chore: version packages#29
Open
github-actions[bot] wants to merge 1 commit into
Open
Conversation
github-actions
Bot
force-pushed
the
changeset-release/main
branch
17 times, most recently
from
85492c4 to
974cc82
Compare
github-actions
Bot
force-pushed
the
changeset-release/main
branch
13 times, most recently
from
63ffcbd to
ce17da3
Compare
github-actions
Bot
force-pushed
the
changeset-release/main
branch
from
ce17da3 to
59842db
Compare
github-actions
Bot
force-pushed
the
changeset-release/main
branch
from
59842db to
b384f2c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
Releases
eslint-plugin-react-doctor@0.5.2
Patch Changes
#766
94f9f4fThanks @devin-ai-integration! - Bumpengines.nodeto^20.19.0 || >=22.13.0so the declared support range matches transitive dependencies (eslint-scope@9,eslint-visitor-keys@5require^22.13.0), preventing EBADENGINE warnings on npm and hard install failures on Yarn 1 under Node 22.12.x.Updated dependencies [
94f9f4f,038aaf7,fee3fc4,c4f0e60,f52bd07,7c88165]:oxlint-plugin-react-doctor@0.5.2
Patch Changes
#766
94f9f4fThanks @devin-ai-integration! - Bumpengines.nodeto^20.19.0 || >=22.13.0so the declared support range matches transitive dependencies (eslint-scope@9,eslint-visitor-keys@5require^22.13.0), preventing EBADENGINE warnings on npm and hard install failures on Yarn 1 under Node 22.12.x.#784
038aaf7Thanks @rayhanadev! - Fix a false positive innextjs-missing-metadata(#775): an App Router page is no longer flagged as "missing metadata for search previews" when it inheritsmetadata/generateMetadatafrom a co-located or ancestorlayout.*. Next.js merges metadata down the segment chain, so a page covered by a parent layout's title/description already has search-preview metadata. The rule now walks up the App Router directory tree (bounded, stopping atapp/) and stays quiet when an ancestor layout supplies metadata; pages with no metadata anywhere in the chain are still flagged.#796
fee3fc4Thanks @devin-ai-integration! -no-barrel-importmessaging is now framework-aware: files that target React Native / Expo (per the nearestpackage.jsonplatform, native/web file extensions, and the projectframeworksetting) say the barrel import "ships extra code in your app bundle & slows startup" instead of the web-only "slows page load" wording. Web projects, web-extension files inside RN monorepos, and projects with an unknown framework keep the existing page-load wording.#782
c4f0e60Thanks @rayhanadev! -only-export-componentsnow recognizes the route/special files of every file-routing framework react-doctor covers and skips them, so the documented "co-export config/metadata next to the default component" shape stops producing false-positive "non-component export" warnings:page,layout,loading,error,not-found,template,default,global-error,route) and Pages Router (_app,_document,_error) special files, plus metadata image routes (opengraph-image,twitter-image,icon,apple-icon, incl. numbered variants), which fixes thealt/size/contentType/revalidateexports inopengraph-image.tsx(#776)._layoutand the+html/+not-found/+native-intentreserved files.__rootand*.lazyroute modules.root,entry.client, andentry.servermodules.#790
f52bd07Thanks @devin-ai-integration! - Fix false positives inrn-no-raw-text(#788) for custom components that forward their children into a<Text>: the in-file wrapper detection now recognizes components that render{children}(or{props.children}) inside a nested<Text>(the<View><Text>{children}</Text></View>shape), not just components whose returned root is a<Text>. Detection also handles parenthesizedreturn (...)bodies,memo/forwardRef-wrapped components, fragment roots, conditional and logical returns, early returns insideifbranches, renamed destructured children ({ children: content }), the<Text children={children} />prop form, wrappers that forward through another in-file wrapper, children aliased to a variable or destructured from props in the body, props spreads that carry children (<Text {...props} />,<Text {...rest} />,<Text {...this.props} />), class components, andstyled(Text)/styled.Textfactories. The rule is also taggedtest-noise, so it no longer fires in test/story files — raw text rendered through React Native Testing Library never ships to users, and cross-file wrappers (an imported<Chip>Test Chip</Chip>in a.test.tsx) were the main source of unfixable noise there.#794
7c88165Thanks @devin-ai-integration! -rules-of-hooksandexhaustive-depsno longer report false positives for hooks called inside aforwardRef(...)/memo(...)render callback whose binding name is not PascalCase (e.g.const _Wrapped = forwardRef((props, ref) => { useHook(); ... })). The render callback passed as the first argument to React's HoCs is a component by construction, so both rules now treat it as one regardless of the variable name it lands on. Only the first argument is promoted — hooks insidememo's second argument (the props comparator) still report, as do genuinely non-component functions likeconst _helper = () => { useState(); }.react-doctor@0.5.2
