Conversation
|
You have run out of free Bugbot PR reviews for this billing cycle. This will reset on April 11. To receive reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial. |
There was a problem hiding this comment.
Pull request overview
This PR updates several npm dependencies (including major bumps) to keep SlackONOS’s tooling and integrations current, primarily affecting coverage tooling (c8) and the Soundcraft mixer integration (soundcraft-ui-connection).
Changes:
- Bump
c8to v11 (major) and refresh its transitive deps (e.g.,test-exclude,glob,minimatch). - Bump
soundcraft-ui-connectionto v5 (major) and refresh lockfile accordingly. - Update lockfile-resolved versions for
openai,posthog-node,@simplewebauthn/server, and others.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Updates c8 (major) and soundcraft-ui-connection (major) version ranges. |
| package-lock.json | Updates resolved versions/metadata for the bumped deps and their transitive dependency graph. |
| "sonos": "^1.14.2", | ||
| "soundcraft-ui-connection": "^4.1.1", | ||
| "soundcraft-ui-connection": "^5.0.0", | ||
| "urlencode": "^2.0.0", |
There was a problem hiding this comment.
soundcraft-ui-connection@^5.0.0 declares engines.node >=22 (see lockfile), but the project package.json still advertises engines.node >=17 and CI currently runs tests on Node 20. Since index.js requires the Soundcraft handler at startup, this dependency bump effectively raises the minimum supported Node version and may break installs/runs on Node <22. Please either bump the project's Node engine (and align CI/Docker/docs), or keep soundcraft-ui-connection on v4 / make the Soundcraft integration an optional/conditional dependency so the app can still run on older Node versions.
| "devDependencies": { | ||
| "c8": "^10.1.3", | ||
| "c8": "^11.0.0", | ||
| "chai": "6.2.2", | ||
| "mocha": "^11.7.5", |
There was a problem hiding this comment.
c8@^11.0.0 requires Node 20 || >=22 (per its published engines). With package.json currently declaring engines.node >=17, developers may try running coverage on unsupported Node versions and hit install/runtime issues. Consider updating the project's Node engine range to match the strictest dependency requirement.
- Override serialize-javascript, undici, diff, ip to patched versions - Add docs/SECURITY.md (overrides + known npm audit false positive for ip/sonos) - Link to SECURITY.md from README Made-with: Cursor
Add npm override for axios. Pin sinon to 21.0.2 (exact) so the lockfile does not float to 21.1.x under a caret range. Register fr as a command entry for the feature request handler. Made-with: Cursor
Implemented SLAC-8: wrote 1 file(s) Closes SLAC-8
…r-featurerequest-command- feat(SLAC-8): Make a alias for featurerequest command, "fr"
Updated the `featurerequest` command description in `templates/help/helpText.txt`. **Change made:** - **File:** `templates/help/helpText.txt` - **Before:** `` `featurerequest` (or `fr`) `<feature description>` - Create a GitHub issue for a feature request. ✨ `` - **After:** `` `featurerequest` (or `fr`) `<feature description>` - Wish for what new feature this bot should have!!! ✨ `` **Investigation performed:** 1. Read `templates/help/helpText.txt` — confirmed this is the sole location of the user-facing `featurerequest` description. 2. Read `lib/command-handlers.js` — no inline description string for `featurerequest` found. 3. Read `lib/add-handlers.js` — no `featurerequest` description found. 4. Read `templates/help/helpTextAdmin.txt` — the admin help text references `featurerequest` only as a command syntax example (not a description), so no change needed there. 5. Read `lib/slack.js` and `lib/discord.js` — neither contains any hardcoded `featurerequest` description strings. 6. Read `test/command-handlers.test.mjs` and `test/add-handlers.test.mjs` — no test assertions reference the old `featurerequest` description string, so no test updates are required. The change is isolated to exactly one line in one file, consistent with the spec's expectation. Closes SLAC-9
Summary
Updates multiple dependencies including two major version bumps.
Dependency Updates
minimatch: 9.0.5 → 9.0.9c8: 10.1.3 → 11.0.0 (major)openai: 6.22.0 → 6.25.0posthog-node: 5.24.15 → 5.26.2soundcraft-ui-connection: 4.1.1 → 5.0.0 (major)@simplewebauthn/server: 13.2.2 → 13.2.3Testing
Made with Cursor