Skip to content

chore: update dependencies and downgrade Express to 4.x #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: update dependencies and downgrade Express to 4.x #97

wants to merge 1 commit into from
+891 −308

Conversation

@mldangelo
Copy link
Member

@mldangelo mldangelo commented Nov 5, 2025

Summary

  • Updated dependencies to latest versions
  • Downgraded Express from 5.1.0 to 4.21.2 to avoid npm workspaces bug

Updated Dependencies

  • @typescript-eslint/eslint-plugin: 8.46.2 → 8.46.3
  • @typescript-eslint/parser: 8.46.0 → 8.46.3
  • concurrently: 9.2.0 → 9.2.1
  • eslint: 9.38.0 → 9.39.1
  • @types/node: 24.9.0 → 24.10.0
  • @vitest/ui: 4.0.4 → 4.0.7
  • jsdom: 27.0.1 → 27.1.0
  • vite: 7.1.11 → 7.2.0
  • vitest: 4.0.4 → 4.0.7

Express Downgrade

Downgraded Express 5.x to 4.21.2 to work around a known npm bug where transitive dependencies are not properly included in package-lock.json for workspaces with lockfileVersion 3 (see Dependabot issue #6270).

Express 5.x can be upgraded once the npm/Dependabot issue is resolved.

Testing

  • ✅ All tests passing (44 tests)
  • ✅ Linting passes
  • ✅ Application starts successfully

@mldangelo
chore: update dependencies and upgrade Express to 5.0.x
6ae2fc4 
Update dependencies to latest versions:
- @typescript-eslint/eslint-plugin: 8.46.2 → 8.46.3
- @typescript-eslint/parser: 8.46.0 → 8.46.3
- concurrently: 9.2.0 → 9.2.1
- eslint: 9.38.0 → 9.39.1
- @types/node: 24.9.0 → 24.10.0
- @vitest/ui: 4.0.4 → 4.0.7
- jsdom: 27.0.1 → 27.1.0
- vite: 7.1.11 → 7.2.0
- vitest: 4.0.4 → 4.0.7

Upgrade Express to 5.0.x (installs 5.1.0) with properly regenerated
package-lock.json. The previous Dependabot-generated lockfile had
incomplete transitive dependencies for Express 5.x in npm workspaces
(issue #6270). Fresh lockfile generation resolves this by properly
hoisting Express and its dependencies.
@mldangelo mldangelo force-pushed the chore/update-dependencies branch from 9d0af32 to 6ae2fc4 Compare November 5, 2025 23:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mldangelo