Upgrade NodeJS dependencies across workspaces

[data-douser]

Dependency updates:

General tooling and formatting:

• Upgraded eslint to ^10.2.0 and prettier to ^3.8.2 in all relevant package.json files to maintain code style and linting consistency. [1] [2] [3] [4]
• Updated typescript-eslint to ^8.58.1 for improved TypeScript linting support. [1] [2] [3]

Type definitions and testing:

• Bumped @types/node and @types/vscode for better type coverage, and updated @vitest/coverage-v8 and vitest for testing improvements. [1] [2]
• Updated dotenv to ^17.4.1 in both client and server to ensure environment variable management is current. [1] [2]

These changes are routine maintenance to keep dependencies secure and up-to-date, with no functional code changes.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

View full job summary

[Copilot]

Pull request overview

Updates NodeJS dependencies across the repository’s npm workspaces (root, server, client, VS Code extension) to keep tooling, typings, and test dependencies current.

Changes:

• Bump lint/format tooling versions (eslint, prettier, typescript-eslint) across workspaces.
• Update runtime dependency dotenv in server/client.
• Refresh lockfile entries (including vitest/coverage and updated bundled server dist output).

Show a summary per file

File	Description
package.json	Align root dev tooling versions (eslint/prettier/typescript-eslint).
package-lock.json	Regenerate lockfile to reflect updated dependency graph across workspaces.
server/package.json	Update server runtime/dev deps (dotenv, @types/node, vitest stack, eslint/prettier).
server/dist/codeql-development-mcp-server.js	Updated bundled output reflecting dependency changes (notably env injection log text).
client/package.json	Update client deps/tooling (dotenv, eslint, prettier).
extensions/vscode/package.json	Update extension dev deps (including @types/vscode, @types/node, vitest stack, eslint/prettier).

Copilot's findings

Comments suppressed due to low confidence (1)

extensions/vscode/package.json:184

• @types/node is bumped to ^25.6.0 while the extension declares engines.node >=24.13.0. If the extension/server code is meant to run on Node 24, compiling against Node 25 typings can accidentally introduce usage of Node 25-only APIs that will fail at runtime on Node 24. Consider aligning @types/node to the minimum supported Node major (24.x) or raising engines.node if Node 25 is required.

    "@types/node": "^25.6.0",

• Files reviewed: 4/7 changed files
• Comments generated: 2

[Copilot]

Pull request overview

Updates Node.js toolchain requirements and refreshes key Node/TypeScript linting, formatting, and test dependencies across the monorepo workspaces.

Changes:

• Bumped minimum Node.js engine/version references to v25.6.0 across docs, .node-version, and workspace package.json files.
• Upgraded shared dev tooling deps (eslint, prettier, typescript-eslint) and test deps (vitest, @vitest/coverage-v8) across workspaces.
• Regenerated package-lock.json to reflect updated dependency graph for all workspaces.

Show a summary per file

File	Description
server/README.md	Updates documented Node.js prerequisite to v25.6.0+.
server/package.json	Raises Node engine requirement and bumps dotenv/types/lint/test tool versions.
README.md	Updates top-level Node.js environment requirement.
package.json	Raises repo-wide Node engine requirement and bumps root dev tooling versions.
package-lock.json	Updates lockfile to align with dependency upgrades across workspaces.
extensions/vscode/README.md	Updates Node.js prerequisite for the extension docs.
extensions/vscode/package.json	Raises VS Code + Node engine requirements and bumps dev tooling/test deps.
docs/public.md	Updates public install guide to reflect new Node.js minimum.
docs/getting-started.md	Updates getting started guide Node.js prerequisite.
client/package.json	Raises Node engine requirement and bumps dotenv/lint tool versions.
.node-version	Updates pinned Node version to v25.6.0 for CI/dev tooling.

Copilot's findings

• Files reviewed: 10/11 changed files
• Comments generated: 2

[Copilot]

Pull request overview

Updates Node.js/tooling dependencies across the monorepo and raises the minimum supported Node.js version, along with corresponding documentation updates.

Changes:

• Bump minimum Node.js engine/version references from 24.13.0 to 25.6.0 across packages and docs.
• Upgrade lint/format/test toolchain versions (eslint, prettier, typescript-eslint, vitest, typings).
• Refresh lockfile and regenerated server bundled output in server/dist/.

Show a summary per file

File	Description
README.md	Updates documented minimum Node.js version.
.node-version	Pins repo Node.js version to v25.6.0.
package.json	Raises workspace engine requirement; bumps dev tooling versions.
package-lock.json	Lockfile update reflecting dependency/tooling upgrades.
client/package.json	Raises engine requirement; bumps eslint/prettier; bumps dotenv.
server/package.json	Raises engine requirement; bumps eslint/prettier/typescript-eslint/vitest/@types; bumps dotenv.
server/README.md	Updates documented minimum Node.js version for server quick start.
server/dist/codeql-development-mcp-server.js	Regenerated bundled server output after dependency updates.
extensions/vscode/package.json	Raises VS Code + Node engine requirements; bumps dev tooling + typings.
extensions/vscode/README.md	Updates documented minimum Node.js version for the extension.
docs/public.md	Updates public installation guide minimum Node.js version.
docs/getting-started.md	Updates getting-started guide minimum Node.js version.

Copilot's findings

• Files reviewed: 10/13 changed files
• Comments generated: 1