refactor: Upgrade commander from 13.1.0 to 14.0.0 #9792
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade commander from 13.1.0 to 14.0.0. See this package in npm: commander See this project in Snyk: https://app.snyk.io/org/acinader/project/21343059-02d9-4182-87d7-718a44b181ef?utm_source=github&utm_medium=referral&page=upgrade-pr
|
I will reformat the title to use the proper commit message syntax. |
parse-github-assistant
bot
changed the title
📝 WalkthroughWalkthroughThe version of the "commander" dependency in the package.json file was updated from 13.1.0 to 14.0.0. No other files or dependencies were changed. Changes
Sequence Diagram(s)Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
|
🚀 Thanks for opening this pull request! |
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
package.json(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (4)
- GitHub Check: Check Definitions
- GitHub Check: Circular Dependencies
- GitHub Check: Node Engine Check
- GitHub Check: Code Analysis (javascript)
| @@ -28,7 +28,7 @@ | |||
| "@parse/fs-files-adapter": "3.0.0", | |||
| "@parse/push-adapter": "6.11.0", | |||
| "bcryptjs": "3.0.2", | |||
| "commander": "13.1.0", | |||
| "commander": "14.0.0", | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Commander 14.0.0 requires Node.js ≥20, update engines & lockfile
Commander v14 drops support for Node <20, but your "engines.node" still allows Node 18. This mismatch can cause install/runtime failures on unsupported Node versions. Please:
- Update the
"engines"field to require Node ≥20. - Regenerate your lock files (
package-lock.json/yarn.lock) to pick up the new version. - Smoke-test the CLI (e.g.
node bin/parse-server --help) to catch any breaking changes in command definitions.
Apply this diff:
--- a/package.json
+++ b/package.json
@@ -148,7 +148,7 @@
},
- "engines": {
- "node": ">=18.20.4 <19.0.0 || >=20.18.0 <21.0.0 || >=22.12.0 <23.0.0"
- },
+ "engines": {
+ "node": ">=20.0.0 <21.0.0 || >=22.12.0 <23.0.0"
+ },🏁 Script executed:
#!/bin/bash
# Fetch the engines requirement for commander v14.0.0 from npm
npm view commander@14.0.0 engines --json
# Show the current "engines" field in our package.json
rg '"engines"' -n -A2 package.jsonLength of output: 206
Commander v14 requires Node ≥20 – update engines & lockfile
Your current package.json still allows Node 18 even though Commander v14 only supports Node ≥20:
• package.json (lines 149–150)
"engines": {
"node": ">=18.20.4 <19.0.0 || >=20.18.0 <21.0.0 || >=22.12.0 <23.0.0"
},Please:
- Drop the Node 18 range and require Node ≥20.
- Regenerate your lockfile (
package-lock.json/yarn.lock). - Smoke-test the CLI (e.g.
node bin/parse-server --help).
Suggested diff:
--- a/package.json
+++ b/package.json
@@ -148,7 +148,7 @@
},
- "engines": {
- "node": ">=18.20.4 <19.0.0 || >=20.18.0 <21.0.0 || >=22.12.0 <23.0.0"
- },
+ "engines": {
+ "node": ">=20.0.0 <21.0.0 || >=22.12.0 <23.0.0"
+ },🤖 Prompt for AI Agents
In package.json at line 31 and around lines 149-150, the "engines.node" field
still allows Node 18, but commander v14.0.0 requires Node.js version 20 or
higher. Update the "engines.node" field to drop the Node 18 range and require
Node >=20. After updating, regenerate your lockfile (package-lock.json or
yarn.lock) to reflect this change. Finally, run a smoke test on the CLI (e.g.,
node bin/parse-server --help) to ensure compatibility with the new Node version.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## alpha #9792 +/- ##
==========================================
+ Coverage 92.99% 93.00% +0.01%
==========================================
Files 187 187
Lines 15082 15082
Branches 174 174
==========================================
+ Hits 14025 14027 +2
+ Misses 1045 1043 -2
Partials 12 12 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade commander from 13.1.0 to 14.0.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released 23 days ago.
Release notes
Package name: commander
-
14.0.0 - 2025-05-18
- support for groups of options and commands in the help using low-level
- support for unescaped negative numbers as option-arguments and command-arguments (#2339)
- TypeScript: add
- remove bogus leading space in help when option has default value but not a description (#2348)
- Breaking: Commander 14 requires Node.js v20 or higher
- internal refactor of
-
13.1.0 - 2025-01-20
- support a pair of long option flags to allow a memorable shortened flag, like
from commander GitHub release notesAdded
.helpGroup()onOptionandCommand, and higher-level
.optionsGroup()and.commandsGroup()which can be used in chaining way to specify group title for following options/commands (#2328)
parseArgproperty toArgumentclass (#2359)Fixed
.configureOutput()now makes copy of settings instead of modifying in-place, fixing side-effects (#2350)Changed
Helpclass adding.formatItemList()and.groupItems()methods (#2328)Added
.option('--ws, --workspace')(#2312)Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Summary by CodeRabbit