chore: modernize dependency baseline around Expo 56#90
Conversation
Move the repo onto Node 24 and pnpm 11. Keep the Expo example on the Expo 56 compatibility axis. Centralize TypeScript 5.9.3 through the pnpm catalog. Keep the top-level Bun web app on its separate lockfile boundary. Constraint: Expo 56 compatibility determines the React Native baseline. Constraint: TypeScript stays on latest 5.x, not TypeScript 6. Constraint: top-level web/ stays outside the pnpm workspace. Rejected: Chase React Native 0.86 | diverges from the Expo 56 matrix. Rejected: Mutable GitHub Action tags | SHA pins strengthen CI review. Confidence: high Scope-risk: broad Reversibility: clean Directive: Check Expo and TypeScript compatibility before major bumps. Tested: pnpm run lint:ci; pnpm run format:check; pnpm run typecheck Tested: pnpm run test --maxWorkers=2; pnpm run build Tested: pnpm --filter example exec expo install --check Tested: pnpm --filter example run web:build; bun run build in web/ Tested: GitHub workflow YAML parsing Not-tested: native device or emulator runtime smoke test
🦋 Changeset detectedLatest commit: 94a8256 The changes in this PR will be included in the next version bump. This PR includes changesets to release 4 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Warning Review limit reached
More reviews will be available in 20 minutes and 43 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
📝 WalkthroughWalkthroughThe PR updates workflow action pins, repository Node and pnpm settings, formatter/lint configuration, and dependency versions across several package manifests. It also refactors ChangesToolchain and dependency refresh
YouTube hook normalization
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Deploying react-native-youtube-bridge-example with
|
| Latest commit: |
94a8256
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://49a0e935.react-native-youtube-bridge-example.pages.dev |
| Branch Preview URL: | https://chore-dependency-upgrade-nod.react-native-youtube-bridge-example.pages.dev |
Deploying react-native-youtube-bridge with
|
| Latest commit: |
4f188b3
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://92491427.react-native-youtube-bridge.pages.dev |
| Branch Preview URL: | https://chore-dependency-upgrade-nod.react-native-youtube-bridge.pages.dev |
Deploying react-native-youtube-bridge-docs with
|
| Latest commit: |
4f188b3
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://13ce297a.react-native-youtube-bridge-docs.pages.dev |
| Branch Preview URL: | https://chore-dependency-upgrade-nod.react-native-youtube-bridge-docs.pages.dev |
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
pnpm-workspace.yaml (1)
4-11: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick winMirror the Node 24 baseline in pnpm's workspace config.
The repo now declares Node 24 in
.nvmrcandpackage.json, but pnpm still checks dependency engines against the contributor's local runtime unlessnodeVersionandengineStrictare set inpnpm-workspace.yaml. Adding them here makes dependency drift fail earlier against the intended 24.11.0 baseline. (pnpm.io)Suggested change
+nodeVersion: 24.11.0 +engineStrict: true + catalog: tsdown: '0.22.3' typescript: '5.9.3' allowBuilds: '`@evilmartians/lefthook`': true '`@swc/core`': true esbuild: true unrs-resolver: true🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pnpm-workspace.yaml` around lines 4 - 11, Mirror the Node 24 baseline in pnpm workspace settings by updating pnpm-workspace.yaml to enforce the same runtime used in .nvmrc and package.json. Add the workspace-level Node version pin and strict engine enforcement so pnpm validates dependencies against 24.11.0 instead of the contributor’s local Node version. Use the existing workspace config block near catalog and allowBuilds, and keep the change limited to the pnpm workspace configuration.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/ci.yml:
- Line 18: The checkout steps in the lint-and-typecheck, test, and build-library
jobs should disable credential persistence because they only perform read-only
work. Update each actions/checkout invocation to set persist-credentials to
false so the auth token is not written into local git config. Use the existing
checkout steps in the workflow as the targets for this change.
In `@packages/react/src/hooks/useYoutubeVideoId.ts`:
- Around line 11-16: The early guard in useYoutubeVideoId is treating empty
strings as missing input, which changes the string branch of YoutubeSource and
bypasses onError for useYouTubeVideoId(''); update the initial check to only
return undefined when source is explicitly undefined, then keep the existing
string handling so '' still flows through the string path and is
validated/error-reported consistently.
---
Nitpick comments:
In `@pnpm-workspace.yaml`:
- Around line 4-11: Mirror the Node 24 baseline in pnpm workspace settings by
updating pnpm-workspace.yaml to enforce the same runtime used in .nvmrc and
package.json. Add the workspace-level Node version pin and strict engine
enforcement so pnpm validates dependencies against 24.11.0 instead of the
contributor’s local Node version. Use the existing workspace config block near
catalog and allowBuilds, and keep the change limited to the pnpm workspace
configuration.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 94032d98-bbe3-47c8-80b9-bea2e05cd0ee
⛔ Files ignored due to path filters (2)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yamlweb/bun.lockis excluded by!**/*.lock
📒 Files selected for processing (16)
.github/actions/setup/action.yml.github/workflows/ci.yml.github/workflows/release.yml.nvmrc.oxfmtrc.json.oxlintrc.jsonexample/package.jsonpackage.jsonpackages/core/package.jsonpackages/docs/package.jsonpackages/react-native-youtube-bridge/package.jsonpackages/react/package.jsonpackages/react/src/hooks/useYoutubeVideoId.tspackages/web/package.jsonpnpm-workspace.yamlweb/package.json
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4f188b322b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Record a patch release for the published React package. The source normalization changed in useYoutubeVideoId while preserving behavior. Constraint: Follow-up commit on top of the pushed dependency-upgrade branch. Confidence: high Scope-risk: narrow Tested: pnpm changeset status --since=origin/main Not-tested: no code changes in this commit
|
@codex review |
Record the package patch release note for the baseline upgrade. Covers Node, pnpm, Expo, React Native, TypeScript, and Vite. Constraint: Follow-up commit on top of the pushed dependency-upgrade branch. Confidence: high Scope-risk: narrow Tested: pnpm changeset status --since=origin/main Not-tested: no code changes in this commit
Keep the baseline changeset suitable for the generated changelog. Confidence: high Scope-risk: narrow Tested: pnpm changeset status --since=origin/main Not-tested: no code changes in this commit
|
Codex Review: Didn't find any major issues. More of your lovely PRs please. Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Move the repo onto Node 24 and pnpm 11.
Keep the Expo example on the Expo 56 compatibility axis.
Centralize TypeScript 5.9.3 through the pnpm catalog.
Keep the top-level Bun web app on its separate lockfile boundary.
Summary by CodeRabbit