Skip to content

chore(deps): selective dependency upgrades (patches + minors)#108

Merged
alohays merged 1 commit intomainfrom
chore/selective-dep-upgrades
Mar 30, 2026
Merged

chore(deps): selective dependency upgrades (patches + minors)#108
alohays merged 1 commit intomainfrom
chore/selective-dep-upgrades

Conversation

@alohays
Copy link
Copy Markdown
Owner

@alohays alohays commented Mar 30, 2026

Summary

Triage of Dependabot PRs #106 and #107. Cherry-picked safe patch/minor updates, deferred major version bumps for individual evaluation.

Merged Updates (10 packages)

  • @deck.gl/core, geo-layers, layers: 9.1.0 → 9.2.11 (patch)
  • dompurify: 3.2.0 → 3.3.3 (patch — security sanitizer)
  • fast-xml-parser: 5.0.0 → 5.5.9 (minor — RSS parsing improvements)
  • maplibre-gl: 5.0.0 → 5.21.1 (minor — map rendering)
  • marked: 17.0.4 → 17.0.5 (patch)
  • @vitest/coverage-v8: 4.0.18 → 4.1.2 (minor — CVE fix in flatted)
  • happy-dom: 20.8.3 → 20.8.9 (patch)
  • zod-to-json-schema: 3.25.1 → 3.25.2 (patch)

Deferred Major Upgrades

  • TypeScript 5 → 6 (ecosystem too new)
  • Vite 6 → 8 (2 major versions, high risk)
  • Zod 3 → 4 (extensive usage, breaking API)
  • Commander 13 → 14 (CLI framework major)
  • @clack/prompts 0.9 → 1.1 (needs testing with create-monitor-forge)
  • @types/node 22 → 25 (may break type checks)

Code Changes

  • api/news/v1/index.ts: Fixed fast-xml-parser 5.5.x isArray callback signature change. Improved RSS handler to gracefully degrade on partial feed failures instead of returning 500.
  • api/news/v1/index.test.ts: Updated tests to reflect improved partial-success behavior.

Test Plan

  • 1,037 tests passing (52 files)
  • TypeScript typecheck clean
  • forge build --skip-vite succeeds
  • forge validate passes

Closes #106 (superseded), Closes #107 (superseded)

🤖 Generated with Claude Code

@alohays @claude
chore(deps): selective dependency upgrades (patches + minors only)
13be3c2 
Triage Dependabot PRs #106 and #107: cherry-pick safe patches and
minors, defer major version bumps (TypeScript 6, Vite 8, Zod 4,
Commander 14) for individual evaluation.

Production: @deck.gl/* 9.2.11, dompurify 3.3.3, fast-xml-parser 5.5.9,
maplibre-gl 5.21.1, marked 17.0.5
Dev: @vitest/coverage-v8 4.1.2 (CVE fix), happy-dom 20.8.9,
zod-to-json-schema 3.25.2

Also fixes fast-xml-parser 5.5.x breaking changes:
- isArray callback signature updated for new JPathOrMatcher type
- RSS handler now gracefully degrades on partial feed failures
  instead of returning 500 when any single feed fails

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alohays alohays merged commit a0b5a79 into main Mar 30, 2026
2 checks passed
@alohays alohays deleted the chore/selective-dep-upgrades branch March 30, 2026 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alohays