Skip to content

deps: consolidate Dependabot majors + fix corrupted client manifest + low-maintenance setup#36

Merged
StrandedTurtle merged 1 commit into
mainfrom
claude/youthful-pasteur-2f6s72
Jul 1, 2026
Merged

deps: consolidate Dependabot majors + fix corrupted client manifest + low-maintenance setup#36
StrandedTurtle merged 1 commit into
mainfrom
claude/youthful-pasteur-2f6s72

Conversation

@StrandedTurtle

Copy link
Copy Markdown
Owner

The earlier fast-merges left client/package.json corrupted — duplicate react/react-dom keys (react 19 + react-dom 18 mismatch) and Vite 8 with an incompatible plugin-react 4. This repairs it and takes the remaining open Dependabot bumps as one tested set, plus sets up low-maintenance automation.

Fixes / upgrades

  • client: react + react-dom → 19, @vitejs/plugin-react → 6 (needed for the already-merged Vite 8). Added client/.npmrc (legacy-peer-deps) for plugin-react 6's transitive Babel peer noise so npm ci is clean. Build + npm ci verified.
  • server: express 5, dockerode 5, dotenv 17, better-sqlite3 12. Tests 111/111, npm ci (native rebuild) clean, and an Express-5 boot smoke passed (health, auth, /api/status, SPA fallback, 503 on the daemon-less container call). Silenced dotenv 17's startup tip.
  • ci: docker/setup-qemu-action → v4.

Low-maintenance automation (your goal)

  • Dependabot grouping — minor/patch bumps collapse into one PR per ecosystem per week (majors stay individual for review).
  • CI on PRs to main re-enabled (so grouped/dep PRs are validated) — arbitrary branch pushes still don't trigger CI.
  • Auto-merge workflow for Dependabot patch/minor once CI is green.

This supersedes the 6 open Dependabot PRs (#26, #27, #29, #30, #32, #33) — I'll close them after merge.

⚠️ dockerode 5's container operations (list/inspect/compose/recreate) can't be exercised here without a Docker daemon — worth one real update on your server to confirm, though the v4→v5 core API is unchanged.

🤖 Generated with Claude Code


Generated by Claude Code

Fast-merged Dependabot PRs left client/package.json with duplicate react /
react-dom keys (react 19 + react-dom 18 mismatch) and Vite 8 paired with an
incompatible plugin-react 4. Repair and take the rest of the open bumps as one
tested set:

- client: react/react-dom 19, @vitejs/plugin-react 6 (for Vite 8); add
  client/.npmrc legacy-peer-deps for plugin-react 6's transitive Babel peers so
  npm ci is clean. Build + npm ci verified.
- server: express 5, dockerode 5, dotenv 17, better-sqlite3 12. Tests 111/111,
  npm ci (native rebuild) clean, Express 5 boot smoke green (routing, auth, SPA
  fallback, SSE). Silence dotenv 17's startup tip (quiet: true).
- ci: setup-qemu-action v4.

Maintainability: group Dependabot minor/patch into one PR per ecosystem (majors
stay individual), run CI on PRs to main (not arbitrary branch pushes), and add a
Dependabot auto-merge workflow for patch/minor once CI is green.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_013Lj6nYJQDtLaZFvvEQJGM4
@StrandedTurtle StrandedTurtle merged commit 0d074b4 into main Jul 1, 2026
3 checks passed
@StrandedTurtle StrandedTurtle deleted the claude/youthful-pasteur-2f6s72 branch July 2, 2026 08:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant