chore: version packages#764
Open
github-actions[bot] wants to merge 1 commit into
Open
Conversation
github-actions
Bot
force-pushed
the
changeset-release/main
branch
16 times, most recently
from
49bb67d to
757befc
Compare
github-actions
Bot
force-pushed
the
changeset-release/main
branch
from
757befc to
94dbc02
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
Releases
eslint-plugin-react-doctor@0.5.2
Patch Changes
#766
94f9f4fThanks @devin-ai-integration! - Bumpengines.nodeto^20.19.0 || >=22.13.0so the declared support range matches transitive dependencies (eslint-scope@9,eslint-visitor-keys@5require^22.13.0), preventing EBADENGINE warnings on npm and hard install failures on Yarn 1 under Node 22.12.x.Updated dependencies [
94f9f4f,038aaf7,fee3fc4,c4f0e60,f52bd07,7c88165]:oxlint-plugin-react-doctor@0.5.2
Patch Changes
#766
94f9f4fThanks @devin-ai-integration! - Bumpengines.nodeto^20.19.0 || >=22.13.0so the declared support range matches transitive dependencies (eslint-scope@9,eslint-visitor-keys@5require^22.13.0), preventing EBADENGINE warnings on npm and hard install failures on Yarn 1 under Node 22.12.x.#784
038aaf7Thanks @rayhanadev! - Fix a false positive innextjs-missing-metadata(#775): an App Router page is no longer flagged as "missing metadata for search previews" when it inheritsmetadata/generateMetadatafrom a co-located or ancestorlayout.*. Next.js merges metadata down the segment chain, so a page covered by a parent layout's title/description already has search-preview metadata. The rule now walks up the App Router directory tree (bounded, stopping atapp/) and stays quiet when an ancestor layout supplies metadata; pages with no metadata anywhere in the chain are still flagged.#796
fee3fc4Thanks @devin-ai-integration! -no-barrel-importmessaging is now framework-aware: files that target React Native / Expo (per the nearestpackage.jsonplatform, native/web file extensions, and the projectframeworksetting) say the barrel import "ships extra code in your app bundle & slows startup" instead of the web-only "slows page load" wording. Web projects, web-extension files inside RN monorepos, and projects with an unknown framework keep the existing page-load wording.#782
c4f0e60Thanks @rayhanadev! -only-export-componentsnow recognizes the route/special files of every file-routing framework react-doctor covers and skips them, so the documented "co-export config/metadata next to the default component" shape stops producing false-positive "non-component export" warnings:page,layout,loading,error,not-found,template,default,global-error,route) and Pages Router (_app,_document,_error) special files, plus metadata image routes (opengraph-image,twitter-image,icon,apple-icon, incl. numbered variants), which fixes thealt/size/contentType/revalidateexports inopengraph-image.tsx(#776)._layoutand the+html/+not-found/+native-intentreserved files.__rootand*.lazyroute modules.root,entry.client, andentry.servermodules.#790
f52bd07Thanks @devin-ai-integration! - Fix false positives inrn-no-raw-text(#788) for custom components that forward their children into a<Text>: the in-file wrapper detection now recognizes components that render{children}(or{props.children}) inside a nested<Text>(the<View><Text>{children}</Text></View>shape), not just components whose returned root is a<Text>. Detection also handles parenthesizedreturn (...)bodies,memo/forwardRef-wrapped components, fragment roots, conditional and logical returns, early returns insideifbranches, renamed destructured children ({ children: content }), the<Text children={children} />prop form, wrappers that forward through another in-file wrapper, children aliased to a variable or destructured from props in the body, props spreads that carry children (<Text {...props} />,<Text {...rest} />,<Text {...this.props} />), class components, andstyled(Text)/styled.Textfactories. The rule is also taggedtest-noise, so it no longer fires in test/story files — raw text rendered through React Native Testing Library never ships to users, and cross-file wrappers (an imported<Chip>Test Chip</Chip>in a.test.tsx) were the main source of unfixable noise there.#794
