Skip to content

chore(deps)(deps): bump cspell from 9.7.0 to 10.0.0#342

Merged
WilliamBerryiii merged 2 commits intomainfrom
dependabot/npm_and_yarn/cspell-10.0.0
Apr 7, 2026
Merged

chore(deps)(deps): bump cspell from 9.7.0 to 10.0.0#342
WilliamBerryiii merged 2 commits intomainfrom
dependabot/npm_and_yarn/cspell-10.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 6, 2026
edited
Loading

Bumps cspell from 9.7.0 to 10.0.0.

Release notes

Sourced from cspell's releases.

v10.0.0

Features

fix: upgrade import-fresh from v3 to v4 (#8786)

Summary

Upgrades import-fresh from v3 to v4.

API changes in v4

  • v3: Synchronous default export — importFresh(modulePath) returns the module directly
  • v4: Factory pattern — createImportFresh(parentURL) returns an async function; v4 is ESM-only and uses Node.js module loader hooks instead of manipulating the require cache

Changes

  • packages/cspell-lib/package.json: bump import-fresh to ^4.0.0; remove clear-module dependency (no longer needed since v4 uses module loader hooks instead of Node's require cache)
  • packages/cspell-lib/src/lib/Settings/Controller/pnpLoader.ts:
    • Import createImportFresh factory; call createImportFresh(pnpFileUrl) at use time inside loadPnp(), bound to the pnp file's own URL so each load is correctly scoped to the file being loaded
    • Make loadPnp and loadPnpIfNeeded async
    • Change cachedPnpImportsSynccachedPnpImports (now stores Promise<LoaderResult>)
    • Remove clearModule.single usage (v4 cache-busts via loader hooks; clearing the require cache is no longer applicable)
    • Pass a file URL (toFileUrl(pnpFile).href) to importFresh since v4 uses import() under the hood, which requires URLs or relative specifiers for absolute paths
    • Use optional chaining on the module's default export to handle edge cases
  • test-packages/cspell-lib/test-cspell-lib-rollup/package.json: bump import-fresh to ^4.0.0
  • test-packages/cspell-lib/test-cspell-lib-webpack/package.json: bump import-fresh to ^4.0.0

Testing

All 91 test files (1584 tests) pass, including the 10 dedicated pnpLoader tests.

feat!: Drop support for Node 20 (#8779)

Pull request overview

This PR updates the monorepo to require Node.js 22.18+ (dropping Node 20 support), aligning package engine constraints, CI matrices, and documentation with the new baseline.

Changes:

  • Bump engines.node across packages/test-packages to >=22.18.0 and update root @types/node to ^22.19.15.
  • Update CI workflows to test Node 22/24/25 and adjust integration update workflow to Node 22.
  • Remove eslint-plugin-n “unsupported node builtins” disables now that the minimum Node version includes those built-ins.

... (truncated)

Changelog

Sourced from cspell's changelog.

v10.0.0 (2026-04-06)

Features

fix: upgrade import-fresh from v3 to v4 (#8786)

Summary

Upgrades import-fresh from v3 to v4.

API changes in v4

  • v3: Synchronous default export — importFresh(modulePath) returns the module directly
  • v4: Factory pattern — createImportFresh(parentURL) returns an async function; v4 is ESM-only and uses Node.js module loader hooks instead of manipulating the require cache

Changes

  • packages/cspell-lib/package.json: bump import-fresh to ^4.0.0; remove clear-module dependency (no longer needed since v4 uses module loader hooks instead of Node's require cache)
  • packages/cspell-lib/src/lib/Settings/Controller/pnpLoader.ts:
    • Import createImportFresh factory; call createImportFresh(pnpFileUrl) at use time inside loadPnp(), bound to the pnp file's own URL so each load is correctly scoped to the file being loaded
    • Make loadPnp and loadPnpIfNeeded async
    • Change cachedPnpImportsSynccachedPnpImports (now stores Promise<LoaderResult>)
    • Remove clearModule.single usage (v4 cache-busts via loader hooks; clearing the require cache is no longer applicable)
    • Pass a file URL (toFileUrl(pnpFile).href) to importFresh since v4 uses import() under the hood, which requires URLs or relative specifiers for absolute paths
    • Use optional chaining on the module's default export to handle edge cases
  • test-packages/cspell-lib/test-cspell-lib-rollup/package.json: bump import-fresh to ^4.0.0
  • test-packages/cspell-lib/test-cspell-lib-webpack/package.json: bump import-fresh to ^4.0.0

Testing

All 91 test files (1584 tests) pass, including the 10 dedicated pnpLoader tests.

feat!: Drop support for Node 20 (#8779)

Pull request overview

This PR updates the monorepo to require Node.js 22.18+ (dropping Node 20 support), aligning package engine constraints, CI matrices, and documentation with the new baseline.

Changes:

... (truncated)

Commits

@dependabot dependabot bot added dependencies Dependency updates npm NPM package configuration security Security-related changes or concerns labels Apr 6, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 6, 2026 16:14
@dependabot dependabot bot added dependencies Dependency updates security Security-related changes or concerns npm NPM package configuration labels Apr 6, 2026
@WilliamBerryiii
Copy link
Copy Markdown
Member

WilliamBerryiii commented Apr 6, 2026

@dependabot recreate

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/cspell-10.0.0 branch from 535065a to c6b6d78 Compare April 6, 2026 21:17
@WilliamBerryiii
Copy link
Copy Markdown
Member

WilliamBerryiii commented Apr 7, 2026

@dependabot recreate

@dependabot
chore(deps)(deps): bump cspell from 9.7.0 to 10.0.0
dab3c47 
Bumps [cspell](https://github.com/streetsidesoftware/cspell/tree/HEAD/packages/cspell) from 9.7.0 to 10.0.0.
- [Release notes](https://github.com/streetsidesoftware/cspell/releases)
- [Changelog](https://github.com/streetsidesoftware/cspell/blob/main/packages/cspell/CHANGELOG.md)
- [Commits](https://github.com/streetsidesoftware/cspell/commits/v10.0.0/packages/cspell)

---
updated-dependencies:
- dependency-name: cspell
  dependency-version: 10.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/cspell-10.0.0 branch from 1b4e50c to dab3c47 Compare April 7, 2026 01:10
This was referenced Apr 7, 2026
Open
Merged
WilliamBerryiii added a commit that referenced this pull request Apr 7, 2026
@WilliamBerryiii
ci(build): standardize Node.js 24 across all CI workflows (#358)
7cce14e 
## Description

Standardized **Node.js 24** across all CI/CD workflow files to resolve
compatibility failures with packages requiring Node >= 22.18.0. Six
GitHub Actions workflows were updated — three received new `setup-node`
steps that were previously missing (relying on the runner's default Node
20.x), and three had existing Node.js version references upgraded from
older versions to 24.

This change unblocks the **cspell 10.0.0** upgrade (PR #342), which
requires Node >= 22.18.0 at runtime. An audit of all 28 workflow files
in `.github/workflows/` confirmed no other workflows require Node.js
setup changes.

## Related Issue

- Related to #353
- Related to PR #342

## Type of Change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] Blueprint modification or addition
- [ ] Component modification or addition
- [ ] Documentation update
- [x] CI/CD pipeline change
- [ ] Other (please describe):

## Implementation Details

### New setup-node Steps Added

Three workflows lacked explicit Node.js setup and relied on the runner's
default version. Each received a new `actions/setup-node` step
positioned before the first `npm` command:

- *code-quality-lint.yml* — added `setup-node` with `node-version: '24'`
before dependency installation
- *docs-lint.yml* — added `setup-node` with `node-version: '24'` before
dependency installation
- *security-scan.yml* — added `setup-node` with `node-version: '24'`
before secretlint installation

### Existing Node.js Versions Upgraded

Three workflows had explicit but outdated Node.js version references
that were bumped to 24:

- *docs-automation.yml* — upgraded from `'18'` to `'24'` in two job
steps (validate-links and build-documentation)
- *pages-deploy.yml* — upgraded from `'18'` to `'24'`
- *cluster-test-terraform.yml* — upgraded from `'22.x'` to `'24'`

### Supply Chain Security

All `setup-node` steps use the same **pinned action SHA**
(`actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v4.3.0`)
for supply chain integrity.

## Testing Performed

- [ ] Terraform plan/apply
- [ ] Blueprint deployment test
- [ ] Unit tests
- [ ] Integration tests
- [ ] Bug fix includes regression test (see [Test
Policy](docs/contributing/testing-validation.md))
- [x] Manual validation
- [ ] Other:

## Validation Steps

1. Verify all 6 workflow files reference `node-version: '24'`
2. Confirm all `setup-node` steps use pinned SHA
`53b83947a5a98c8d113130e565377fae1a50d02f`
3. Trigger a CI run to confirm workflows execute successfully with Node
24

## Checklist

- [ ] I have updated the documentation accordingly
- [ ] I have added tests to cover my changes
- [ ] All new and existing tests passed
- [ ] I have run `terraform fmt` on all Terraform code
- [ ] I have run `terraform validate` on all Terraform code
- [ ] I have run `az bicep format` on all Bicep code
- [ ] I have run `az bicep build` to validate all Bicep code
- [x] I have checked for any sensitive data/tokens that should not be
committed
- [x] Lint checks pass (run applicable linters for changed file types)

## Security Review

- [x] No credentials, secrets, or tokens are hardcoded or logged
- [x] RBAC and identity changes follow least-privilege principles
- [x] No new network exposure or public endpoints introduced without
justification
- [x] Dependency additions or updates have been reviewed for known
vulnerabilities
- [x] Container image changes use pinned digests or SHA references

## Additional Notes

- The unchecked Terraform and Bicep checklist items are not applicable —
this PR modifies only CI/CD workflow YAML files.
- Documentation updates are not required; no user-facing behavior
changed.

## Screenshots (if applicable)

N/A — CI/CD pipeline changes only.

Co-authored-by: Bill Berry <wbery@microsoft.com>
@WilliamBerryiii WilliamBerryiii merged commit 7e0311d into main Apr 7, 2026
33 checks passed
@WilliamBerryiii WilliamBerryiii deleted the dependabot/npm_and_yarn/cspell-10.0.0 branch April 7, 2026 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WilliamBerryiii WilliamBerryiii WilliamBerryiii approved these changes

@rezatnoMsirhC rezatnoMsirhC rezatnoMsirhC approved these changes

Assignees

No one assigned

Labels

dependencies Dependency updates npm NPM package configuration security Security-related changes or concerns

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WilliamBerryiii @rezatnoMsirhC