chore: upgrade eslint

[codfish]

• Updated development tooling and dependency versions to keep linting and commit checks current.
• Revised project scripts for linting/formatting to use the updated linter workflow.
• Added package manager overrides to enforce specific transitive dependency versions for more consistent installs.

[coderabbitai]

Warning

Rate limit exceeded

@codfish has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 9 minutes and 19 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 31ca0e98-e6ab-4f5b-a9f9-1fba2c67b58e

📥 Commits

Reviewing files that changed from the base of the PR and between b3c47a9 and 67c6a48.

📒 Files selected for processing (1)

• .github/workflows/security.yml

📝 Walkthrough

Walkthrough

This change updates package.json: modifies scripts (lint, removes fix, changes format), bumps several devDependencies (including @codfish/eslint-config, eslint, doctoc, lint-staged), and adds a pnpm.overrides block with multiple package version mappings.

Changes

Cohort / File(s)	Summary
Package manifest package.json	Updated scripts: lint -> "eslint", removed fix, format -> "eslint --fix". Bumped devDependencies: @codfish/eslint-config 12.3.0→13.1.2, eslint ^9.39.2→^10.0.3, doctoc ^2.2.1→^2.3.0, lint-staged ^16.2.7→^16.3.2. Added pnpm.overrides with version constraints (ajv, minimatch, underscore, etc.).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰
I hopped through package.json bright,
scripts trimmed and versions light,
overrides placed with care,
linting sharper in the air —
a little hop, a tidy flight.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: upgrade eslint' accurately reflects the main change in the pull request, which involves upgrading ESLint from 9.39.2 to 10.0.3 and related configuration updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/eslint-update

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🚀 Integration Test Results

npm-pr-version action test:

• ✅ Version generation: 0.0.0-PR-59--67c6a48
• ✅ package.json update: Successful
• ✅ Format validation: Passed

The action is working correctly! 🎉

[github-actions]

🧪 Test Results

✅ All tests passed successfully!

• Linting: ✅ Passed
• Unit tests: ✅ Passed
• Integration tests: ✅ Passed

[github-actions]

Claude finished @codfish's task in 1m 7s —— View job

---

Code Review: chore: upgrade eslint

• Read AGENT.md for repo instructions
• Analyze PR changes (package.json, pnpm-lock.yaml)
• Review ESLint version upgrade details
• Provide comprehensive review feedback

---

Summary

This PR upgrades two dev dependencies:

• eslint: ^9.39.2 → 10 (ESLint v10.0.0)
• @codfish/eslint-config: 12.3.0 → 13.1.2

CI reports all tests passing (lint ✅, unit ✅, integration ✅).

---

Observations

Version specifier style (package.json:36)

The eslint specifier was changed from ^9.39.2 to 10 (bare major). This pins to v10.x but without a caret, so pnpm will use >=10.0.0 <11.0.0 semantics (equivalent to ^10.0.0). While this works and is consistent with how pnpm interprets a bare major, it's inconsistent with the ^ prefix used elsewhere in devDependencies. Consider using ^10.0.0 for consistency and clarity. This is a minor style nit. Fix this →

Node.js engine requirement change

@codfish/eslint-config@13.1.2 raised its engines.node from >=20.0.0 to >=20.19.0. Several ESLint ecosystem packages (@eslint/config-array, @eslint/config-helpers) also tightened requirements to ^20.19.0 || ^22.13.0 || >=24. This is fine as long as your CI/CD environments and the setup-node-and-install action all target Node 20.19+ or 22.13+.

@typescript-eslint bump

The lock file shows @typescript-eslint/eslint-plugin and @typescript-eslint/parser jumping from 8.44.0 → 8.56.1. These are transitive deps pulled in by @codfish/eslint-config. This is expected with the config version bump and shouldn't cause issues — tests pass confirms this.

@commitlint/* packages updated

Transitive dependency bumps from 20.4.0/20.4.1 → 20.4.3 across all commitlint packages. These appear to be minor/patch updates and are low risk.

Lock file hygiene

The pnpm-lock.yaml changes look internally consistent — the resolved versions match the specifiers, and the dependency graph appears correct.

---

Security

This is a dev-only tooling upgrade with no runtime impact. No security concerns.

Code Quality / Testing

Tests pass in CI. The ESLint 10 upgrade is straightforward since @codfish/eslint-config explicitly tracks the peer dep requirement (eslint: '>= 10' in v13.1.2). The project was likely already using the flat config format (required in ESLint 9+), so no migration work should be needed.

---

Verdict

LGTM with one minor suggestion: consider changing "eslint": "10" to "eslint": "^10.0.0" for consistency with the rest of devDependencies. Otherwise this is a clean, well-contained upgrade.

[github-actions]

✅ PR package published successfully!

Install:

pnpm add -D @codfish/actions@0.0.0-PR-59--67c6a48
npm install -D @codfish/actions@0.0.0-PR-59--67c6a48
yarn add -D @codfish/actions@0.0.0-PR-59--67c6a48
bun add -d @codfish/actions@0.0.0-PR-59--67c6a48

View on npm: https://www.npmjs.com/package/@codfish/actions/v/0.0.0-PR-59--67c6a48

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 33-36: The package.json change replaced the eslint version with a
bare "10" and formatting is out of sync; update the eslint dependency value to a
caret range like "^10.0.0" to match the project's dependency style and then run
the formatter (pnpm format) to apply Prettier formatting to package.json; look
for the "eslint" entry in package.json to make this edit and ensure the file is
saved/formatted before committing.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a9848d1f-ae27-4671-a91c-72746c9683c8

📥 Commits

Reviewing files that changed from the base of the PR and between 92f3978 and ffb2a82.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• package.json

[github-actions]

🎉 This PR is included in version 3.3.2 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