[Deps] Safe patch/minor devDependency refresh (2026-04-17) + Node minimum alignment

[Copilot]

This PR applies the queued safe dependency updates from the dependency monitor run (patch/minor only), aligns lockfile resolution with those versions, and updates the repository’s declared minimum Node.js version to match the new ESLint transitive engine requirements. No major-version jumps were included.

• Scope

  • Updated package.json and package-lock.json for the approved dev dependencies:
    • @eslint/compat: 2.0.3 → 2.0.5
    • @types/node: 25.5.0 → 25.6.0
    • @typescript-eslint/eslint-plugin: 8.57.1 → 8.58.2
    • @typescript-eslint/parser: 8.57.1 → 8.58.2
    • eslint: 10.0.3 → 10.2.1
    • globals: 17.4.0 → 17.5.0
    • ts-jest: 29.4.6 → 29.4.9
    • typescript-eslint: 8.57.1 → 8.58.2

• Review-feedback follow-up

  • Raised engines.node from >=20.12.0 to >=20.19.0 to match effective constraints introduced by updated ESLint packages.
  • Updated Node minimum-version references accordingly in:
    • README.md
    • CONTRIBUTING.md
    • docs/compatibility.md
    • docs/quickstart.md
    • install.sh

• Dependency policy alignment

  • Kept major upgrades intentionally out of scope (chalk, commander, execa, typescript, eslint-plugin-security) per safe-update policy.

• Version declaration example

  {
    "devDependencies": {
      "@eslint/compat": "^2.0.5",
      "@types/node": "^25.6.0",
      "@typescript-eslint/eslint-plugin": "^8.58.2",
      "@typescript-eslint/parser": "^8.58.2",
      "eslint": "^10.2.1",
      "globals": "^17.5.0",
      "ts-jest": "^29.4.9",
      "typescript-eslint": "^8.58.2"
    },
    "engines": {
      "node": ">=20.19.0"
    }
  }

[Copilot]

Pull request overview

This PR refreshes a set of patch/minor devDependency versions and updates package-lock.json to match the new resolution, keeping major upgrades out of scope per the repo’s safe-update policy.

Changes:

• Bump ESLint + TypeScript-ESLint toolchain versions (plugin/parser/typescript-eslint) and related linting deps (globals, @eslint/compat).
• Update Node typings (@types/node) and Jest TS integration (ts-jest).
• Regenerate package-lock.json to reflect the updated dependency graph.

Show a summary per file

File	Description
package.json	Updates devDependency version ranges for lint/test/type tooling.
package-lock.json	Updates resolved versions/integrities and transitive dependencies for the bumped toolchain.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/2 changed files
• Comments generated: 1

[Copilot]

Bumping eslint to ^10.2.1 also bumps transitive @eslint/* packages whose engines.node is ^20.19.0 || ^22.13.0 || >=24 (per the updated lockfile). That makes the effective minimum Node version for npm install/linting higher than the repo’s declared engines.node: ">=20.12.0" and the docs that reference 20.12+. Consider either (a) raising engines.node (and any version docs) to >=20.19.0, or (b) pinning eslint/@eslint/* to versions that still support Node 20.12.x so the stated minimum remains accurate.

[lpcox]

@copilot address this review feedback #2075 (review)

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	84.33%	84.41%	📈 +0.08%
Statements	83.56%	83.64%	📈 +0.08%
Functions	87.39%	87.39%	➡️ +0.00%
Branches	74.78%	74.82%	📈 +0.04%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	86.8% → 87.1% (+0.30%)	86.4% → 86.7% (+0.29%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

@copilot address this review feedback #2075 (review)

Addressed in commit 29f724c. I raised engines.node to >=20.19.0 and aligned all Node minimum-version references in docs/install logic to match, then re-ran lint/build/tests and validation checks. No UI changes were made (no screenshot applicable).

[github-actions]

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit 6d1c88a

[github-actions]

🔥 Smoke Test: Copilot BYOK (Offline) Mode

Test	Result
GitHub MCP (list merged PRs → #2066 "[awf] API proxy: correct OpenAI base URL injection...")	✅
GitHub.com connectivity	✅
File write/read (smoke-test-copilot-byok-24610775072.txt)	✅
BYOK inference (agent → api-proxy → api.githubcopilot.com)	✅

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com

Overall: PASS — Author: @app/copilot-swe-agent | Assignees: @lpcox @Copilot

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

Smoke Test Results

✅ GitHub MCP: #2066, #2065
✅ Playwright: Page title verified
✅ File Writing: Test file created
✅ Bash Testing: File verification passed

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

🔥 Smoke Test Results

Test	Status
GitHub MCP (list merged PRs) — "[awf] API proxy: correct OpenAI base URL injection..."	✅
GitHub.com connectivity	✅
File write/read (smoke-test-copilot-24610775082.txt)	✅

Overall: PASS

PR by @app/copilot-swe-agent · Assignees: @lpcox, @Copilot

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	❌	N/A	❌ FAIL
Bun	hono	❌	N/A	❌ FAIL
C++	fmt	❌	N/A	❌ FAIL
C++	json	❌	N/A	❌ FAIL
Deno	oak	❌	N/A	❌ FAIL
Deno	std	❌	N/A	❌ FAIL
.NET	hello-world	❌	N/A	❌ FAIL
.NET	json-parse	❌	N/A	❌ FAIL
Go	color	❌	N/A	❌ FAIL
Go	env	❌	N/A	❌ FAIL
Go	uuid	❌	N/A	❌ FAIL
Java	gson	❌	N/A	❌ FAIL
Java	caffeine	❌	N/A	❌ FAIL
Node.js	clsx	❌	N/A	❌ FAIL
Node.js	execa	❌	N/A	❌ FAIL
Node.js	p-limit	❌	N/A	❌ FAIL
Rust	fd	❌	N/A	❌ FAIL
Rust	zoxide	❌	N/A	❌ FAIL

Overall: 0/8 ecosystems passed — ❌ FAIL

---

❌ ALL_CLONES_FAILED

All repository clones failed with the following error:

remote: access denied: unrecognized endpoint
fatal: unable to access '(localhost/redacted) The requested URL returned error: 403
failed to run git: exit status 128

The gh CLI proxy sidecar does not support cloning external repositories (only the current repository github/gh-aw-firewall is accessible). All 8 test ecosystems (Bun, C++, Deno, .NET, Go, Java, Node.js, Rust) could not be tested because their source repositories are unreachable in this environment.

Generated by Build Test Suite for issue #2075 · ● 126.3K · ◷

[github-actions]

Smoke Test: GitHub Actions Services Connectivity ✅

Check	Status
Redis ping (host.docker.internal:6379)	✅ PONG
PostgreSQL ready (host.docker.internal:5432)	✅ accepting connections
PostgreSQL query (SELECT 1 on smoketest db)	✅ returned 1

All checks succeeded.

🔌 Service connectivity validated by Smoke Services

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌
Node.js	v24.14.1	v20.20.2	❌
Go	go1.22.12	go1.22.12	✅

Overall: ❌ FAILED — Python and Node.js versions differ between host and chroot.

Tested by Smoke Chroot