Skip to content

Update non-major dependencies#120

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/non-major-dependencies
Open

Update non-major dependencies#120
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/non-major-dependencies

Conversation

@renovate

@renovate renovate Bot commented May 30, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@sap-ai-sdk/ai-api (source) 2.10.02.12.0 age confidence
@sap-ai-sdk/orchestration (source) 2.10.02.12.0 age confidence
@types/node (source) 24.12.424.13.2 age confidence
@vercel/ncc 0.38.40.44.1 age confidence
axios (source) 1.16.11.18.1 age confidence
eslint-plugin-sonarjs (source) 4.0.34.1.0 age confidence
prettier (source) 3.8.33.9.4 age confidence
tsx (source) 4.22.34.23.0 age confidence
typescript-eslint (source) 8.59.48.62.1 age confidence

Release Notes

SAP/ai-sdk-js (@​sap-ai-sdk/ai-api)

v2.12.0

Compare Source

Patch Changes

v2.11.0

Compare Source

Patch Changes
SAP/ai-sdk-js (@​sap-ai-sdk/orchestration)

v2.12.0

Compare Source

Patch Changes

v2.11.0

Compare Source

Minor Changes
  • f72bb58: [feat] Update orchestration specification to v0.131.3
Patch Changes
vercel/ncc (@​vercel/ncc)

v0.44.1

Compare Source

Bug Fixes

v0.44.0

Compare Source

Features

v0.43.0

Compare Source

Changes
axios/axios (axios)

v1.18.1

Compare Source

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#​10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#​10917, #​10930, #​10942, #​10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#​10959, #​11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#​11019)

🔧 Maintenance & Chores

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.18.0

Compare Source

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

v1.17.0

Compare Source

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

SonarSource/SonarJS (eslint-plugin-sonarjs)

v4.1.0

Compare Source

prettier/prettier (prettier)

v3.9.4

Compare Source

v3.9.3

Compare Source

v3.9.2

Compare Source

v3.9.1

Compare Source

v3.9.0

Compare Source

diff

🔗 Release Notes

v3.8.5

Compare Source

v3.8.4

Compare Source

diff

Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#​17746 by @​byplayer)

Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.

<!-- Input -->
- a

  - b

- c

  - d

<!-- Prettier 3.8.3 -->
- a
  - b
- c
  - d

<!-- Prettier 3.8.4 -->
- a

  - b

- c

  - d
privatenumber/tsx (tsx)

v4.23.0

Compare Source

Bug Fixes
Features

This release is also available on:

v4.22.5

Compare Source

Bug Fixes
  • isolate hook state per async module.register() registration (a305f36)

This release is also available on:

v4.22.4

Compare Source

Bug Fixes
  • resolve CommonJS directory requires inside dependencies (#​803) (1ce8463)

This release is also available on:

typescript-eslint/typescript-eslint (typescript-eslint)

v8.62.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

Compare Source

🚀 Features
  • remove redundant package.json "files" (#​12444)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "every weekend"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the renovate label May 30, 2026
@renovate renovate Bot enabled auto-merge (squash) May 30, 2026 01:06
@github-actions

Copy link
Copy Markdown

Updated the AI SDK and linting tooling to their latest minor releases across both the PR review and summary services for consistency and to incorporate recent fixes and improvements.

Walkthrough

  • Chore: Bumped @sap-ai-sdk/ai-api and @sap-ai-sdk/orchestration from v2.10.0 to v2.11.0 in both pr-review and pr-summary, ensuring access to the latest enhancements.
  • Chore: Upgraded typescript-eslint from v8.59.4 to v8.60.0, bringing in updated linting rules and bug fixes.

Model: o4-mini-2025-04-16 | Prompt Tokens: 672 | Completion Tokens: 404

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enjoy this friendly AI-assisted code review. Some suggestions come from predictions and may not always be perfect. Feel free to choose the ideas that fit your style. Your choices guide the process, and AI is here to help.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1204 | Completion Tokens: 1921

Comment thread pr-review/package.json Outdated
Comment on lines +23 to +24
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"@sap-ai-sdk/ai-api": "2.11.0",
"@sap-ai-sdk/orchestration": "2.11.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using a caret (^) range for SDK dependencies so you automatically receive compatible patch updates without manually bumping each time. For example:

"@sap-ai-sdk/ai-api": "^2.11.0",
"@sap-ai-sdk/orchestration": "^2.11.0",

Comment thread pr-review/package.json Outdated
Comment on lines +23 to +24
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"@sap-ai-sdk/ai-api": "2.11.0",
"@sap-ai-sdk/orchestration": "2.11.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before upgrading to 2.11.0, verify the upstream changelog for any breaking changes or required migration steps. You could add a comment or link to the changelog in your release notes:

# Upgrade @sap-ai-sdk to 2.11.0
- See https://github.com/SAP/ai-sdk/releases/tag/v2.11.0 for breaking changes

Comment thread pr-review/package.json Outdated
"tsx": "4.22.3",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.60.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to the SDK bump, consider using a caret range for the ESLint plugin dependency to get minor fixes automatically:

"typescript-eslint": "^8.60.0",

Comment thread pr-summary/package.json Outdated
Comment on lines +22 to +23
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"@sap-ai-sdk/ai-api": "2.11.0",
"@sap-ai-sdk/orchestration": "2.11.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This workspace also upgrades the SAP AI SDK. To keep versioning consistent across workspaces and simplify future bumps, you might extract these shared dependencies into the root package.json or a shared configs file.

Comment thread pr-summary/package.json Outdated
"tsx": "4.22.3",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.60.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure that bumping typescript-eslint here aligns with your overall ESLint config. If you have a centralized ESLint setup, consider updating it in one place instead of per-package.

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from a9b07a7 to ab6d417 Compare May 31, 2026 14:26
@github-actions

Copy link
Copy Markdown

This update standardizes dependency versions across both the pr-review and pr-summary packages, ensuring that core AI SDK modules, tooling runtimes, and linting plugins are aligned to their latest patch releases for improved stability and compatibility.

Walkthrough

  • Chore: Updated SAP AI SDK modules (@sap-ai-sdk/ai-api and @sap-ai-sdk/orchestration) to v2.11.0 across pr-review and pr-summary for minor enhancements and compatibility improvements.
  • Chore: Upgraded TSX runtime from 4.22.3 to 4.22.4 to incorporate recent stability and performance fixes in both packages.
  • Chore: Bumped typescript-eslint plugin to 8.60.0 to ensure up-to-date linting rules and code quality consistency.

Model: o4-mini-2025-04-16 | Prompt Tokens: 756 | Completion Tokens: 949 | Diff Range: a9b07a7...ab6d417

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We’ve assembled a friendly, AI-powered review of your code with practical suggestions. Treat each point as a flexible idea rather than a strict rule. Choose what aligns with your goals and style. You’re in control of the final decisions, and AI is here to support you every step of the way.
Model: o4-mini-2025-04-16 | Prompt Tokens: 924 | Completion Tokens: 2148 | Diff Range: a9b07a7...ab6d417

Comment thread pr-review/package.json Outdated
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"tsx": "4.22.4",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like you’re bumping the tsx version explicitly rather than using a semver range. For better flexibility and to automatically pick up compatible patch/minor updates, consider using a caret prefix. This way you’ll avoid manual bumps for every small release.

-    "tsx": "4.22.4",
+    "tsx": "^4.22.4",

Comment thread pr-summary/package.json Outdated
Comment on lines 37 to 43
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.60.0",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see the same set of ESLint and Prettier dependencies repeated in both pr-review and pr-summary packages. You could centralize shared devDependencies in a workspace root to avoid duplication and ensure consistency across all sub-packages.

For example, in your monorepo root package.json:

{
  "name": "my-monorepo",
  "private": true,
  "workspaces": [
    "pr-review",
    "pr-summary"
  ],
  "devDependencies": {
    "eslint-plugin-sonarjs": "^4.0.3",
    "eslint-plugin-unicorn": "^64.0.0",
    "prettier": "^3.8.3",
    "tsx": "^4.22.4",
    "typescript": "^6.0.3",
    "@typescript-eslint/eslint-plugin": "^8.60.0",
    "yaml": "^2.9.0"
  }
}

Then remove these entries from each sub-package’s devDependencies. This reduces maintenance overhead and keeps versions in sync.

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from ab6d417 to 11f7224 Compare June 8, 2026 03:57
@github-actions

github-actions Bot commented Jun 8, 2026

Copy link
Copy Markdown

This update refreshes CI workflows by upgrading the actions/checkout step and synchronizes package dependencies for pr-summary and pr-review modules. All internal SDKs, HTTP clients, and dev toolchains receive minor version bumps to align with the latest releases. This ensures more stable builds and up-to-date linting, without changing external behavior.

