chore: version packages

[github-actions]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

node-version@4.2.0

Minor Changes

• 15bd7e2: Added eolDate property to NodeVersion interface to provide the specific End-of-Life date for a major version.

Patch Changes

• 131c4a3: Added security enhancements: DoS prevention via input length limit and robust 'v' prefix stripping.

---

Summary by cubic

Release node-version v4.2.0 with a new eolDate field and input parsing hardening to prevent DoS and correctly handle leading "v".

• New Features

  • Added eolDate to NodeVersion to expose the specific EoL date for a major version.

• Bug Fixes

  • Limited input length to prevent DoS.
  • Robustly strip leading "v" from version strings.

^{Written for commit cfce4ec. Summary will update on new commits.}

Summary by CodeRabbit

• New Features

  • Added End-of-Life date tracking for version lifecycle management.

• Bug Fixes

  • Improved security with DoS prevention and enhanced input validation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

A release commit updating the package version from 4.1.0 to 4.2.0 and documenting changelog entries for the new version, including the introduction of an eolDate property on NodeVersion and DoS prevention improvements via input validation.

Changes

Cohort / File(s)	Summary
Release Documentation CHANGELOG.md, package.json	Version bump to 4.2.0 with corresponding changelog entries documenting the new eolDate property on NodeVersion interface (minor) and DoS prevention improvements through input length limits and robust 'v' prefix stripping (patch).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• 🎨 Palette: Expose eolDate and improve JSDoc #790: Modifies NodeVersion surface by adding/exposing the eolDate property alongside version behavior changes.
• feat: add eolDate to NodeVersion #786: Directly related as it also adds/exposes eolDate on NodeVersion with corresponding getVersion and type export modifications.

Poem

🐰 A new release hops into view,
Version bumped to 4.2.0—hooray, it's true!
eolDate arrives with proper grace,
DoS protection in its place,
Changelog written, all is right! 🥕✨

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'chore: version packages' accurately describes the main change: bumping the package version from 4.1.0 to 4.2.0 in preparation for release, which is the primary purpose of this automated Changesets release PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 4 files

[greptile-apps]

Greptile Summary

Automated release PR generated by Changesets action that bumps the package version from 4.1.0 to 4.2.0. This release includes two significant improvements:

• Minor feature: Added eolDate property to the NodeVersion interface (commit 15bd7e2), providing a Date object for when a major Node version reaches End-of-Life
• Security patch: Enhanced DoS prevention with MAX_VERSION_LENGTH limit (256 chars) and improved prefix stripping logic (commit 131c4a3)

The PR follows the standard Changesets workflow: consuming changeset files, updating the CHANGELOG, and bumping the version in package.json. All changes are mechanically generated and align with the project's semantic versioning practices documented in AGENTS.md.

Confidence Score: 5/5

• This PR is safe to merge with no risk - standard automated release process
• Perfect score because this is a mechanically-generated release PR following established Changesets workflow. The underlying features (eolDate and security fixes) were already merged and tested in previous commits. Changes are limited to version metadata updates with no code logic modifications.
• No files require special attention

Important Files Changed

Filename	Overview
.changeset/add-eol-date.md	Changeset file deleted as part of release process - documents the eolDate feature addition
.changeset/security-fix.md	Changeset file deleted as part of release process - documents DoS prevention and prefix stripping improvements
CHANGELOG.md	Changelog updated with v4.2.0 release notes including eolDate feature and security enhancements
package.json	Version bumped from 4.1.0 to 4.2.0 for minor release

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant CS as Changesets
    participant GH as GitHub Actions
    participant NPM as NPM Registry
    
    Dev->>CS: Create changeset files<br/>(add-eol-date.md, security-fix.md)
    Dev->>GH: Merge features to main
    GH->>CS: Trigger release action
    CS->>CS: Process changesets
    CS->>CS: Bump version 4.1.0 → 4.2.0
    CS->>CS: Update CHANGELOG.md
    CS->>CS: Delete changeset files
    CS->>GH: Create release PR #794
    Note over GH,NPM: On PR merge:
    GH->>NPM: Build & publish package
    NPM-->>GH: Package published

Loading

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (8e77fd4) to head (cfce4ec).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #794   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines           46        46           
  Branches        16        16           
=========================================
  Hits            46        46           

Flag	Coverage Δ
unittests	100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[srod]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8e77fd4 and cfce4ec.

