Reapply "refactor!: Synchronize dev toolchain with module template and core monorepo (#420)" (#423) #426
Conversation
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring alerts on:
|
|
@SocketSecurity ignore npm/@arethetypeswrong/core@0.15.1 Network access expected for these |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
|
|
||
| afterEach(() => { | ||
| jest.useRealTimers(); | ||
| jest.clearAllTimers(); |
There was a problem hiding this comment.
Bug: Test Suite Timer Pollution
The test suite sets up fake timers in beforeAll but doesn't restore real timers in an afterAll hook. This means fake timers persist after the suite completes, which could lead to test pollution and affect subsequent test files.
|
@SocketSecurity ignore npm/commander@10.0.1 Shell access OK, this is expected @SocketSecurity ignore npm/mz@2.7.0 Shell and network access expected, this is OK |
|
@SocketSecurity ignore npm/cosmiconfig@7.1.0 These "new authors" are from many years ago, these alerts are silly |
|
@SocketSecurity ignore npm/@babel/helper-module-transforms@7.28.3 AI nonsense. The alert description even says that the code is legitimate and poses no risk, which seemingly contradicts the "Medium risk" rating. |
|
@SocketSecurity ignore npm/shiki@0.14.7 Weird that a syntax highlighting library would need network access. But it appears to be for the purpose of bootstrapping a WASM bundle. And this has been published over 2 years with no reported vulnerabilities. |
This reverts commit c591a5f (Reapplies 5391380)
Note
Overhauls the dev toolchain: upgrades ESLint to v9 with new configs/plugins, moves to TypeScript 5.x, adds TypeDoc/depcheck/ts-bridge/ATTW tooling, updates Prettier to v3, and refreshes dependencies.
eslint-plugin-import-x,eslint-import-resolver-typescript), and update related utilities.typescript-eslint(v8),ts-node, and supporting packages.prettier-plugin-packagejson; add TypeDoc.@arethetypeswrong/cli,@ts-bridge/cli, and depcheck for dependency hygiene.Written by Cursor Bugbot for commit 5ef56a4. This will update automatically on new commits. Configure here.