Walkthrough

  • Chore: Upgrades GitHub Actions checkout to v6.0.3, improving overall CI stability.
  • Chore: Bumps internal @sap-ai-sdk packages and axios to latest minor releases for bugfixes and enhancements.
  • Chore: Updates development tooling (TypeScript, Node types, ESLint, tsx) to keep linting and builds current.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1883 | Completion Tokens: 1258 | Diff Range: ab6d417...11f7224

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for sharing your code. I’ve added AI-powered suggestions to help you refine your work. These are ideas, not hard rules—feel free to pick what suits you. Your expertise and choices drive the final outcome. Let me know if you’d like more feedback or support.
Model: o4-mini-2025-04-16 | Prompt Tokens: 2764 | Completion Tokens: 2959 | Diff Range: ab6d417...11f7224

Comment thread .github/workflows/build.yaml Outdated
Comment on lines 23 to 26
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
ref: ${{ env.SOURCE_BRANCH }}
path: source-folder

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The actions/checkout step is pinned to a specific commit SHA multiple times, making maintenance harder when bumping versions. You can use the version tag (e.g., v6) and DRY out the repeated checkout configuration by leveraging YAML anchors or environment variables. For example:

env:
  CHECKOUT_VERSION: v6

jobs:
  prepare:
    steps:
      - name: Checkout source branch
        &checkout-source
        uses: actions/checkout@${{ env.CHECKOUT_VERSION }}
        with:
          ref: ${{ env.SOURCE_BRANCH }}
          path: source-folder

      - name: Checkout release branch
        <<: *checkout-source
        with:
          ref: ${{ env.RELEASE_BRANCH }}
          path: release-folder

Comment thread .github/workflows/code-quality.yaml Outdated
Comment on lines 23 to 26
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to the build workflow, the checkout step is repeated and pinned to a commit SHA. You can improve readability and reduce duplication by using the tag actions/checkout@v6 and introducing a YAML anchor or an environment variable:

env:
  CHECKOUT_ACTION: v6

jobs:
  lint:
    steps:
      - name: Checkout source branch
        &checkout-step
        uses: actions/checkout@${{ env.CHECKOUT_ACTION }}
        with:
          path: [pr-summary, pr-review]

      # Reuse for another job
      - name: Checkout source branch again
        <<: *checkout-step

Comment thread pr-review/package.json Outdated
Comment on lines +23 to +25
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"axios": "1.16.1",
"@sap-ai-sdk/ai-api": "2.11.0",
"@sap-ai-sdk/orchestration": "2.11.0",
"axios": "1.17.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pinning dependencies to exact versions prevents receiving patch updates automatically. Consider using caret ranges (^) to allow non-breaking updates:

- "@sap-ai-sdk/ai-api": "2.11.0",
- "@sap-ai-sdk/orchestration": "2.11.0",
- "axios": "1.17.0",
+ "@sap-ai-sdk/ai-api": "^2.11.0",
+ "@sap-ai-sdk/orchestration": "^2.11.0",
+ "axios": "^1.17.0",

Comment thread pr-review/package.json Outdated
Comment on lines +33 to +34
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@types/node": "24.13.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependencies in devDependencies are not sorted alphabetically, which can make diffs noisy. Also apply caret ranges for consistency:

- "@types/node": "24.13.1",
+ "@types/node": "^24.13.1",

Comment thread pr-summary/package.json Outdated
Comment on lines +22 to +24
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"axios": "1.16.1",
"@sap-ai-sdk/ai-api": "2.11.0",
"@sap-ai-sdk/orchestration": "2.11.0",
"axios": "1.17.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As with the review workflow, use caret ranges for your production dependencies to allow automatic patch and minor upgrades:

- "@sap-ai-sdk/ai-api": "2.11.0",
- "@sap-ai-sdk/orchestration": "2.11.0",
- "axios": "1.17.0",
+ "@sap-ai-sdk/ai-api": "^2.11.0",
+ "@sap-ai-sdk/orchestration": "^2.11.0",
+ "axios": "^1.17.0",

Comment thread pr-summary/package.json Outdated
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@types/node": "24.13.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorting devDependencies alphabetically and using caret ranges will keep your manifest tidy and ensure minor/patch updates:

- "@types/node": "24.13.1",
+ "@types/node": "^24.13.1",

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from 11f7224 to fda456f Compare June 8, 2026 20:04
@github-actions

github-actions Bot commented Jun 8, 2026

Copy link
Copy Markdown

Updated the GitHub workflows to use the latest checkout action and bumped several package versions in the PR summary and review modules. These changes keep CI processes aligned with the most recent enhancements and ensure that internal SDKs and tooling dependencies are up-to-date for improved stability and security.

Walkthrough

  • Chore: Upgraded actions/checkout to v6.0.3 across build and code-quality workflows for consistency and the latest security patches.
  • Chore: Updated internal dependencies in both pr-summary and pr-review packages (SAP AI SDKs, axios, Node types, TSX, ESLint plugins, TypeScript ESLint) to their newest minor releases.
  • Chore: No user-facing functionality changed; these are under-the-hood maintenance updates.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1883 | Completion Tokens: 629 | Diff Range: 11f7224...fda456f

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This review provides gentle AI-assisted feedback on your code. Insights are predictions rather than facts, so pick the ideas that work best for you. You remain in control, with AI here to support your choices.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1156 | Completion Tokens: 1982 | Diff Range: 11f7224...fda456f

Comment thread pr-review/package.json
Comment on lines 32 to 44
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@types/node": "24.13.1",
"@vercel/ncc": "0.38.4",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.61.0",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It’s better to use semantic version ranges (e.g., caret ^) rather than pinning exact versions. This allows you to receive backward-compatible patches automatically and helps with maintenance.

For example, you could update your devDependencies to:

"devDependencies": {
  "@eslint/js": "^9.39.4",
  "@types/node": "^24.13.1",
  "@vercel/ncc": "^0.38.4",
  "eslint": "^9.39.4",
  "eslint-plugin-import": "^2.32.0",
  "eslint-plugin-sonarjs": "^4.0.3",
  "eslint-plugin-unicorn": "^64.0.0",
  "prettier": "^3.8.3",
  "tsx": "^4.22.4",
  "typescript": "^6.0.3",
  "typescript-eslint": "^8.61.0",
  "yaml": "^2.9.0"
}

Comment thread pr-review/package.json Outdated
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.61.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The package typescript-eslint isn’t an official publish; you likely intended to use the scoped ESLint plugin and parser packages. Update to:

"devDependencies": {
  "@typescript-eslint/eslint-plugin": "^8.61.0",
  "@typescript-eslint/parser": "^8.61.0"
}

This ensures ESLint properly picks up your TypeScript rules and syntax parsing.

Comment thread pr-summary/package.json
Comment on lines 31 to 44
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@types/node": "24.13.1",
"@vercel/ncc": "0.38.4",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.61.0",
"yaml": "2.9.0"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since both pr-review and pr-summary share identical devDependencies, consider hoisting them to the workspace root package.json (if you’re using npm/yarn workspaces or pnpm). This reduces duplication and keeps versions consistent across packages.

Example in root package.json:

"workspaces": ["pr-review", "pr-summary"],
"devDependencies": {
  // move all shared devDependencies here
}

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from fda456f to 3b9af6a Compare June 9, 2026 17:15
@github-actions

github-actions Bot commented Jun 9, 2026

Copy link
Copy Markdown

Updated GitHub workflows to use the latest actions/checkout release and bumped various internal and development dependencies in both pr-review and pr-summary packages to their newest patch and minor versions.