📒 Files selected for processing (2)

• CHANGELOG.md
• package.json

🧰 Additional context used

📓 Path-based instructions (1)

package.json

📄 CodeRabbit inference engine (AGENTS.md)

package.json: Ensure package.json specifies type: module for ESM-only distribution and engines: >=20.0.0 for Node.js support
Node.js engine requirement must be set to >=20.0.0 in package.json

Files:

• package.json

🧠 Learnings (2)

📓 Common learnings

Learnt from: CR
Repo: srod/node-version PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-05T20:10:06.257Z
Learning: Applies to src/index.ts : Maintain EOL_DATES constant in src/index.ts mapping Node.js major versions to End of Life dates

📚 Learning: 2026-01-05T20:10:06.257Z

Learnt from: CR
Repo: srod/node-version PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-05T20:10:06.257Z
Learning: Applies to src/index.ts : Maintain EOL_DATES constant in src/index.ts mapping Node.js major versions to End of Life dates

Applied to files:

• CHANGELOG.md

🔇 Additional comments (1)

package.json (1)

3-3: Version bump aligns with release changes.

The package version has been correctly updated from 4.1.0 to 4.2.0, consistent with the addition of a minor feature (eolDate property) and patch fixes (DoS prevention). ESM-only setup and Node.js engine requirements (≥20.0.0) are properly configured per coding guidelines.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check files in the repository structure
echo "=== Repository structure ==="
ls -la | head -20

echo -e "\n=== Source files ==="
fd -t f '\.(ts|js)$' src/ 2>/dev/null | head -20

echo -e "\n=== Checking for src/index.ts ==="
if [ -f "src/index.ts" ]; then
  echo "src/index.ts exists"
  wc -l src/index.ts
else
  echo "src/index.ts not found"
fi

Repository: srod/node-version

Length of output: 1427

---

🏁 Script executed:

#!/bin/bash
# Verify the implementation changes referenced in the changelog

# Check if src/index.ts exists and contains the eolDate property
echo "=== Checking for eolDate property in NodeVersion interface ==="
rg -n "eolDate" --type ts 2>/dev/null || echo "⚠️ No eolDate property found"

# Check if EOL_DATES constant exists
echo -e "\n=== Checking for EOL_DATES constant ==="
rg -n "EOL_DATES" --type ts 2>/dev/null || echo "⚠️ No EOL_DATES constant found"

# Check for input validation/length limit for DoS prevention
echo -e "\n=== Checking for input length validation ==="
rg -n "length.*limit|MAX.*LENGTH|slice\(0" --type ts -i 2>/dev/null || echo "⚠️ No explicit length limit found"

# Check for 'v' prefix stripping logic
echo -e "\n=== Checking for 'v' prefix stripping ==="
rg -n "startsWith.*['\"]v['\"]|toLowerCase|prefix" --type ts -A 2 -B 1 2>/dev/null | head -40

Repository: srod/node-version

Length of output: 2980

---

🏁 Script executed:

#!/bin/bash
# Check for changeset file
echo "=== Checking for changeset file ==="
ls -la .changeset/ 2>/dev/null || echo "⚠️ .changeset/ directory not found"

if [ -d ".changeset" ]; then
  find .changeset -type f -name "*.md" | head -10
fi

Repository: srod/node-version

Length of output: 344

---

🏁 Script executed:

#!/bin/bash
# Check for explicit input length limits and DoS prevention
echo "=== Checking src/index.ts for input validation/length limits ==="
cat -n src/index.ts | head -80

echo -e "\n=== Searching for 'slice(0' or explicit length limits in src/index.ts ==="
rg -n "slice\(0|length.*[0-9]|MAX" src/index.ts

echo -e "\n=== Checking .changeset directory for any actual changeset files ==="
find .changeset -type f -name "*.md" ! -name "README.md"

Repository: srod/node-version

Length of output: 3130

---

🏁 Script executed:

#!/bin/bash
# Check for input validation in security.test.ts to understand DoS prevention
echo "=== Full security test file ==="
cat -n src/security.test.ts

Repository: srod/node-version

Length of output: 2915

---

All implementation changes referenced in the changelog are present and verified.

The changelog entries for v4.2.0 are correct: src/index.ts contains the EOL_DATES constant (lines 15-20), src/types.ts includes the eolDate property in the NodeVersion interface (line 95), and the input validation logic for DoS prevention is properly implemented in the compareTo function (lines 55-71) with robust 'v' prefix stripping and strict input validation.

However, the .changeset/ directory is missing the actual changeset file (.md) that documents this release. Per project requirements, all PRs must include a changeset file in .changeset/ following semantic versioning.