chore(deps): update typescript-eslint monorepo to v8.46.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@typescript-eslint/eslint-plugin (source)	8.41.0 -> 8.46.0
@typescript-eslint/parser (source)	8.41.0 -> 8.46.0

---

Release Notes

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.46.0

Compare Source

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#​11659)
• rule-schema-to-typescript-types: clean up and make public (#​11633)

🩹 Fixes

• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#​11660)
• typescript-estree: forbid abstract method and accessor to have implementation (#​11657)
• eslint-plugin: removed error type previously deprecated (#​11674)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#​11603)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#​11634)
• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#​11628)
• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#​11487)

❤️ Thank You

• fisker Cheung @​fisker
• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Richard Torres @​richardtorres314
• Victor Genaev @​mainframev

You can read about our versioning strategy and releases on our website.

v8.45.0

Compare Source

🚀 Features

• eslint-plugin: expose rule name via RuleModule interface (#​11616)

🩹 Fixes

• eslint-plugin: [prefer-nullish-coalescing] ignoreBooleanCoercion should not apply to top-level ternary expressions (#​11614)
• eslint-plugin: [no-base-to-string] check if superclass is ignored (#​11617)

❤️ Thank You

• mdm317
• Moses Odutusin @​thebolarin
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.44.1

Compare Source

🩹 Fixes

• eslint-plugin: [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (#​11611)
• eslint-plugin: [no-unsafe-enum-comparison] support unions of literals (#​11599)
• eslint-plugin: [no-base-to-string] make ignoredTypeNames match type names without generics (#​11597)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.44.0

Compare Source

🚀 Features

• eslint-plugin: [await-thenable] report invalid (non-promise) values passed to promise aggregator methods (#​11267)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-conversion] ignore enum members (#​11490)

❤️ Thank You

• Moses Odutusin @​thebolarin
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.43.0

Compare Source

🚀 Features

• typescript-estree: disallow empty type parameter/argument lists (#​11563)

🩹 Fixes

• eslint-plugin: [prefer-return-this-type] don't report an error when returning a union type that includes a classType (#​11432)
• eslint-plugin: [no-deprecated] should report deprecated exports and reexports (#​11359)
• eslint-plugin: [no-floating-promises] allowForKnownSafeCalls now supports function names (#​11423, #​11430)
• eslint-plugin: [consistent-type-exports] fix declaration shadowing (#​11457)
• eslint-plugin: [no-unnecessary-type-conversion] only report ~~ on integer literal types (#​11517)
• scope-manager: exclude Program from DefinitionBase node types (#​11469)
• eslint-plugin: [no-non-null-assertion] do not suggest optional chain on LHS of assignment (#​11489)
• type-utils: add union type support to TypeOrValueSpecifier (#​11526)

❤️ Thank You

• Dima @​dbarabashh
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• tao
• Victor Genaev @​mainframev
• Yukihiro Hasegawa @​y-hsgw
• 민감자(Minji Kim) @​mouse0429
• 송재욱

You can read about our versioning strategy and releases on our website.

v8.42.0

Compare Source

🩹 Fixes

• deps: update eslint monorepo to v9.33.0 (#​11482)

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.46.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.45.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.44.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.44.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.43.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.42.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

🔍 Code Review for TypeScript-ESLint Update

Thank you for keeping our dependencies up to date! I've reviewed this PR updating @typescript-eslint/eslint-plugin and @typescript-eslint/parser from v8.41.0 to v8.44.0.

✅ Strengths

• Automated dependency management: Using Renovate bot ensures we stay current with security patches and bug fixes
• Minor version update: These are backward-compatible updates that should not introduce breaking changes
• Clean diff: Only the package-lock.json is modified, which is expected for dependency updates

📋 Review Checklist

Code Quality & Best Practices ✅

• Dependency updates follow semantic versioning
• No direct code changes required
• Package-lock.json updates are properly formatted

Potential Bugs or Issues ⚠️

• Testing gap: According to CLAUDE.md, no tests have been written yet for this project. Without a test suite, we cannot verify that the linting updates don't affect the codebase behavior
• CI/CD gap: No automated GitHub Actions workflow exists to validate these updates automatically

Performance Considerations ✅

• No runtime performance impact expected as these are dev dependencies
• Build time should remain similar or potentially improve with optimizations in newer versions

Security Concerns ✅

• Updates include various bug fixes that may address security issues:
  • Better handling of deprecated exports
  • Improved type checking for promise aggregator methods
  • Fixed declaration shadowing issues