Walkthrough

  • Chore: Upgraded actions/checkout steps from v6.0.2 to v6.0.3 across build and code-quality workflows.
  • Chore: Bumped @sap-ai-sdk/ai-api, @sap-ai-sdk/orchestration, and axios to 2.11.0 and 1.17.0 respectively.
  • Chore: Updated devDependencies (@types/node, @vercel/ncc, prettier, tsx, typescript-eslint) to their latest versions for improved tooling.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1945 | Completion Tokens: 435 | Diff Range: fda456f...3b9af6a

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We’ve put together a friendly code review with AI backed ideas to help you refine your work. These pointers are suggestions, not absolute truths. Feel free to choose what matches your style. You’re in charge of the final decisions and AI is here just to support your progress.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1234 | Completion Tokens: 4105 | Diff Range: fda456f...3b9af6a

Comment thread pr-review/package.json Outdated
Comment on lines +33 to +35
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.1",
"@vercel/ncc": "0.44.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You updated several devDependency versions with exact pinned versions. To allow automatic non-breaking updates and avoid frequent manual bumps, consider using caret ranges. For example:

"devDependencies": {
  "@types/node": "^24.13.1",
  "@vercel/ncc": "^0.44.0",
  "prettier": "^3.8.4",
  "tsx": "^4.22.4",
  "typescript-eslint": "^8.61.0"
}

Comment thread pr-review/package.json
Comment on lines 32 to 44
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.1",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.8.4",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.61.0",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The devDependencies section isn’t sorted, which can make diffs harder to read and maintain. Alphabetical ordering of keys improves readability and minimizes merge conflicts. For example:

"devDependencies": {
  "@eslint/js": "9.39.4",
  "@types/node": "24.13.1",
  "@vercel/ncc": "0.44.0",
  "eslint": "9.39.4",
  "eslint-plugin-import": "2.32.0",
  "eslint-plugin-sonarjs": "4.0.3",
  "eslint-plugin-unicorn": "64.0.0",
  "prettier": "3.8.4",
  "tsx": "4.22.4",
  "typescript": "6.0.3",
  "typescript-eslint": "8.61.0",
  "yaml": "2.9.0"
}

Comment thread pr-summary/package.json Outdated
Comment on lines +32 to +34
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.1",
"@vercel/ncc": "0.44.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to the other package, these dependencies are pinned exactly. Switching to caret ranges helps pick up compatible patches and minor updates automatically:

"devDependencies": {
  "@types/node": "^24.13.1",
  "@vercel/ncc": "^0.44.0",
  "prettier": "^3.8.4",
  "tsx": "^4.22.4",
  "typescript-eslint": "^8.61.0"
}

Comment thread pr-summary/package.json
Comment on lines 31 to 43
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.1",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.8.4",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.61.0",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The devDependencies block is unsorted, which can complicate reviews. Keeping keys in alphabetical order ensures consistency:

"devDependencies": {
  "@eslint/js": "9.39.4",
  "@types-node": "24.13.1",
  "@vercel/ncc": "0.44.0",
  "eslint": "9.39.4",
  "eslint-plugin-import": "2.32.0",
  "eslint-plugin-sonarjs": "4.0.3",
  "eslint-plugin-unicorn": "64.0.0",
  "prettier": "3.8.4",
  "tsx": "4.22.4",
  "typescript": "6.0.3",
  "typescript-eslint": "8.61.0",
  "yaml": "2.9.0"
}

Comment thread pr-review/package.json
Comment on lines 31 to 46
},
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.1",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.8.4",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.61.0",
"yaml": "2.9.0"
}
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same devDependencies are repeated across both packages, which increases maintenance overhead and the chance of version drift. Consider adopting a shared configuration or npm workspaces to centralize these dependencies. For example, add at the root package.json:

{
  "workspaces": [
    "pr-review",
    "pr-summary"
  ],
  "devDependencies": {
    "@types/node": "^24.13.1",
    "@vercel/ncc": "^0.44.0",
    // ... other shared devDependencies
  }
}

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from 3b9af6a to 73972f6 Compare June 10, 2026 23:13
@github-actions

Copy link
Copy Markdown

Updated GitHub workflows to use the latest checkout action and bumped several package versions to pull in minor enhancements and fixes. No end-user functionality changed; this update keeps our CI/CD and SDKs up to date.

Walkthrough

  • Chore: Upgraded actions/checkout to v6.0.3 in build.yaml and code-quality.yaml
  • Chore: Bumped @sap-ai-sdk/ai-api, @sap-ai-sdk/orchestration, and axios in both pr-summary and pr-review
  • Chore: Updated devDependencies (@types/node, @vercel/ncc, prettier, tsx, typescript-eslint) for consistency and tooling improvements

Model: o4-mini-2025-04-16 | Prompt Tokens: 1945 | Completion Tokens: 300 | Diff Range: 3b9af6a...73972f6

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for sharing your code. I’ve provided some AI-powered suggestions to help you improve readability and functionality. Please treat these as optional recommendations rather than absolute rules. Feel free to adapt or ignore anything that doesn’t fit your style or goals. You know your project best, and your choices drive the final outcome—AI support is here to empower your process.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1234 | Completion Tokens: 2408 | Diff Range: 3b9af6a...73972f6

Comment thread pr-review/package.json Outdated
Comment on lines +33 to +35
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that you’ve pinned several devDependencies to exact patch versions (e.g., "@types/node": "24.13.2", "@vercel/ncc": "0.44.0"). To allow non-breaking updates (bug fixes, performance improvements), consider using caret ranges. For example:

"devDependencies": {
  "@types/node": "^24.13.2",
  "@vercel/ncc": "^0.44.0",
  // ...other entries
}

This helps keep your tools up-to-date without frequent manual bumps.

Comment thread pr-summary/package.json Outdated
Comment on lines +32 to +34
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to the other package, you’re using exact versions for these devDependencies. Switching to caret ranges ensures you automatically pick up minor and patch releases, e.g.:

"devDependencies": {
  "@types/node": "^24.13.2",
  "@vercel/ncc": "^0.44.0",
  // ...
}

This approach reduces maintenance overhead while avoiding breaking changes.

Comment thread pr-review/package.json
Comment on lines 32 to 45
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.8.4",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.61.0",
"yaml": "2.9.0"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both pr-review and pr-summary share an identical set of devDependencies and version updates. To DRY up your configuration, consider hoisting these to a root package.json (using workspaces) or creating a shared ESLint/TypeScript config package. For example, in your monorepo root:

{
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": {
    "eslint": "^9.39.4",
    "prettier": "^3.8.4",
    "typescript": "^6.0.3",
    // ...other shared tools
  }
}

Then reference them in child packages with:

"devDependencies": {
  "@your-scope/shared-config": "workspace:*",
  "tsx": "workspace:*
}

This ensures consistency and avoids duplicate version bumps across packages.

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from 73972f6 to 0de5008 Compare June 20, 2026 07:58
@github-actions

Copy link
Copy Markdown

Updated the GitHub CI workflows to use the latest checkout action and bumped core and dev dependencies across PR summarization and review packages to their newest minor releases, ensuring compatibility improvements and the latest bug fixes.

Walkthrough

  • Chore: Upgraded actions/checkout from v6.0.2 to v6.0.3 in build and code-quality workflows
  • Chore: Updated @sap-ai-sdk/ai-api, @sap-ai-sdk/orchestration, and axios to newer minor versions in both PR packages
  • Chore: Bumped devDependencies (@types/node, @vercel/ncc, eslint-plugin-sonarjs, prettier, tsx, typescript-eslint) for improved tooling and type support

Model: o4-mini-2025-04-16 | Prompt Tokens: 1979 | Completion Tokens: 628 | Diff Range: 73972f6...0de5008

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enjoy a supportive code review powered by AI. Some insights are projections, not certainties, so feel free to adopt what resonates. Your judgment guides the outcome—AI is here to assist.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1730 | Completion Tokens: 3021 | Diff Range: 73972f6...0de5008

Comment thread pr-review/package.json
Comment on lines -23 to 28
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"axios": "1.16.1",
"@sap-ai-sdk/ai-api": "2.11.0",
"@sap-ai-sdk/orchestration": "2.11.0",
"axios": "1.18.0",
"minimatch": "10.2.5",
"mollitia": "0.2.0",
"octokit": "5.0.5",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider switching from fixed version pins to semver ranges (e.g. ^2.11.0) for your dependencies to automatically pick up non-breaking patch releases. Also, sorting the entries alphabetically improves readability and maintainability. For example:

"dependencies": {
  "@octokit/plugin-retry": "^8.1.0",
  "@octokit/plugin-throttling": "^11.0.3",
  "@octokit/webhooks": "^13.9.1",
  "@sap-ai-sdk/ai-api": "^2.11.0",
  "@sap-ai-sdk/orchestration": "^2.11.0",
  "axios": "^1.18.0",
  "minimatch": "^10.2.5",
  "mollitia": "^0.2.0",
  "octokit": "^5.0.5"
}

Comment thread pr-review/package.json
Comment on lines -34 to 44
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.8.4",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.61.1",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After bumping devDependencies, regenerate and commit your lockfile (e.g., npm install or yarn install) to ensure consistent installs across environments. Additionally, consider specifying a Node.js engine range to prevent unexpected breakages:

"engines": {
  "node": ">=16.0.0 <19.0.0"
}

Comment thread pr-summary/package.json
Comment on lines -22 to 27
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"axios": "1.16.1",
"@sap-ai-sdk/ai-api": "2.11.0",
"@sap-ai-sdk/orchestration": "2.11.0",
"axios": "1.18.0",
"minimatch": "10.2.5",
"mollitia": "0.2.0",
"octokit": "5.0.5",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As with the other package, use semver ranges (^ or ~) instead of exact version pins and keep the list sorted alphabetically. This approach helps you automatically receive non-breaking updates and keeps the file tidy. For example:

"dependencies": {
  "@octokit/plugin-retry": "^8.1.0",
  "@octokit/plugin-throttling": "^11.0.3",
  "@octokit/webhooks": "^13.9.1",
  "@sap-ai-sdk/ai-api": "^2.11.0",
  "@sap-ai-sdk/orchestration": "^2.11.0",
  "axios": "^1.18.0",
  "minimatch": "^10.2.5",
  "mollitia": "^0.2.0",
  "octokit": "^5.0.5"
}

Comment thread pr-summary/package.json
Comment on lines -33 to 43
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.8.4",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.61.1",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remember to update and commit the lockfile after bumping devDependencies. If these bumps include ESLint, Prettier, or TypeScript updates, run your linting and build scripts (e.g., npm run lint and npm run build) to catch any new issues early.