7c88165Thanks @devin-ai-integration! -rules-of-hooksandexhaustive-depsno longer report false positives for hooks called inside aforwardRef(...)/memo(...)render callback whose binding name is not PascalCase (e.g.const _Wrapped = forwardRef((props, ref) => { useHook(); ... })). The render callback passed as the first argument to React's HoCs is a component by construction, so both rules now treat it as one regardless of the variable name it lands on. Only the first argument is promoted — hooks insidememo's second argument (the props comparator) still report, as do genuinely non-component functions likeconst _helper = () => { useState(); }.react-doctor@0.5.2
Patch Changes
#767
486c68fThanks @rayhanadev! - The GitHub Action'sblockinginput now defaults tonone(advisory) instead oferror. Every PR still gets the full React Doctor report — the sticky summary comment, inline review comments, and a commit status with the health score — but the check no longer fails on findings, so a brand-new install can't red-X a teammate's PR on day one (trust-before-gate). To turn the gate back on, setblocking: warning(fail on any finding) orblocking: error(fail on error-severity findings) on the action. The generatedreact-doctor.ymldocuments this inline.Note: this changes behavior for existing
millionco/react-doctor@v2workflows that never setblocking— they were gating on error-severity findings and will now run advisory. Addblocking: errorto the action'swith:block to keep the previous behavior.The CLI / config default is unchanged:
react-doctor(and--blocking/ theblockingconfig key) still defaults toerror, so local runs, pre-commit hooks, and non-action CI keep failing on error-severity findings.#766
94f9f4fThanks @devin-ai-integration! - Bumpengines.nodeto^20.19.0 || >=22.13.0so the declared support range matches transitive dependencies (eslint-scope@9,eslint-visitor-keys@5require^22.13.0), preventing EBADENGINE warnings on npm and hard install failures on Yarn 1 under Node 22.12.x.#731
1ca6f0eThanks @aidenybai! - Bundle Effect into the published CLI sonpx react-doctor@latestno longer installs Effect'sini@7dependency and avoids the Node 22.19 engine warning.#791
22268f7Thanks @rayhanadev! - Cap theoxlintdependency to>=1.66.0 <1.67.0. oxlint 1.67.0 added an optional peer dependency onvite-plus, which in pnpm workspaces that installvite-plusat the root forces a second peer-resolution context for the Vite+ toolchain. That split installs a duplicate copy of the Vitest fork (@voidzero-dev/vite-plus-test), and test runs fail at collection withVitest failed to find the current suitebecause hooks register in one copy while suites live in the other (#699). Pinning below 1.67 keeps react-doctor's oxlint free of thevite-pluspeer edge, so pnpm dedupes the toolchain back to a single instance.#793
9cc6555Thanks @devin-ai-integration! - Carry the React Compiler bail-out reason in the primary diagnostic message.react-hooks-js/*diagnostics previously all rendered the same generic "This component misses React Compiler's automatic memoization…" message, with the specific reason relegated tohelp. The message now includes the first line of the compiler's reason (e.g.useMemo() callbacks may not be async or generator functions) so contexts that only show the message explain why the compiler bailed; the reason's remaining lines stay inhelp, so the rendered message + suggestion never repeat the same sentence.tododiagnostics keep the generic message — their reasons are compiler-internal work notes, not user-facing copy. Because diagnostics dedupe on their full message, two different bail-out reasons anchored at the same source location now survive as two diagnostics instead of collapsing into one, so counts can rise slightly on affected projects.#769