Patch Changes
#767
486c68fThanks @rayhanadev! - The GitHub Action'sblockinginput now defaults tonone(advisory) instead oferror. Every PR still gets the full React Doctor report — the sticky summary comment, inline review comments, and a commit status with the health score — but the check no longer fails on findings, so a brand-new install can't red-X a teammate's PR on day one (trust-before-gate). To turn the gate back on, setblocking: warning(fail on any finding) orblocking: error(fail on error-severity findings) on the action. The generatedreact-doctor.ymldocuments this inline.Note: this changes behavior for existing
millionco/react-doctor@v2workflows that never setblocking— they were gating on error-severity findings and will now run advisory. Addblocking: errorto the action'swith:block to keep the previous behavior.The CLI / config default is unchanged:
react-doctor(and--blocking/ theblockingconfig key) still defaults toerror, so local runs, pre-commit hooks, and non-action CI keep failing on error-severity findings.#766
94f9f4fThanks @devin-ai-integration! - Bumpengines.nodeto^20.19.0 || >=22.13.0so the declared support range matches transitive dependencies (eslint-scope@9,eslint-visitor-keys@5require^22.13.0), preventing EBADENGINE warnings on npm and hard install failures on Yarn 1 under Node 22.12.x.#731
1ca6f0eThanks @aidenybai! - Bundle Effect into the published CLI sonpx react-doctor@latestno longer installs Effect'sini@7dependency and avoids the Node 22.19 engine warning.#791
22268f7Thanks @rayhanadev! - Cap theoxlintdependency to>=1.66.0 <1.67.0. oxlint 1.67.0 added an optional peer dependency onvite-plus, which in pnpm workspaces that installvite-plusat the root forces a second peer-resolution context for the Vite+ toolchain. That split installs a duplicate copy of the Vitest fork (@voidzero-dev/vite-plus-test), and test runs fail at collection withVitest failed to find the current suitebecause hooks register in one copy while suites live in the other (#699). Pinning below 1.67 keeps react-doctor's oxlint free of thevite-pluspeer edge, so pnpm dedupes the toolchain back to a single instance.#769
2f26228Thanks @rayhanadev! - Consolidate the scan-scope controls into one--scopeflag (andscopeconfig option) with four values, shared verbatim by the CLI and the GitHub Action:full(default) — the whole project, every issue. Whole-project checks (dead-code, environment, supply-chain) run only here.files— only the files changed vs the base, with all issues in them (no compare-to-main). What--stagedand an uncommitted--diffdid.changed— only issues the change introduced vs the base (the baseline delta). What--diff <base>and the action'sscope: changeddid.lines— only issues on the lines the change actually touched. New: previously this scoping existed only inside the GitHub Action's inline-review-comment step; it now lives in the engine, so the CI gate, score display, summary, and inline comments all honor one scope.--base <ref>sets the comparison base forfiles/changed/lines(auto-detected when omitted). Behavior is unchanged by default: the CLI--scopedefaults tofulland the actionscopeinput still defaults tochanged.--diff/config.diffkeep working as a deprecated alias (--diff <base>→--scope changed --base <base>,--diff false→--scope full) and emit a one-time deprecation warning;--stagedis retained as the source selector and composes with--scope files/--scope lines.#795
04e72a4Thanks @devin-ai-integration! - Diagnostics in test, spec, fixture, and Storybook files are now labeled with their file context. The terminal report and the per-rule text dumps tag those sites as(test file)/(story file)so a finding in a spec doesn't read as a production problem, and each diagnostic in the JSON report carries an optionalfileContextfield ("test"/"story"; omitted for production files). The classification reuses the same path heuristics that already drive test-noise auto-suppression, so the label and the suppression can never disagree.#784
038aaf7Thanks @rayhanadev! - Fix a false positive innextjs-missing-metadata(#775): an App Router page is no longer flagged as "missing metadata for search previews" when it inheritsmetadata/generateMetadatafrom a co-located or ancestorlayout.*. Next.js merges metadata down the segment chain, so a page covered by a parent layout's title/description already has search-preview metadata. The rule now walks up the App Router directory tree (bounded, stopping atapp/) and stays quiet when an ancestor layout supplies metadata; pages with no metadata anywhere in the chain are still flagged.#768