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from 0de5008 to 7513417 Compare June 21, 2026 09:48
@github-actions

Copy link
Copy Markdown

This update standardizes CI workflows and dependency versions across the project to ensure compatibility with the latest tools and libraries.

Walkthrough

  • Chore: Bumped actions/checkout to v7.0.0 in build and code-quality workflows for improved stability.
  • Chore: Upgraded SDKs (@sap-ai-sdk/ai-api, @sap-ai-sdk/orchestration) and Axios for minor enhancements and bug fixes.
  • Chore: Updated devDependencies (@types/node, @vercel/ncc, eslint-plugin-sonarjs, prettier, tsx, typescript-eslint) to current patch/minor releases.

Model: o4-mini-2025-04-16 | Prompt Tokens: 2014 | Completion Tokens: 604 | Diff Range: 0de5008...7513417

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from 7513417 to 09e481d Compare June 22, 2026 20:05
@github-actions

Copy link
Copy Markdown

Updated dependencies in both pr-review and pr-summary packages. Upgraded core AI SDK modules, HTTP client, build tools, and linting-related devDependencies to the latest minor and patch versions for better compatibility and developer experience.

Walkthrough

  • Chore: Bumped @sap-ai-sdk/ai-api & orchestration from 2.10.0 to 2.11.0 and axios from 1.16.1 to 1.18.1 to ensure up-to-date API integrations.
  • Chore: Upgraded devDependencies—including TypeScript, ESLint, Prettier, tsx, ncc, and eslint-plugin-sonarjs—to streamline builds and maintain code-quality standards.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1070 | Completion Tokens: 806 | Diff Range: 7513417...09e481d

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Get a supportive review of your code powered by AI. Some tips are based on educated guesses and may not apply perfectly, so adapt them to your needs. You remain in control, with AI serving as a helpful resource.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1730 | Completion Tokens: 2132 | Diff Range: 0de5008...09e481d

Comment thread pr-review/package.json
Comment on lines -23 to +25
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"axios": "1.16.1",
"@sap-ai-sdk/ai-api": "2.11.0",
"@sap-ai-sdk/orchestration": "2.11.0",
"axios": "1.18.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider switching from fixed version pins to a caret (^) range for these SDK and Axios dependencies. This allows your project to automatically receive backward-compatible updates and security patches without manual bumps. For example:

{
  "dependencies": {
    "@sap-ai-sdk/ai-api": "^2.11.0",
    "@sap-ai-sdk/orchestration": "^2.11.0",
    "axios": "^1.18.1"
  }
}

This approach reduces maintenance overhead and improves security posture.

Comment thread pr-review/package.json Outdated
Comment on lines +34 to +43
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.8.4",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DevDependencies have been updated to newer patch versions, but you might simplify upgrades by using caret (^) version ranges here as well. It ensures you pick up minor and patch fixes automatically. For instance:

- "@types/node": "24.13.2"
+ "@types/node": "^24.13.2"
- "@vercel/ncc": "0.44.0"
+ "@vercel/ncc": "^0.44.0"
- "eslint-plugin-sonarjs": "4.1.0"
+ "eslint-plugin-sonarjs": "^4.1.0"
- "prettier": "3.8.4"
+ "prettier": "^3.8.4"
- "tsx": "4.22.4"
+ "tsx": "^4.22.4"
- "typescript-eslint": "8.62.0"
+ "typescript-eslint": "^8.62.0"

Comment thread pr-summary/package.json
Comment on lines -22 to +24
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"axios": "1.16.1",
"@sap-ai-sdk/ai-api": "2.11.0",
"@sap-ai-sdk/orchestration": "2.11.0",
"axios": "1.18.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to the other package, consider using caret ranges for the bumped dependencies to receive non-breaking updates automatically. Example:

{
  "dependencies": {
    "@sap-ai-sdk/ai-api": "^2.11.0",
    "@sap-ai-sdk/orchestration": "^2.11.0",
    "axios": "^1.18.1"
  }
}

Comment thread pr-summary/package.json Outdated
Comment on lines +33 to +42
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.8.4",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Align devDependencies with caret ranges to reduce manual version management. For example:

- "@types/node": "24.13.2"
+ "@types/node": "^24.13.2"
- "@vercel/ncc": "0.44.0"
+ "@vercel/ncc": "^0.44.0"
- "eslint-plugin-sonarjs": "4.1.0"
+ "eslint-plugin-sonarjs": "^4.1.0"
- "prettier": "3.8.4"
+ "prettier": "^3.8.4"
- "tsx": "4.22.4"
+ "tsx": "^4.22.4"
- "typescript-eslint": "8.62.0"
+ "typescript-eslint": "^8.62.0"

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from 09e481d to b6724aa Compare June 24, 2026 08:52
@github-actions

Copy link
Copy Markdown

Dependency versions have been bumped across both pr-review and pr-summary packages to incorporate the latest AI SDK, HTTP client, and development tooling releases. These updates bring in minor feature improvements, bug fixes, and security patches without altering end-user functionality.

Walkthrough

  • Chore: Upgraded @sap-ai-sdk/ai-api and @sap-ai-sdk/orchestration from 2.10.0 to 2.12.0
  • Chore: Updated axios from 1.16.1 to 1.18.1 for improved request handling
  • Chore: Bumped devDependencies (@types/node, @vercel/ncc, eslint-plugin-sonarjs, prettier, tsx, typescript-eslint) to their latest patch versions for toolchain stability and code quality enhancements

Model: o4-mini-2025-04-16 | Prompt Tokens: 1070 | Completion Tokens: 709 | Diff Range: 09e481d...b6724aa

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We’ve put together a supportive AI-assisted review of your code. These suggestions are ideas, not set in stone. Feel free to pick what suits your project. You’re the expert—AI is here to help you shine.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1046 | Completion Tokens: 2706 | Diff Range: 09e481d...b6724aa

Comment thread pr-review/package.json
Comment on lines -23 to +25
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"axios": "1.16.1",
"@sap-ai-sdk/ai-api": "2.12.0",
"@sap-ai-sdk/orchestration": "2.12.0",
"axios": "1.18.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You’re currently pinning dependencies to exact versions, which can lead to manual updates for every minor or patch release. Consider using caret (^) ranges in your package.json to automatically receive non-breaking updates. For example:

"dependencies": {
  "@sap-ai-sdk/ai-api": "^2.12.0",
  "@sap-ai-sdk/orchestration": "^2.12.0",
  "axios": "^1.18.1"
}

Comment thread pr-review/package.json
Comment on lines 20 to 28
"@octokit/plugin-retry": "8.1.0",
"@octokit/plugin-throttling": "11.0.3",
"@octokit/webhooks": "13.9.1",
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"axios": "1.16.1",
"@sap-ai-sdk/ai-api": "2.12.0",
"@sap-ai-sdk/orchestration": "2.12.0",
"axios": "1.18.1",
"minimatch": "10.2.5",
"mollitia": "0.2.0",
"octokit": "5.0.5",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pr-review and pr-summary share many of the same dependencies at the same versions. In a monorepo setup, you can extract common dependencies into the root package.json and leverage workspaces to avoid duplication, simplify version management, and ensure consistency across packages. For example:

{
  "workspaces": ["pr-review", "pr-summary"],
  "dependencies": {
    "@sap-ai-sdk/ai-api": "^2.12.0",
    "@sap-ai-sdk/orchestration": "^2.12.0",
    "axios": "^1.18.1"
  }
}

Comment thread pr-summary/package.json
Comment on lines -22 to +24
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"axios": "1.16.1",
"@sap-ai-sdk/ai-api": "2.12.0",
"@sap-ai-sdk/orchestration": "2.12.0",
"axios": "1.18.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You’re currently pinning dependencies to exact versions, which can lead to manual updates for every minor or patch release. Consider using caret (^) ranges in your package.json to automatically receive non-breaking updates. For example:

"dependencies": {
  "@sap-ai-sdk/ai-api": "^2.12.0",
  "@sap-ai-sdk/orchestration": "^2.12.0",
  "axios": "^1.18.1"
}

Comment thread pr-summary/package.json
Comment on lines 19 to 27
"@octokit/plugin-retry": "8.1.0",
"@octokit/plugin-throttling": "11.0.3",
"@octokit/webhooks": "13.9.1",
"@sap-ai-sdk/ai-api": "2.10.0",
"@sap-ai-sdk/orchestration": "2.10.0",
"axios": "1.16.1",
"@sap-ai-sdk/ai-api": "2.12.0",
"@sap-ai-sdk/orchestration": "2.12.0",
"axios": "1.18.1",
"minimatch": "10.2.5",
"mollitia": "0.2.0",
"octokit": "5.0.5",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pr-summary and pr-review share many of the same dependencies at the same versions. In a monorepo setup, you can extract common dependencies into the root package.json and leverage workspaces to avoid duplication, simplify version management, and ensure consistency across packages. For example:

{
  "workspaces": ["pr-review", "pr-summary"],
  "dependencies": {
    "@sap-ai-sdk/ai-api": "^2.12.0",
    "@sap-ai-sdk/orchestration": "^2.12.0",
    "axios": "^1.18.1"
  }
}

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from b6724aa to e35452e Compare June 26, 2026 16:10
@github-actions

Copy link
Copy Markdown

Updated project dependencies across both pr-review and pr-summary modules to leverage the latest SDK, HTTP client, and development tools. These non-functional updates ensure compatibility, performance improvements, and the latest linting, formatting, and build capabilities without altering any user-facing features.

Walkthrough

  • Chore: Bumped @sap-ai-sdk/ai-api and @sap-ai-sdk/orchestration from 2.10.0 to 2.12.0
  • Chore: Upgraded axios from 1.16.1 to 1.18.1 for improved HTTP handling
  • Chore: Updated dev dependencies:
    • @types/node 24.12.4 → 24.13.2
    • @vercel/ncc 0.38.4 → 0.44.0
    • eslint-plugin-sonarjs 4.0.3 → 4.1.0
    • prettier 3.8.3 → 3.8.5
    • tsx 4.22.3 → 4.22.4
    • typescript-eslint 8.59.4 → 8.62.0

Model: o4-mini-2025-04-16 | Prompt Tokens: 1070 | Completion Tokens: 669 | Diff Range: b6724aa...e35452e

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enjoy a supportive code review powered by AI. These suggestions spring from patterns and aren’t absolute truths, so pick what suits your needs. You remain in charge—AI simply offers a helping hand.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1276 | Completion Tokens: 3120 | Diff Range: b6724aa...e35452e

Comment thread pr-review/package.json Outdated
Comment on lines +33 to +43
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.8.5",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For consistency across multiple workspace packages and to reduce duplication, consider hoisting shared devDependencies into the root package.json and leveraging npm/Yarn workspaces. This way, you only have to bump versions in one place and avoid drift between pr-review and pr-summary.

Example root package.json:

{
  "private": true,
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": {
    "@types/node": "^24.13.2",
    "@vercel/ncc": "^0.44.0",
    "eslint": "^9.39.4",
    "eslint-plugin-import": "^2.32.0",
    "eslint-plugin-sonarjs": "^4.1.0",
    "eslint-plugin-unicorn": "^64.0.0",
    "prettier": "^3.8.5",
    "tsx": "^4.22.4",
    "typescript": "^6.0.3",
    "typescript-eslint": "^8.62.0",
    "yaml": "^2.9.0"
  }
}

Comment thread pr-summary/package.json Outdated
Comment on lines +39 to +40
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.8.5",
"tsx": "4.22.4",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of pinning exact patch versions, use caret ranges (^) so you automatically receive non-breaking updates without manual bumps. This helps keep devDependencies up-to-date and reduces churn.

For example:

-  "prettier": "3.8.5",
+  "prettier": "^3.8.5",
-  "tsx": "4.22.4",
+  "tsx": "^4.22.4",

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from e35452e to 6e3d77f Compare June 27, 2026 14:12
@github-actions

Copy link
Copy Markdown

Updated dependency versions across both pr-review and pr-summary, including SDK libraries, HTTP client, and developer tooling, to keep the project aligned with the latest patches and performance improvements.

Walkthrough

  • Chore: Bumped @sap-ai-sdk/ai-api and @sap-ai-sdk/orchestration from v2.10.0 to v2.12.0.
  • Chore: Upgraded axios from v1.16.1 to v1.18.1.
  • Chore: Updated devDependencies: @types/node, @vercel/ncc, eslint-plugin-sonarjs, prettier, tsx, and typescript-eslint to their latest patch versions.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1070 | Completion Tokens: 560 | Diff Range: e35452e...6e3d77f

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enjoy a supportive AI-guided code review. These ideas are just friendly suggestions, not compulsory rules, so feel free to apply what resonates. You’re steering the project—AI is here to lend a helping hand.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1276 | Completion Tokens: 2774 | Diff Range: e35452e...6e3d77f

Comment thread pr-review/package.json Outdated
Comment on lines +33 to +35
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using caret (^) ranges instead of exact pins for devDependencies to receive non-breaking patch updates automatically. This reduces the maintenance burden when applying minor security fixes.

Example:

{
  "devDependencies": {
    "@types/node": "^24.13.2",
    "@vercel/ncc": "^0.44.0",
    // ...other deps
  }
}

Comment thread pr-summary/package.json Outdated
Comment on lines +32 to +34
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using caret (^) ranges instead of exact pins for devDependencies to receive non-breaking patch updates automatically. This reduces the maintenance burden when applying minor security fixes.

Example:

{
  "devDependencies": {
    "@types/node": "^24.13.2",
    "@vercel/ncc": "^0.44.0",
    // ...other deps
  }
}

Comment thread pr-review/package.json
Comment on lines 31 to 46
},
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.0",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.0",
"yaml": "2.9.0"
}
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since both pr-review and pr-summary share identical devDependencies, extract them into the monorepo root package.json under devDependencies or use a shared workspace package. This DRYs up your configuration and ensures a single source of truth.

Root package.json example:

{
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": {
    "@eslint/js": "^9.39.4",
    "@types/node": "^24.13.2",
    "@vercel/ncc": "^0.44.0",
    "eslint": "^9.39.4",
    "eslint-plugin-import": "^2.32.0",
    "eslint-plugin-sonarjs": "^4.1.0",
    "eslint-plugin-unicorn": "^64.0.0",
    "prettier": "^3.9.0",
    "tsx": "^4.22.4",
    "typescript": "^6.0.3",
    "typescript-eslint": "^8.62.0",
    "yaml": "^2.9.0"
  }
}

Comment thread pr-summary/package.json
Comment on lines 30 to 45
},
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.0",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.0",
"yaml": "2.9.0"
}
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since both pr-review and pr-summary share identical devDependencies, extract them into the monorepo root package.json under devDependencies or use a shared workspace package. This DRYs up your configuration and ensures a single source of truth.

Root package.json example:

{
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": {
    "@eslint/js": "^9.39.4",
    "@types-node": "^24.13.2",
    "@vercel/ncc": "^0.44.0",
    "eslint": "^9.39.4",
    "eslint-plugin-import": "^2.32.0",
    "eslint-plugin-sonarjs": "^4.1.0",
    "eslint-plugin-unicorn": "^64.0.0",
    "prettier": "^3.9.0",
    "tsx": "^4.22.4",
    "typescript": "^6.0.3",
    "typescript-eslint": "^8.62.0",
    "yaml": "^2.9.0"
  }
}

Comment thread pr-review/package.json
Comment on lines 31 to 46
},
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.0",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.0",
"yaml": "2.9.0"
}
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's good practice to specify an engines field to communicate supported Node.js versions. This helps prevent unexpected runtime issues across environments.

Example addition:

{
  "engines": {
    "node": ">=18.0.0 <25.0.0"
  }
}

Comment thread pr-summary/package.json
Comment on lines 30 to 45
},
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.0",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.0",
"yaml": "2.9.0"
}
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's good practice to specify an engines field to communicate supported Node.js versions. This helps prevent unexpected runtime issues across environments.

Example addition:

{
  "engines": {
    "node": ">=18.0.0 <25.0.0"
  }
}

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from 6e3d77f to af4bd0f Compare June 28, 2026 02:28
@github-actions

Copy link
Copy Markdown

Minor dependency updates across both pr-review and pr-summary packages to keep libraries current, improve stability, and leverage recent fixes. Core AI SDKs, HTTP clients, and build tools have been synchronized to the latest patch versions, ensuring consistency and up-to-date development environments.

Walkthrough

  • Chore: Upgraded @sap-ai-sdk/ai-api and @sap-ai-sdk/orchestration to 2.12.0 for synced AI capabilities.
  • Chore: Bumped axios from 1.16.1 to 1.18.1 for improved HTTP handling.
  • Chore: Updated development tooling (@types/node, @vercel/ncc, eslint-plugin-sonarjs, prettier, tsx, typescript-eslint) to latest minor versions.
  • Chore: Ensures both modules stay aligned with current dependency versions.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1070 | Completion Tokens: 658 | Diff Range: 6e3d77f...af4bd0f

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We’ve taken a look at your code and added AI-powered suggestions. Think of these ideas as helpful hints rather than absolute truths. You’re free to try out what resonates most. Trust your judgment—AI is here to support you as you guide your project forward.
Model: o4-mini-2025-04-16 | Prompt Tokens: 1276 | Completion Tokens: 2307 | Diff Range: 6e3d77f...af4bd0f

Comment thread pr-review/package.json Outdated
Comment on lines +33 to +35
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You’re pinning exact versions for your devDependencies (e.g., "@types/node": "24.13.2"). To get non-breaking updates automatically, consider using caret ranges. For example:

"devDependencies": {
  "@types/node": "^24.13.2",
  "@vercel/ncc": "^0.44.0",
  "eslint-plugin-sonarjs": "^4.1.0",
  // …
}

This approach reduces churn when patch releases land and still protects against breaking changes.

Comment thread pr-review/package.json
Comment on lines 32 to 45
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.1",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.0",
"yaml": "2.9.0"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The devDependencies block is duplicated in pr-summary/package.json. If these two packages live in the same repository, consider moving common dev dependencies into a root-level package.json (or using a workspace setup). This avoids version drift and simplifies updates. For example:

// root package.json
{
  "devDependencies": {
    "typescript": "^6.0.3",
    "eslint": "^9.39.4",
    // …
  }
}

Then individual package.json files can omit redundant entries.

Comment thread pr-review/package.json
@@ -31,16 +31,16 @@
},

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add an engines field to explicitly declare the supported Node.js versions. This helps maintainers know which runtime you’re targeting and can block installs on unsupported versions. Example:

"engines": {
  "node": ">=18.0.0 <21"
}

Adjust the range as appropriate for your compatibility matrix.

Comment thread pr-review/package.json
@@ -31,16 +31,16 @@
},

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Include a packageManager directive to lock the package manager version and ensure reproducible installs. For example, for npm 9:

"packageManager": "npm@9.8.1"

Or for yarn or pnpm, adjust accordingly.

Comment thread pr-summary/package.json Outdated
Comment on lines +32 to +34
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than pinning each devDependency to an exact version, use caret ranges to allow safe updates. For example:

"devDependencies": {
  "@types/node": "^24.13.2",
  "@vercel/ncc": "^0.44.0",
  "eslint-plugin-sonarjs": "^4.1.0",
  // …
}

This reduces the need for manual bumps on patch releases.

Comment thread pr-summary/package.json
Comment on lines 31 to 44
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.1",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.0",
"yaml": "2.9.0"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You duplicate the entire devDependencies block here as well. If this is part of a monorepo or multi-package setup, centralize shared devDependencies in the root and leverage workspaces. It keeps all version bumps in one place and reduces the chance of drift.

Comment thread pr-summary/package.json
@@ -30,16 +30,16 @@
},

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Specify the supported Node.js versions with an engines field. This makes it clear which runtimes are supported and can warn or prevent installs on unsupported versions:

"engines": {
  "node": ">=18.0.0 <21"
}

Comment thread pr-summary/package.json
@@ -30,16 +30,16 @@
},

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a packageManager property to lock your package manager and version, ensuring consistent installs across environments. Example for npm:

"packageManager": "npm@9.8.1"

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from af4bd0f to 567778a Compare June 29, 2026 11:58
@github-actions

Copy link
Copy Markdown

This patch adds a summary-prompt input to customize AI-generated review summaries in the pr-review action. It updates documentation and examples with the new parameter and summary output, refactors the review flow to include summaries, and bumps license year and dependencies.

Walkthrough

  • New Feature: summary-prompt input lets users tailor AI summaries in PR reviews.
  • Documentation: Updated READMEs and action.yml to introduce the new input, summary output, and usage examples.
  • Refactor: Review flow now generates and displays a summary instead of only a disclaimer.
  • Chore: Bump licensing to 2026 and update dependencies for maintenance.

Model: o4-mini-2025-04-16 | Prompt Tokens: 2871 | Completion Tokens: 2018 | Diff Range: af4bd0f...567778a

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Take a moment to explore this code review enriched by AI insights. Treat suggestions as well-informed possibilities rather than fixed rules, and apply the ones that feel most helpful. You’re in control of every decision and AI is here simply to lend a hand.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1276 | Completion Tokens: 2293 | Diff Range: af4bd0f...567778a

Comment thread pr-review/package.json
Comment on lines 32 to 44
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.3",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.0",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see you’ve pinned each devDependency to an exact patch version. To get bug fixes and minor enhancements automatically, consider using a caret (^) version range. This way, updates like 24.13.x will be included without manual bumps. For example:

{
  "devDependencies": {
    "@types/node": "^24.13.2",
    "@vercel/ncc": "^0.44.0",
    "eslint-plugin-sonarjs": "^4.1.0",
    "prettier": "^3.9.3",
    "tsx": "^4.22.4",
    "typescript-eslint": "^8.62.0"
  }
}

Additionally, since both package.json files share identical devDependencies, you could hoist these to a root configuration (e.g., a workspace-level package.json or eslint.config.js) to avoid duplication.

Finally, the package name typescript-eslint doesn’t match the official scoped packages. You might want to replace it with the parser and plugin packages:

{
  "devDependencies": {
    "@typescript-eslint/parser": "^8.62.0",
    "@typescript-eslint/eslint-plugin": "^8.62.0"
  }
}

Comment thread pr-summary/package.json
Comment on lines 31 to 43
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.3",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.0",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just like in the other package, you’re pinning devDependencies to exact versions. I recommend switching to caret ranges (e.g., "^24.13.2") so you can pick up non-breaking updates automatically:

{
  "devDependencies": {
    "@types/node": "^24.13.2",
    "@vercel/ncc": "^0.44.0",
    "eslint-plugin-sonarjs": "^4.1.0",
    "prettier": "^3.9.3",
    "tsx": "^4.22.4",
    "typescript-eslint": "^8.62.0"
  }
}

Since both pr-review and pr-summary now mirror each other, consider consolidating common devDependencies into a shared workspace or root package.json to reduce maintenance.

Also, switch typescript-eslint to the official scoped packages:

{
  "devDependencies": {
    "@typescript-eslint/parser": "^8.62.0",
    "@typescript-eslint/eslint-plugin": "^8.62.0"
  }
}

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from 567778a to c4c8202 Compare June 29, 2026 18:11
@github-actions

Copy link
Copy Markdown

Updated package versions across both pr-review and pr-summary to align on the latest SDK, HTTP client, and development tooling. These bumps ensure compatibility with recent releases, include upstream bug fixes, and modernize the linting & build setup without altering end-user behavior.

Walkthrough

  • Chore: Upgraded @sap-ai-sdk/ai-api and @sap-ai-sdk/orchestration from 2.10.0 to 2.12.0.
  • Chore: Bumped axios from 1.16.1 to 1.18.1.
  • Chore: Updated devDependencies—Node types, Vercel NCC, ESLint plugins, Prettier, TSX, and typescript-eslint—for improved build and lint support.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1070 | Completion Tokens: 630 | Diff Range: 567778a...c4c8202

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We carried out a friendly review of your code with some AI assistance. A few points are educated guesses rather than certainties, so pick and choose what suits your project. You control the decisions—AI is just a helpful tool.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1276 | Completion Tokens: 2709 | Diff Range: 567778a...c4c8202

Comment thread pr-review/package.json Outdated
Comment on lines +33 to +41
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.3",
"tsx": "4.22.4",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You’re bumping multiple devDependencies to exact versions across both package.json files, which can lead to version drift and duplication. Consider centralizing shared devDependencies in a root-level package.json (e.g., using npm workspaces) and using caret ranges (^) to allow safe non-breaking updates. For example:

// root package.json
{
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": {
    "@types/node": "^24.13.2",
    "@vercel/ncc": "^0.44.0",
    "eslint-plugin-sonarjs": "^4.1.0",
    "prettier": "^3.9.3",
    "tsx": "^4.22.4",
    "typescript-eslint": "^8.62.1"
    // ...other shared devDeps
  }
}

Then remove these duplicated entries from the individual package.json files to keep versions in sync automatically.

Comment thread pr-review/package.json
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dependency typescript-eslint isn’t an official scoped package. The recommended setup is to install both @typescript-eslint/parser and @typescript-eslint/eslint-plugin. Update your devDependencies and ESLint config like this:

"devDependencies": {
  "@typescript-eslint/parser": "^8.62.1",
  "@typescript-eslint/eslint-plugin": "^8.62.1"
}

And in your ESLint config:

{
  "parser": "@typescript-eslint/parser",
  "plugins": ["@typescript-eslint"],
  "extends": ["plugin:@typescript-eslint/recommended"]
}

Comment thread pr-summary/package.json Outdated
Comment on lines +32 to +40
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.0",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.3",
"tsx": "4.22.4",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You’re bumping multiple devDependencies to exact versions across both package.json files, which can lead to version drift and duplication. Consider centralizing shared devDependencies in a root-level package.json (e.g., using npm workspaces) and using caret ranges (^) to allow safe non-breaking updates. For example:

// root package.json
{
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": {
    "@types-node": "^24.13.2",
    "@vercel-ncc": "^0.44.0",
    "eslint-plugin-sonarjs": "^4.1.0",
    "prettier": "^3.9.3",
    "tsx": "^4.22.4",
    "typescript-eslint": "^8.62.1"
    // ...other shared devDeps
  }
}

Then remove these duplicated entries from the individual package.json files to keep versions in sync automatically.

Comment thread pr-summary/package.json
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dependency typescript-eslint isn’t an official scoped package. The recommended setup is to install both @typescript-eslint/parser and @typescript-eslint/eslint-plugin. Update your devDependencies and ESLint config like this:

"devDependencies": {
  "@typescript-eslint/parser": "^8.62.1",
  "@typescript-eslint/eslint-plugin": "^8.62.1"
}

And in your ESLint config:

{
  "parser": "@typescript-eslint/parser",
  "plugins": ["@typescript-eslint"],
  "extends": ["plugin:@typescript-eslint/recommended"]
}

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from c4c8202 to e08d52e Compare June 29, 2026 22:58
@github-actions

Copy link
Copy Markdown

This update bumps several core and development dependencies across both pr-review and pr-summary packages, keeping SDKs, build tools, and linters up to date for improved performance, security patches, and developer experience.

Walkthrough

  • Chore: Updated @sap-ai-sdk/ai-api and @sap-ai-sdk/orchestration to v2.12.0 for latest SDK improvements.
  • Chore: Upgraded axios to v1.18.1, incorporating performance and security fixes.
  • Chore: Bumped devDependencies (@types/node, @vercel/ncc, eslint-plugin-sonarjs, prettier, tsx, typescript-eslint) for smoother builds and code quality.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1070 | Completion Tokens: 498 | Diff Range: c4c8202...e08d52e

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here’s a friendly code review powered by AI. Treat these insights as helpful guidance rather than absolute truths. Feel free to embrace or modify any suggestions to fit your style. You’re in control, and AI is here to assist.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1276 | Completion Tokens: 3441 | Diff Range: c4c8202...e08d52e

Comment thread pr-review/package.json
Comment on lines 32 to 45
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.3",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",
"yaml": "2.9.0"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like you’re duplicating the exact same set of devDependencies in pr-review and pr-summary. Maintaining two parallel lists of dependencies can drift over time and makes updates more cumbersome. Consider hoisting shared devDependencies into a root-level package.json (using workspaces) or extracting a common config so that you only update in one place.

Comment thread pr-summary/package.json
Comment on lines 31 to 44
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.3",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",
"yaml": "2.9.0"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like you’re duplicating the exact same set of devDependencies in pr-summary and pr-review. Maintaining two parallel lists of dependencies can drift over time and makes updates more cumbersome. Consider hoisting shared devDependencies into a root-level package.json (using workspaces) or extracting a common config so that you only update in one place.

Comment thread pr-review/package.json
Comment on lines 33 to 44
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.3",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of these dependencies are pinned to exact versions. Pinning can force you to open frequent PRs for non-breaking fixes. Consider using caret ranges (e.g., "^24.13.2") to allow automatic minor/patch upgrades while still preventing breaking changes, or use an automation tool to keep them up to date.

Comment thread pr-summary/package.json
Comment on lines 32 to 43
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.3",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of these dependencies are pinned to exact versions. Pinning can force you to open frequent PRs for non-breaking fixes. Consider using caret ranges (e.g., "^24.13.2") to allow automatic minor/patch upgrades while still preventing breaking changes, or use an automation tool to keep them up to date.

Comment thread pr-review/package.json
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verify whether the yaml package is actually required by this project. If you’re not parsing or serializing YAML in pr-review, removing unused dependencies will slim down installs and improve security scan results.

Comment thread pr-summary/package.json
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verify whether the yaml package is actually required by this project. If you’re not parsing or serializing YAML in pr-summary, removing unused dependencies will slim down installs and improve security scan results.

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from e08d52e to cd9651b Compare June 30, 2026 04:12
@github-actions

Copy link
Copy Markdown

The PR updates core and dev dependencies across both pr-review and pr-summary packages, bumping SDK modules, HTTP client, and tooling to their latest compatible versions for improved stability and security.

Walkthrough

  • Chore: Upgraded @sap-ai-sdk/ai-api and @sap-ai-sdk/orchestration to 2.12.0, and axios to 1.18.1.
  • Chore: Bumped devDependencies including @types/node, @vercel/ncc, eslint-plugin-sonarjs, prettier, tsx, and typescript-eslint.
  • Chore: Ensures up-to-date tooling, security patches, and compatibility.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1070 | Completion Tokens: 812 | Diff Range: e08d52e...cd9651b

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here is a review of your code with AI-powered insights. These suggestions are forecasts, not guaranteed facts, meant to spark ideas. Feel free to apply what works for you. You guide the process and AI is here to support your decisions.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1276 | Completion Tokens: 3529 | Diff Range: e08d52e...cd9651b

Comment thread pr-review/package.json
Comment on lines -34 to +35
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These devDependencies are pinned to exact versions, which means you'll need to bump them manually for every patch or minor update. To automatically receive non-breaking upgrades, consider using caret ranges (^). For example:

"devDependencies": {
  "@types/node": "^24.13.2",
  "@vercel/ncc": "^0.44.1",
  // ... other entries remain
}

This ensures you get all compatible bug fixes and minor improvements without manual changes.

Comment thread pr-review/package.json
Comment on lines 32 to 44
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.4",
"tsx": "4.22.4",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",
"yaml": "2.9.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pr-review and pr-summary packages share virtually identical devDependencies. To avoid duplication and keep dependencies in sync, consider adopting an npm (or Yarn) workspace setup and hoisting common devDependencies to the root package.json. For example:

// root package.json
{
  "name": "monorepo-root",
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": {
    "@eslint/js": "^9.39.4",
    "@types/node": "^24.13.2",
    "@vercel/ncc": "^0.44.1",
    "eslint": "^9.39.4",
    "eslint-plugin-import": "^2.32.0",
    "eslint-plugin-sonarjs": "^4.1.0",
    "eslint-plugin-unicorn": "^64.0.0",
    "prettier": "^3.9.4",
    "tsx": "^4.22.4",
    "typescript": "6.0.3",
    "@typescript-eslint/parser": "^8.62.1",
    "yaml": "^2.9.0"
  }
}

This centralizes maintenance and prevents drift between packages.

Comment thread pr-review/package.json
"tsx": "4.22.3",
"prettier": "3.9.4",
"tsx": "4.22.4",
"typescript": "6.0.3",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You’ve upgraded TypeScript to a new major version (6.0.3). Major upgrades can introduce breaking changes, so it’s worth validating your codebase automatically. Add a CI step to run type checks and lints whenever dependencies change. For example:

# .github/workflows/ci.yml
name: CI
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install dependencies
        run: npm ci
      - name: Run type-check and lint
        run: npm run type-check && npm run lint

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from cd9651b to af0da1d Compare July 2, 2026 16:32
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

This PR brings all core and dev dependencies up to date in both the pr-review and pr-summary packages, bumping SAP AI SDK modules, Axios, TypeScript tooling, and lint/format utilities to their latest patch versions for improved stability, performance, and developer experience.

