hardcoded-passwords |
| src/utilities.ts | Simplified boolean return by removing unnecessary double negation |
| src/spawn.ts | Added eslint-disable comment for sonarjs/no-os-command-from-path |
| src/info.ts | Corrected import path from utils.js to utilities.js |
| src/encrypt.ts | Corrected import path, reorganized type definitions, made password properties optional, added continue statement for cleartextMetadata handling |
| src/decrypt.ts | Corrected import path from utils.js to utilities.js |
| package.json | Updated all devDependencies to latest versions (ESLint 9.39.1, Vitest 4.0.15, TypeScript 5.9.3, etc.) |
| eslint.config.js | Changed from typescript-eslint to eslint/config for defineConfig import |
| .github/workflows/npm-publish.yml | Updated GitHub Actions from v4 to v6 |
| .github/workflows/node.js.yml | Updated Node.js test matrix, QPDF version, and GitHub Actions to v6 |
| .github/workflows/codeql-analysis.yml | Removed entire CodeQL analysis workflow file |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| import myConfig from "@sparticuz/eslint-config"; | ||
| import tseslint from "typescript-eslint"; | ||
| import { defineConfig } from "eslint/config"; |
There was a problem hiding this comment.
The import import { defineConfig } from "eslint/config" may not be valid. As of January 2025, ESLint doesn't export from this path. The typical approach for ESLint flat config is to either:
- Use plain objects without a helper function, or
- Use TypeScript with JSDoc type annotations for type safety
Please verify that this import path exists in ESLint 9.39.1. If not, consider removing the defineConfig wrapper or using a valid import.
| owner?: string; | ||
| user?: string; |
There was a problem hiding this comment.
The owner and user properties are marked as optional, but the runtime validation at lines 107-108 requires both to be defined when using an object. This creates a type-safety issue where TypeScript allows passing { user: "test" } or { owner: "test" }, but the code will throw an error at runtime.
Consider making both properties required when using the object form:
| {
owner: string;
user: string;
}Or update the runtime logic to handle partial password objects appropriately.
| owner?: string; | |
| user?: string; | |
| owner: string; | |
| user: string; |
crypto.getRandomValues available in node 17.4.0 and higher
No description provided.