🎯 Recommendations

1. Immediate Actions:

   • Run npm ci locally to install exact dependencies
   • Execute npm run lint to ensure no new linting errors are introduced
   • Run npm run build to verify TypeScript compilation succeeds
   • Test npm run dev to ensure the development server starts correctly

2. Future Improvements (as noted in CLAUDE.md):

   • Priority 1: Add Jest unit tests for critical components (ShellExecutor, ProjectDetector, tool classes)
   • Priority 2: Set up GitHub Actions CI/CD pipeline to automatically validate PRs
   • Priority 3: Configure Renovate to run automated tests before creating PRs

3. Version-Specific Considerations:

   • v8.44.0 includes enhanced await-thenable rule for better promise handling
   • v8.43.0 disallows empty type parameter lists, which may catch previously unnoticed issues
   • Review any existing TypeScript generics usage for empty angle brackets

📈 Test Coverage Gap

As documented in CLAUDE.md, this project currently has 0% test coverage. Before merging dependency updates, we should:

• Create basic smoke tests for the main server functionality
• Add integration tests for MCP protocol compliance
• Implement unit tests for the Go tools (priority as per project goals)

🚀 Conclusion

The dependency updates look good and include valuable bug fixes and improvements. However, given the lack of automated testing and CI/CD, I recommend:

1. Manual verification of the build and lint commands before merging
2. Create a follow-up issue to add basic tests before the next dependency update
3. Consider pinning these versions once verified working to ensure reproducible builds

The updates are safe to merge after manual verification, but establishing a testing baseline should be the immediate next priority.

---

Reviewed following the guidelines in CLAUDE.md with focus on Go language support priority and security-first approach.

[claude]

Code Review: TypeScript ESLint Monorepo Update (v8.41.0 → v8.44.1)

Summary

This is a routine dependency update from Renovate bot updating the TypeScript ESLint monorepo packages from version 8.41.0 to 8.44.1. This is a minor version update that includes bug fixes and feature improvements.

✅ Positive Aspects

1. Automated Security & Quality: Regular dependency updates help maintain security posture and access to latest bug fixes
2. Conservative Update: Minor version update (8.41.0 → 8.44.1) reduces risk of breaking changes
3. Comprehensive CI Pipeline: The project has robust CI including linting, testing, building, security audits, and integration tests across multiple platforms
4. Good Release Notes: Detailed changelog shows specific bug fixes and improvements included

📋 Changes Analyzed

The update includes these key improvements:

• Bug Fixes in await-thenable, no-unsafe-enum-comparison, and no-base-to-string rules
• New Features for promise aggregator method validation
• Enhanced Type Checking with better union type support

🔍 Technical Assessment

Code Quality & Best Practices: ✅ PASS

• Clean lock file changes only (no source code modifications)
• Proper semantic versioning followed
• Peer dependency requirements properly updated

Potential Bugs or Issues: ✅ LOW RISK

• Minor version update with proven track record
• No breaking changes indicated in release notes
• Backward compatible with existing ESLint configuration

Performance Considerations: ✅ NEUTRAL

• No performance regressions expected
• Some rules may perform better with optimizations

Security Concerns: ✅ PASS

• Regular dependency updates improve security posture
• No security vulnerabilities addressed in this release (normal maintenance)
• CI includes security audit steps

Test Coverage: ⚠️ NEEDS ATTENTION

• Critical Gap: Project has minimal test coverage (only basic.test.ts)
• CI pipeline runs tests, but actual test suite is nearly empty
• Dependency updates should ideally be validated with comprehensive tests

🚨 Recommendations

Before Merging:

1. Run CI Pipeline: Ensure all checks pass, particularly the linting job that uses these packages
2. Verify Local Build: Test npm run lint, npm run build, and npm test locally
3. Review Failed Tests: If any CI checks fail, investigate ESLint rule changes

Future Improvements:

1. Expand Test Suite: The project urgently needs comprehensive tests for all tool classes
2. Consider Auto-merge: For low-risk dependency updates like this, auto-merge could be enabled
3. Add Integration Tests: Test ESLint integration specifically with actual TypeScript files

🎯 Decision Recommendation

APPROVE with confidence, but address testing gaps soon.

This is a low-risk, routine maintenance update that should be merged. The robust CI pipeline provides good safety nets, and the release notes indicate no breaking changes. However, the lack of comprehensive tests in the project remains a concerning technical debt that should be addressed in upcoming development cycles.

🔧 Merge Instructions

# After CI passes, merge with:
gh pr merge 36 --squash --delete-branch

Priority Level: P3 (Low Priority - Routine Maintenance)
Risk Level: Low
Confidence: High

---

Review completed automatically as part of the project's commitment to code quality and security.