Walkthrough

  • Chore: Upgraded SAP AI SDK core modules (ai-api, orchestration) to 2.12.0 for enhanced reliability.
  • Chore: Updated Axios to 1.18.1 to leverage recent HTTP handling fixes.
  • Chore: Bumped TypeScript, type definitions, and build tools (tsx, @vercel/ncc) for consistent builds.
  • Chore: Refreshed linting/formatting plugins (ESLint, Prettier, SonarJS, Unicorn) to ensure code quality.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1070 | Completion Tokens: 1032 | Diff Range: cd9651b...af0da1d

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This review offers AI-powered suggestions to help refine your code. Treat these ideas as flexible options rather than fixed rules. You know your project best, so choose what aligns with your goals and style. AI is here to provide supportive guidance while you remain in control of every decision.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1276 | Completion Tokens: 4068 | Diff Range: cd9651b...af0da1d

Comment thread pr-review/package.json
Comment on lines 33 to +35
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see you've hard-pinned the versions for @types/node and @vercel/ncc. To improve maintainability and reduce churn when patch or minor updates are published, consider using caret ranges (e.g., ^24.13.2 and ^0.44.1). This allows non-breaking updates automatically while still preserving reproducible builds:

"devDependencies": {
  "@types/node": "^24.13.2",
  "@vercel/ncc": "^0.44.1",
  // …
}

Comment thread pr-review/package.json
"tsx": "4.22.5",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The package name typescript-eslint doesn’t match the official ESLint integration packages. To ensure compatibility with your TypeScript ESLint rules, switch to the scoped plugins:

"devDependencies": {
  "@typescript-eslint/parser": "^8.62.1",
  "@typescript-eslint/eslint-plugin": "^8.62.1",
  // remove the old `typescript-eslint` entry
}

Then update your ESLint config to set parser: '@typescript-eslint/parser' and include the plugin under plugins.

Comment thread pr-review/package.json
Comment on lines 32 to 45
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.4",
"tsx": "4.22.5",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",
"yaml": "2.9.0"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of your devDependencies are duplicated between pr-review and pr-summary. To avoid drift and make upgrades smoother, consider centralizing them in a root-level package.json using npm/Yarn workspaces or another monorepo tool. For example:

// root package.json
{
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": {
    "@eslint/js": "^9.39.4",
    "@types/node": "^24.13.2",
    "@vercel/ncc": "^0.44.1",
    "eslint": "^9.39.4",
    "eslint-plugin-import": "^2.32.0",
    "eslint-plugin-sonarjs": "^4.1.0",
    "eslint-plugin-unicorn": "^64.0.0",
    "prettier": "^3.9.4",
    "tsx": "^4.22.5",
    "typescript": "^6.0.3",
    "@typescript-eslint/eslint-plugin": "^8.62.1",
    "@typescript-eslint/parser": "^8.62.1",
    "yaml": "^2.9.0"
  }
}

Comment thread pr-summary/package.json
Comment on lines 32 to +34
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You’re pinning @types/node and @vercel/ncc exactly. To automatically pick up future non-breaking fixes, switch to caret ranges:

"devDependencies": {
  "@types/node": "^24.13.2",
  "@vercel/ncc": "^0.44.1",
  // …
}

Comment thread pr-summary/package.json
"tsx": "4.22.5",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The typescript-eslint entry is non-standard. To properly integrate TypeScript with ESLint, use the scoped packages:

"devDependencies": {
  "@typescript-eslint/parser": "^8.62.1",
  "@typescript-eslint/eslint-plugin": "^8.62.1",
  // drop the previous `typescript-eslint` key
}

Comment thread pr-summary/package.json
Comment on lines 31 to 44
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.4",
"tsx": "4.22.5",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",
"yaml": "2.9.0"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since pr-summary and pr-review share the same devDependencies, consider lifting them to a common root using workspaces. This centralizes upgrades and avoids version skew. Example root config:

{
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": { /* shared deps here */ }
}

@renovate renovate Bot force-pushed the renovate/non-major-dependencies branch from af0da1d to 45bc835 Compare July 3, 2026 15:43
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Updated dependency versions in both pr-review and pr-summary to ensure compatibility with the latest SDK, HTTP client, and developer tooling. These bumps include @sap-ai-sdk packages, axios, TypeScript definitions, build tools, linters, and formatters, helping address upstream fixes and maintain project stability.

Walkthrough

  • Chore: Upgraded @sap-ai-sdk/ai-api and orchestration to 2.12.0, axios to 1.18.1
  • Chore: Bumped devDependencies – @types/node, @vercel/ncc, eslint-plugin-sonarjs, prettier, tsx, and typescript-eslint – to their latest stable releases
  • Chore: Ensures smoother builds, improved linting, and alignment with upstream improvements

Model: o4-mini-2025-04-16 | Prompt Tokens: 1070 | Completion Tokens: 497 | Diff Range: af0da1d...45bc835

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here’s a thoughtful code review with assistance from AI. The ideas offered reflect possible improvements but might not be one-size-fits-all. Feel free to apply what fits your style and needs. You’re in charge of decisions, and AI is simply a helpful partner along the way.

Model: o4-mini-2025-04-16 | Prompt Tokens: 1276 | Completion Tokens: 3161 | Diff Range: af0da1d...45bc835

Comment thread pr-review/package.json
Comment on lines -34 to +35
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recommend using a version range (e.g. caret) instead of a fixed version for dev dependencies. This allows you to automatically pick up backward-compatible bug fixes and performance improvements without manual bumps.

For example, you could update to:

"@types/node": "^24.13.2",
"@vercel/ncc": "^0.44.1",

Comment thread pr-review/package.json
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You’ve bumped eslint-plugin-sonarjs to a new minor version. Please review the CHANGELOG for any breaking rules or configuration changes, and run your lint pipeline to confirm nothing has been affected.

Comment thread pr-review/package.json
Comment on lines -40 to +41
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.4",
"tsx": "4.23.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to other dependencies, consider using a caret range for prettier and tsx to automatically receive patch releases:

"prettier": "^3.9.4",
"tsx": "^4.23.0",

Comment thread pr-review/package.json
"tsx": "4.23.0",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like the package name typescript-eslint may not match the official naming (usually scoped under @typescript-eslint). If you intend to install the ESLint plugin and parser for TypeScript, you might need:

"@typescript-eslint/parser": "^8.62.1",
"@typescript-eslint/eslint-plugin": "^8.62.1",

Comment thread pr-review/package.json
Comment on lines 32 to 45
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.4",
"tsx": "4.23.0",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",
"yaml": "2.9.0"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I notice that pr-summary/package.json has the exact same devDependencies block. To reduce duplication and ensure consistency, you could centralize common devDependencies in a root package.json or use a shared configuration (e.g., via npm workspaces). This way, upgrades only need to happen in one place.

Comment thread pr-summary/package.json
Comment on lines -33 to +34
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recommend using a version range (e.g. caret) instead of a fixed version for dev dependencies. This allows you to automatically pick up backward-compatible bug fixes and performance improvements without manual bumps.

For example, you could update to:

"@types/node": "^24.13.2",
"@vercel/ncc": "^0.44.1",

Comment thread pr-summary/package.json
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You’ve bumped eslint-plugin-sonarjs to a new minor version. Please review the CHANGELOG for any breaking rules or configuration changes, and run your lint pipeline to confirm nothing has been affected.

Comment thread pr-summary/package.json
Comment on lines -39 to +40
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.4",
"tsx": "4.23.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to other dependencies, consider using a caret range for prettier and tsx to automatically receive patch releases:

"prettier": "^3.9.4",
"tsx": "^4.23.0",

Comment thread pr-summary/package.json
"tsx": "4.23.0",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like the package name typescript-eslint may not match the official naming (usually scoped under @typescript-eslint). If you intend to install the ESLint plugin and parser for TypeScript, you might need:

"@typescript-eslint/parser": "^8.62.1",
"@typescript-eslint/eslint-plugin": "^8.62.1",

Comment thread pr-summary/package.json
Comment on lines 31 to 44
"devDependencies": {
"@eslint/js": "9.39.4",
"@types/node": "24.12.4",
"@vercel/ncc": "0.38.4",
"@types/node": "24.13.2",
"@vercel/ncc": "0.44.1",
"eslint": "9.39.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-sonarjs": "4.0.3",
"eslint-plugin-sonarjs": "4.1.0",
"eslint-plugin-unicorn": "64.0.0",
"prettier": "3.8.3",
"tsx": "4.22.3",
"prettier": "3.9.4",
"tsx": "4.23.0",
"typescript": "6.0.3",
"typescript-eslint": "8.59.4",
"typescript-eslint": "8.62.1",
"yaml": "2.9.0"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I notice that pr-review/package.json has the exact same devDependencies block. To reduce duplication and ensure consistency, you could centralize common devDependencies in a root package.json or use a shared configuration (e.g., via npm workspaces). This way, upgrades only need to happen in one place.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants