Update non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@types/node (source)	24.10.12 → 24.10.13
eslint-plugin-sonarjs (source)	3.0.6 → 3.0.7
minimatch	10.1.2 → 10.2.0
typescript-eslint (source)	8.54.0 → 8.55.0

---

Release Notes

SonarSource/SonarJS (eslint-plugin-sonarjs)

v3.0.7

Compare Source

isaacs/minimatch (minimatch)

v10.2.0

Compare Source

v10.1.3

Compare Source

typescript-eslint/typescript-eslint (typescript-eslint)

v8.55.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

This update bumps several development and runtime dependencies across both the pr-review and pr-summary packages. These version upgrades ensure alignment with the latest patch releases for improved stability, compatibility, and security without altering functionality.

Walkthrough

• Chore: Upgraded minimatch from 10.1.2 to 10.2.0
• Chore: Updated @types/node from 24.10.12 to 24.10.13
• Chore: Bumped eslint-plugin-sonarjs from 3.0.6 to 3.0.7
• Chore: Incremented typescript-eslint from 8.54.0 to 8.55.0

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 850 | Completion Tokens: 495}

[github-actions]

Here’s a warm code review backed by AI support. Some suggestions are thoughtful predictions rather than guarantees, so feel free to adopt what suits you best. You remain in charge of each choice, and AI is simply here to lend a hand.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1454 | Completion Tokens: 4869}

[github-actions]

It’s recommended to use semantic version ranges for dependencies so that patch releases are picked up automatically, reducing the need for manual bumps. For example, you can replace the fixed version:

"minimatch": "10.2.0"

with a caret range:

"minimatch": "^10.2.0"

[github-actions]

It’s recommended to use semantic version ranges for dependencies so that patch releases are picked up automatically, reducing the need for manual bumps. For example, you can replace the fixed version:

"minimatch": "10.2.0"

with a caret range:

"minimatch": "^10.2.0"

[github-actions]

Similarly, your devDependencies are pinned to exact versions. Using caret (^) ranges helps ensure that patch and minor fixes are automatically incorporated. For example:

"@types/node": "^24.10.13",
"eslint-plugin-sonarjs": "^3.0.7",
"typescript-eslint": "^8.55.0"

This reduces manual version bumps for non-breaking updates.

[github-actions]

Similarly, your devDependencies are pinned to exact versions. Using caret (^) ranges helps ensure that patch and minor fixes are automatically incorporated. For example:

"@types/node": "^24.10.13",
"eslint-plugin-sonarjs": "^3.0.7",
"typescript-eslint": "^8.55.0"

This reduces manual version bumps for non-breaking updates.

[github-actions]

Both pr-review and pr-summary share identical dependencies and devDependencies. To adhere to DRY principles in your monorepo, consider centralizing these in the root package.json using npm or Yarn workspaces. This approach ensures consistent versions and simplifies maintenance. For example:

{
  "workspaces": ["pr-review", "pr-summary"],
  "dependencies": {
    "axios": "^1.13.5",
    "minimatch": "^10.2.0",
    "octokit": "^5.0.5",
    ...
  },
  "devDependencies": {
    "typescript": "^5.9.3",
    "@types/node": "^24.10.13",
    ...
  }
}

[github-actions]

Updated dependency versions across both pr-review and pr-summary packages to the latest patch releases, ensuring consistent tooling and security fixes without altering functionality.

Walkthrough

• Chore: Upgraded core libraries like minimatch and @types/node to address stability and security updates.
• Chore: Updated ESLint plugins (sonarjs, unicorn) and typescript-eslint for linting improvements.
• Chore: Aligned dependency versions in both modules for uniform development and build environments.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 882 | Completion Tokens: 771 | Diff Range: 22798b1...1e0ba25}

[github-actions]

Here’s an AI-assisted code review designed to support you. Some suggestions rely on predictions and may not fit your project perfectly. Feel free to choose what aligns with your needs and trust your skills—AI is here to help, but you’re in control.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1164 | Completion Tokens: 2977 | Diff Range: 22798b1...1e0ba25}

[github-actions]

The devDependencies block in this file is nearly identical to the one in pr-summary/package.json. To avoid version drift and reduce maintenance overhead, consider hoisting these shared dependencies into a single root-level package.json or using a workspace setup (npm/yarn/pnpm workspaces). That way, you only bump versions in one place. For example:

{
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": {
    "@types/node": "24.10.13",
    "@vercel/ncc": "0.38.4",
    "eslint": "9.39.2",
    "eslint-plugin-import": "2.32.0",
    "eslint-plugin-sonarjs": "3.0.7",
    "eslint-plugin-unicorn": "63.0.0",
    "prettier": "3.8.1",
    "tsx": "4.21.0",
    "typescript": "5.9.3",
    "typescript-eslint": "8.55.0",
    "yaml": "2.8.2"
  }
}

[github-actions]

The dependency name typescript-eslint does not match the official packages under the @typescript-eslint scope. To integrate TypeScript with ESLint, you should install @typescript-eslint/parser and @typescript-eslint/eslint-plugin at the same version. For example:

{
  "devDependencies": {
    "@typescript-eslint/parser": "8.55.0",
    "@typescript-eslint/eslint-plugin": "8.55.0"
  }
}

[github-actions]

This devDependencies block is duplicated in both pr-review and pr-summary. To keep versions in sync and simplify upgrades, you might centralize these shared devDependencies in a root workspace or monorepo setup. For example:

{
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": {
    "@types/node": "24.10.13",
    "@vercel/ncc": "0.38.4",
    "eslint": "9.39.2",
    "eslint-plugin-import": "2.32.0",
    "eslint-plugin-sonarjs": "3.0.7",
    "eslint-plugin-unicorn": "63.0.0",
    "prettier": "3.8.1",
    "tsx": "4.21.0",
    "typescript": "5.9.3",
    "typescript-eslint": "8.55.0",
    "yaml": "2.8.2"
  }
}

[github-actions]

The typescript-eslint key here is likely incorrect because the official ESLint integration packages are scoped under @typescript-eslint. Please replace it with the parser and plugin packages to avoid resolution errors. For example:

{
  "devDependencies": {
    "@typescript-eslint/parser": "8.55.0",
    "@typescript-eslint/eslint-plugin": "8.55.0"
  }
}