2f26228Thanks @rayhanadev! - Consolidate the scan-scope controls into one--scopeflag (andscopeconfig option) with four values, shared verbatim by the CLI and the GitHub Action:full(default) — the whole project, every issue. Whole-project checks (dead-code, environment, supply-chain) run only here.files— only the files changed vs the base, with all issues in them (no compare-to-main). What--stagedand an uncommitted--diffdid.changed— only issues the change introduced vs the base (the baseline delta). What--diff <base>and the action'sscope: changeddid.lines— only issues on the lines the change actually touched. New: previously this scoping existed only inside the GitHub Action's inline-review-comment step; it now lives in the engine, so the CI gate, score display, summary, and inline comments all honor one scope.--base <ref>sets the comparison base forfiles/changed/lines(auto-detected when omitted). Behavior is unchanged by default: the CLI--scopedefaults tofulland the actionscopeinput still defaults tochanged.--diff/config.diffkeep working as a deprecated alias (--diff <base>→--scope changed --base <base>,--diff false→--scope full) and emit a one-time deprecation warning;--stagedis retained as the source selector and composes with--scope files/--scope lines.#795
04e72a4Thanks @devin-ai-integration! - Diagnostics in test, spec, fixture, and Storybook files are now labeled with their file context. The terminal report and the per-rule text dumps tag those sites as(test file)/(story file)so a finding in a spec doesn't read as a production problem, and each diagnostic in the JSON report carries an optionalfileContextfield ("test"/"story"; omitted for production files). The classification reuses the same path heuristics that already drive test-noise auto-suppression, so the label and the suppression can never disagree.#784
038aaf7Thanks @rayhanadev! - Fix a false positive innextjs-missing-metadata(#775): an App Router page is no longer flagged as "missing metadata for search previews" when it inheritsmetadata/generateMetadatafrom a co-located or ancestorlayout.*. Next.js merges metadata down the segment chain, so a page covered by a parent layout's title/description already has search-preview metadata. The rule now walks up the App Router directory tree (bounded, stopping atapp/) and stays quiet when an ancestor layout supplies metadata; pages with no metadata anywhere in the chain are still flagged.#768
a64093cThanks @rayhanadev! - CI onboarding now resolves the repository's actual default branch instead of assumingmain. The pull request opened during setup asks GitHub (gh repo view) for the default branch — falling back toorigin/HEAD, thenmain/master— and uses it as the PR base, and the installed workflow's push trigger scans that same branch (master,develop, …) so the health-score trend works on repos whose default branch isn'tmain.#783
a48fb06Thanks @devin-ai-integration! - Add a--output-dir <dir>flag that writes the full diagnostics dump (diagnostics.json + one .txt per rule) to a directory of your choice instead of a random temp folder, prints the written path whenever the flag is set (previously--verbose-only), and makes the agent handoff reuse that directory instead of writing a second temp copy. Without the flag, behavior is unchanged.#792
19d99eeThanks @devin-ai-integration! - Titlereact-hooks-js/tododiagnostics "React Compiler doesn't support this syntax" instead of the generic "React Compiler can't optimize this" headline. Thetodorule fires when the compiler bails out on syntax it doesn't handle yet, so the headline now says what actually happened.#790
f52bd07Thanks @devin-ai-integration! - Fix false positives inrn-no-raw-text(#788) for custom components that forward their children into a<Text>: the in-file wrapper detection now recognizes components that render{children}(or{props.children}) inside a nested<Text>(the<View><Text>{children}</Text></View>shape), not just components whose returned root is a<Text>. Detection also handles parenthesizedreturn (...)bodies,memo/forwardRef-wrapped components, fragment roots, conditional and logical returns, early returns insideifbranches, renamed destructured children ({ children: content }), the<Text children={children} />prop form, wrappers that forward through another in-file wrapper, children aliased to a variable or destructured from props in the body, props spreads that carry children (<Text {...props} />,<Text {...rest} />,<Text {...this.props} />), class components, andstyled(Text)/styled.Textfactories. The rule is also taggedtest-noise, so it no longer fires in test/story files — raw text rendered through React Native Testing Library never ships to users, and cross-file wrappers (an imported<Chip>Test Chip</Chip>in a.test.tsx) were the main source of unfixable noise there.#780
f5f539aThanks @rayhanadev! - The Socket supply-chain check now gates on the security axes (supply chain, vulnerability) instead of Socket'soverallscore, and the diagnostic names the exact axis that failed. Socket'soverallis its lowest axis, so a package with perfect security scores could fail the Security gate purely on quality/maintenance —@types/bunwas reported as having a "supply-chain score of 48" while socket.dev showed Supply Chain 100 (issue #770). Known-bad packages (event-stream@3.3.6, vulnerableminimist/lodashreleases) are still flagged via their vulnerability axis, and the reported number now always matches the axis named on the socket.dev package page.Updated dependencies [
94f9f4f,038aaf7,fee3fc4,c4f0e60,f52bd07,7c88165]:@react-doctor/api@0.5.2
Patch Changes
2f26228,a48fb06]:@react-doctor/core@0.5.2
Patch Changes
#769
2f26228Thanks @rayhanadev! - Consolidate the scan-scope controls into one--scopeflag (andscopeconfig option) with four values, shared verbatim by the CLI and the GitHub Action:full(default) — the whole project, every issue. Whole-project checks (dead-code, environment, supply-chain) run only here.files— only the files changed vs the base, with all issues in them (no compare-to-main). What--stagedand an uncommitted--diffdid.changed— only issues the change introduced vs the base (the baseline delta). What--diff <base>and the action'sscope: changeddid.lines— only issues on the lines the change actually touched. New: previously this scoping existed only inside the GitHub Action's inline-review-comment step; it now lives in the engine, so the CI gate, score display, summary, and inline comments all honor one scope.--base <ref>sets the comparison base forfiles/changed/lines(auto-detected when omitted). Behavior is unchanged by default: the CLI--scopedefaults tofulland the actionscopeinput still defaults tochanged.--diff/config.diffkeep working as a deprecated alias (--diff <base>→--scope changed --base <base>,--diff false→--scope full) and emit a one-time deprecation warning;--stagedis retained as the source selector and composes with--scope files/--scope lines.#783
a48fb06Thanks @devin-ai-integration! - Add a--output-dir <dir>flag that writes the full diagnostics dump (diagnostics.json + one .txt per rule) to a directory of your choice instead of a random temp folder, prints the written path whenever the flag is set (previously--verbose-only), and makes the agent handoff reuse that directory instead of writing a second temp copy. Without the flag, behavior is unchanged.Updated dependencies [
94f9f4f,038aaf7,fee3fc4,c4f0e60,f52bd07,7c88165]:@react-doctor/language-server@0.5.2
Patch Changes
2f26228,a48fb06]:Note
Low Risk
The diff is versioning and changelog only; consumer impact comes from the already-merged 0.5.2 behavior (especially GitHub Action
blockingdefaulting to advisory), not from this PR’s file changes.Overview
Release-only PR — bumps workspace packages from 0.5.1 → 0.5.2, appends 0.5.2 sections to each package
CHANGELOG.md, and removes consumed.changeset/*.mdfiles. No application source changes in this diff; merging triggers npm publish for the public packages.react-doctor@0.5.2(CLI + GitHub Action) ships the accumulated patch set: unified--scope/scope(full|files|changed|lines) with deprecated--diffaliases;--output-dirfor diagnostics dumps; test/storyfileContextin reports; GitHub Actionblockingdefaultnone(advisory — existing workflows withoutblocking: errorstop failing checks); onboarding uses the repo’s real default branch; Socket supply-chain gating on security axes only; React Compiler messages carry bail-out reasons;oxlintpinned<1.67; Effect bundled in the published CLI; Nodeengines^20.19.0 || >=22.13.0.oxlint-plugin-react-doctor@0.5.2— rule fixes: inherited Next.js metadata from layouts; broader route/special file skips foronly-export-components;rn-no-raw-textwrapper detection +test-noise;rules-of-hooks/exhaustive-depsfor non-PascalCaseforwardRef/memocallbacks; RN-awareno-barrel-importcopy.Notable upgrade note: Action users who relied on implicit error gating must set
blocking: errorexplicitly.Reviewed by Cursor Bugbot for commit 94dbc02. Bugbot is set up for automated code reviews on this repo. Configure here.