a64093cThanks @rayhanadev! - CI onboarding now resolves the repository's actual default branch instead of assumingmain. The pull request opened during setup asks GitHub (gh repo view) for the default branch — falling back toorigin/HEAD, thenmain/master— and uses it as the PR base, and the installed workflow's push trigger scans that same branch (master,develop, …) so the health-score trend works on repos whose default branch isn'tmain.#783
a48fb06Thanks @devin-ai-integration! - Add a--output-dir <dir>flag that writes the full diagnostics dump (diagnostics.json + one .txt per rule) to a directory of your choice instead of a random temp folder, prints the written path whenever the flag is set (previously--verbose-only), and makes the agent handoff reuse that directory instead of writing a second temp copy. Without the flag, behavior is unchanged.#792
19d99eeThanks @devin-ai-integration! - Titlereact-hooks-js/tododiagnostics "React Compiler doesn't support this syntax" instead of the generic "React Compiler can't optimize this" headline. Thetodorule fires when the compiler bails out on syntax it doesn't handle yet, so the headline now says what actually happened.#790
f52bd07Thanks @devin-ai-integration! - Fix false positives inrn-no-raw-text(#788) for custom components that forward their children into a<Text>: the in-file wrapper detection now recognizes components that render{children}(or{props.children}) inside a nested<Text>(the<View><Text>{children}</Text></View>shape), not just components whose returned root is a<Text>. Detection also handles parenthesizedreturn (...)bodies,memo/forwardRef-wrapped components, fragment roots, conditional and logical returns, early returns insideifbranches, renamed destructured children ({ children: content }), the<Text children={children} />prop form, wrappers that forward through another in-file wrapper, children aliased to a variable or destructured from props in the body, props spreads that carry children (<Text {...props} />,<Text {...rest} />,<Text {...this.props} />), class components, andstyled(Text)/styled.Textfactories. The rule is also taggedtest-noise, so it no longer fires in test/story files — raw text rendered through React Native Testing Library never ships to users, and cross-file wrappers (an imported<Chip>Test Chip</Chip>in a.test.tsx) were the main source of unfixable noise there.#780
f5f539aThanks @rayhanadev! - The Socket supply-chain check now gates on the security axes (supply chain, vulnerability) instead of Socket'soverallscore, and the diagnostic names the exact axis that failed. Socket'soverallis its lowest axis, so a package with perfect security scores could fail the Security gate purely on quality/maintenance —@types/bunwas reported as having a "supply-chain score of 48" while socket.dev showed Supply Chain 100 (issue #770). Known-bad packages (event-stream@3.3.6, vulnerableminimist/lodashreleases) are still flagged via their vulnerability axis, and the reported number now always matches the axis named on the socket.dev package page.Updated dependencies [
94f9f4f,038aaf7,fee3fc4,c4f0e60,f52bd07,7c88165]:@react-doctor/api@0.5.2
Patch Changes
2f26228,a48fb06]:@react-doctor/core@0.5.2
Patch Changes
#769
2f26228Thanks @rayhanadev! - Consolidate the scan-scope controls into one--scopeflag (andscopeconfig option) with four values, shared verbatim by the CLI and the GitHub Action:full(default) — the whole project, every issue. Whole-project checks (dead-code, environment, supply-chain) run only here.files— only the files changed vs the base, with all issues in them (no compare-to-main). What--stagedand an uncommitted--diffdid.changed— only issues the change introduced vs the base (the baseline delta). What--diff <base>and the action'sscope: changeddid.lines— only issues on the lines the change actually touched. New: previously this scoping existed only inside the GitHub Action's inline-review-comment step; it now lives in the engine, so the CI gate, score display, summary, and inline comments all honor one scope.--base <ref>sets the comparison base forfiles/changed/lines(auto-detected when omitted). Behavior is unchanged by default: the CLI--scopedefaults tofulland the actionscopeinput still defaults tochanged.--diff/config.diffkeep working as a deprecated alias (--diff <base>→--scope changed --base <base>,--diff false→--scope full) and emit a one-time deprecation warning;--stagedis retained as the source selector and composes with--scope files/--scope lines.#783
a48fb06Thanks @devin-ai-integration! - Add a--output-dir <dir>flag that writes the full diagnostics dump (diagnostics.json + one .txt per rule) to a directory of your choice instead of a random temp folder, prints the written path whenever the flag is set (previously--verbose-only), and makes the agent handoff reuse that directory instead of writing a second temp copy. Without the flag, behavior is unchanged.Updated dependencies [
94f9f4f,038aaf7,fee3fc4,c4f0e60,f52bd07,7c88165]:@react-doctor/language-server@0.5.2
Patch Changes
2f26228,a48fb06]: