Skip to content

chore: modernize dependency baseline around Expo 56#90

Merged
saseungmin merged 5 commits into
mainfrom
chore/dependency-upgrade-node24-expo56
Jun 26, 2026
Merged

chore: modernize dependency baseline around Expo 56#90
saseungmin merged 5 commits into
mainfrom
chore/dependency-upgrade-node24-expo56

Conversation

@saseungmin

@saseungmin saseungmin commented Jun 26, 2026

Copy link
Copy Markdown
Member

Move the repo onto Node 24 and pnpm 11.

Keep the Expo example on the Expo 56 compatibility axis.

Centralize TypeScript 5.9.3 through the pnpm catalog.

Keep the top-level Bun web app on its separate lockfile boundary.

Summary by CodeRabbit

  • Chores
    • Updated the project’s toolchain and build/test environment, including newer Node.js and package manager versions.
    • Refreshed several app and package dependencies across web, React, docs, and native example projects.
    • Tightened workflow reliability by pinning more automation steps to fixed versions.
    • Adjusted formatter and lint settings for more consistent code styling.
  • Bug Fixes
    • Improved YouTube video ID handling for more reliable source parsing.

Move the repo onto Node 24 and pnpm 11.

Keep the Expo example on the Expo 56 compatibility axis.

Centralize TypeScript 5.9.3 through the pnpm catalog.

Keep the top-level Bun web app on its separate lockfile boundary.

Constraint: Expo 56 compatibility determines the React Native baseline.

Constraint: TypeScript stays on latest 5.x, not TypeScript 6.

Constraint: top-level web/ stays outside the pnpm workspace.

Rejected: Chase React Native 0.86 | diverges from the Expo 56 matrix.

Rejected: Mutable GitHub Action tags | SHA pins strengthen CI review.

Confidence: high

Scope-risk: broad

Reversibility: clean

Directive: Check Expo and TypeScript compatibility before major bumps.

Tested: pnpm run lint:ci; pnpm run format:check; pnpm run typecheck

Tested: pnpm run test --maxWorkers=2; pnpm run build

Tested: pnpm --filter example exec expo install --check

Tested: pnpm --filter example run web:build; bun run build in web/

Tested: GitHub workflow YAML parsing

Not-tested: native device or emulator runtime smoke test
@changeset-bot

changeset-bot Bot commented Jun 26, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 94a8256

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages
Name Type
@react-native-youtube-bridge/react Patch
react-native-youtube-bridge Patch
@react-native-youtube-bridge/core Patch
@react-native-youtube-bridge/web Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai

coderabbitai Bot commented Jun 26, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@saseungmin, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 20 minutes and 43 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1df413fa-d1d1-455d-9c70-c47f4654b529

📥 Commits

Reviewing files that changed from the base of the PR and between 4f188b3 and 94a8256.

📒 Files selected for processing (4)
  • .changeset/busy-stars-spend.md
  • .changeset/ninety-insects-wear.md
  • .oxfmtrc.json
  • .oxlintrc.json
📝 Walkthrough

Walkthrough

The PR updates workflow action pins, repository Node and pnpm settings, formatter/lint configuration, and dependency versions across several package manifests. It also refactors useYoutubeVideoId to normalize its source input through a helper before validation.

Changes

Toolchain and dependency refresh

Layer / File(s) Summary
Pinned GitHub actions
.github/actions/setup/action.yml, .github/workflows/ci.yml, .github/workflows/release.yml
Setup, CI, and release workflows replace tagged GitHub actions with pinned SHAs and update pnpm/action-setup to pnpm 11.9.0.
Repo runtime and workspace baseline
.nvmrc, pnpm-workspace.yaml, package.json, .oxfmtrc.json, .oxlintrc.json
The root runtime and workspace settings update the Node and pnpm versions, catalog entries, build allowances, import sorting, and lint rule disables.
Package dependency alignment
example/package.json, packages/core/package.json, packages/docs/package.json, packages/react-native-youtube-bridge/package.json, packages/react/package.json, packages/web/package.json
Example and workspace package manifests bump React, React Native, Expo, Vite, and TypeScript-related versions, including several moves to catalog:.

YouTube hook normalization

Layer / File(s) Summary
Source value helper
packages/react/src/hooks/useYoutubeVideoId.ts
useYoutubeVideoId now resolves sourceValue through getSourceValue(source) before the existing YouTube ID extraction and error handling.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Poem

A bunny hops through pins so bright,
With Node and pnpm set just right.
I twitch my nose at source and cache,
Then nibble versions in a flash.
Hoppy builds and tidy trails,
🌿🐇 my burrow sings with updated tales.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: modernizing the repo’s dependency baseline around Expo 56.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/dependency-upgrade-node24-expo56

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 26, 2026

Copy link
Copy Markdown

Deploying react-native-youtube-bridge-example with  Cloudflare Pages  Cloudflare Pages

Latest commit: 94a8256
Status: ✅  Deploy successful!
Preview URL: https://49a0e935.react-native-youtube-bridge-example.pages.dev
Branch Preview URL: https://chore-dependency-upgrade-nod.react-native-youtube-bridge-example.pages.dev

View logs

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying react-native-youtube-bridge with  Cloudflare Pages  Cloudflare Pages

Latest commit: 4f188b3
Status: ✅  Deploy successful!
Preview URL: https://92491427.react-native-youtube-bridge.pages.dev
Branch Preview URL: https://chore-dependency-upgrade-nod.react-native-youtube-bridge.pages.dev

View logs

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying react-native-youtube-bridge-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: 4f188b3
Status: ✅  Deploy successful!
Preview URL: https://13ce297a.react-native-youtube-bridge-docs.pages.dev
Branch Preview URL: https://chore-dependency-upgrade-nod.react-native-youtube-bridge-docs.pages.dev

View logs

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
pnpm-workspace.yaml (1)

4-11: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Mirror the Node 24 baseline in pnpm's workspace config.

The repo now declares Node 24 in .nvmrc and package.json, but pnpm still checks dependency engines against the contributor's local runtime unless nodeVersion and engineStrict are set in pnpm-workspace.yaml. Adding them here makes dependency drift fail earlier against the intended 24.11.0 baseline. (pnpm.io)

Suggested change
+nodeVersion: 24.11.0
+engineStrict: true
+
 catalog:
   tsdown: '0.22.3'
   typescript: '5.9.3'
 allowBuilds:
   '`@evilmartians/lefthook`': true
   '`@swc/core`': true
   esbuild: true
   unrs-resolver: true
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pnpm-workspace.yaml` around lines 4 - 11, Mirror the Node 24 baseline in pnpm
workspace settings by updating pnpm-workspace.yaml to enforce the same runtime
used in .nvmrc and package.json. Add the workspace-level Node version pin and
strict engine enforcement so pnpm validates dependencies against 24.11.0 instead
of the contributor’s local Node version. Use the existing workspace config block
near catalog and allowBuilds, and keep the change limited to the pnpm workspace
configuration.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Line 18: The checkout steps in the lint-and-typecheck, test, and build-library
jobs should disable credential persistence because they only perform read-only
work. Update each actions/checkout invocation to set persist-credentials to
false so the auth token is not written into local git config. Use the existing
checkout steps in the workflow as the targets for this change.

In `@packages/react/src/hooks/useYoutubeVideoId.ts`:
- Around line 11-16: The early guard in useYoutubeVideoId is treating empty
strings as missing input, which changes the string branch of YoutubeSource and
bypasses onError for useYouTubeVideoId(''); update the initial check to only
return undefined when source is explicitly undefined, then keep the existing
string handling so '' still flows through the string path and is
validated/error-reported consistently.

---

Nitpick comments:
In `@pnpm-workspace.yaml`:
- Around line 4-11: Mirror the Node 24 baseline in pnpm workspace settings by
updating pnpm-workspace.yaml to enforce the same runtime used in .nvmrc and
package.json. Add the workspace-level Node version pin and strict engine
enforcement so pnpm validates dependencies against 24.11.0 instead of the
contributor’s local Node version. Use the existing workspace config block near
catalog and allowBuilds, and keep the change limited to the pnpm workspace
configuration.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 94032d98-bbe3-47c8-80b9-bea2e05cd0ee

📥 Commits

Reviewing files that changed from the base of the PR and between acc71b1 and 4f188b3.

⛔ Files ignored due to path filters (2)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
  • web/bun.lock is excluded by !**/*.lock
📒 Files selected for processing (16)
  • .github/actions/setup/action.yml
  • .github/workflows/ci.yml
  • .github/workflows/release.yml
  • .nvmrc
  • .oxfmtrc.json
  • .oxlintrc.json
  • example/package.json
  • package.json
  • packages/core/package.json
  • packages/docs/package.json
  • packages/react-native-youtube-bridge/package.json
  • packages/react/package.json
  • packages/react/src/hooks/useYoutubeVideoId.ts
  • packages/web/package.json
  • pnpm-workspace.yaml
  • web/package.json

Comment thread .github/workflows/ci.yml
Comment thread packages/react/src/hooks/useYoutubeVideoId.ts

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4f188b322b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread package.json
Record a patch release for the published React package.

The source normalization changed in useYoutubeVideoId while preserving behavior.

Constraint: Follow-up commit on top of the pushed dependency-upgrade branch.

Confidence: high

Scope-risk: narrow

Tested: pnpm changeset status --since=origin/main

Not-tested: no code changes in this commit
@saseungmin

Copy link
Copy Markdown
Member Author

@codex review

Record the package patch release note for the baseline upgrade.

Covers Node, pnpm, Expo, React Native, TypeScript, and Vite.

Constraint: Follow-up commit on top of the pushed dependency-upgrade branch.

Confidence: high

Scope-risk: narrow

Tested: pnpm changeset status --since=origin/main

Not-tested: no code changes in this commit
Keep the baseline changeset suitable for the generated changelog.

Confidence: high

Scope-risk: narrow

Tested: pnpm changeset status --since=origin/main

Not-tested: no code changes in this commit
@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. More of your lovely PRs please.

Reviewed commit: a7229802f3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@saseungmin saseungmin merged commit 6679a9d into main Jun 26, 2026
5 checks passed
@saseungmin saseungmin deleted the chore/dependency-upgrade-node24-expo56 branch June 26, 2026 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant