fix(deps): fix deps vulnerabilities (flatted, undici, etc.)

[timoa]

Description

Fix the following dependency vulnerabilities:

• flatted >=3.4.0
• undici >=7.24.0

Type of change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that changes existing behaviour)
• Documentation update
• Refactor/code quality improvement
• Dependency update

Checklist

Code quality

• My commit messages follow Conventional Commits (e.g. feat:, fix:, docs:, chore:)
• I have not introduced any TypeScript types without justification
• I have not left debug code, console.log, or commented-out blocks

Testing

• I have tested the changes locally by pressing F5 in VSCode to launch the Extension Development Host
• I have run pnpm test, and all tests pass
• I have run pnpm lint, and there are no lint errors
• I have added or updated tests to cover my changes (if applicable)

Build & compatibility

• I have run pnpm run compile and pnpm run webpack without errors
• The extension works in VSCode (and ideally Cursor/Windsurf)

Documentation

• I have updated the README.md if my change adds a new feature, keyboard shortcut, or changes existing behaviour
• I have updated or added JSDoc comments for non-obvious logic (if applicable)

Screenshots/recordings

Summary by CodeRabbit

• Chores
  • Strengthened development environment by implementing additional code quality linting rules to enhance standards and improve identification of potential issues during development.
  • Updated project dependency configurations and added new version constraints to ensure long-term compatibility, stability, and security standards across development tooling and infrastructure dependencies.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6c9809e9-313a-45bf-a220-2fe5e0c8e1ca

📥 Commits

Reviewing files that changed from the base of the PR and between 38782c8 and 8b93442.

⛔ Files ignored due to path filters (3)

• media/main.css.map is excluded by !**/*.map
• media/main.js.map is excluded by !**/*.map
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• eslint.config.mjs
• media/main.js
• package.json

---

📝 Walkthrough

Walkthrough

Extended ESLint configuration with new React/Hooks linting rules (set-state-in-effect, immutability, only-export-components) and added VSCode test directory to ignores. Updated package.json with pnpm dependency overrides for ESLint, flatted, and undici packages.

Changes

Cohort / File(s)	Summary
ESLint Configuration eslint.config.mjs	Added ".vscode-test" to ignores array and three new React/Hooks linting rules: set-state-in-effect, immutability, and only-export-components (with allowConstantExport option).
Package Dependencies package.json	Added three pnpm.overrides entries: eslint>ajv (6.14.0), flatted (>=3.4.0), and undici (>=7.24.0).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix(deps): fix Underscore vulnerability #83: Modifies pnpm.overrides in package.json to address dependency vulnerabilities.

Suggested labels

dependencies

Poem

🐰 Hops with glee at configs new,
React hooks rules, both tried and true,
Dependencies tamed with overrides fine,
Security paths now safely align! ✨

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/deps-vulnerabilities

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🩺 React Doctor

react-doctor v0.0.30

�[32m✔�[39m Select projects to scan �[2m›�[22m workflow-visual-editor
�[33mNo feature branch or uncommitted changes detected. Running full scan.�[39m

�[2mScanning /home/runner/work/workflow-editor/workflow-editor...�[22m


  �[33m⚠�[39m Array index "i" used as key — causes bugs when list is reordered or filtered�[33m (12)�[39m
�[2m    Use a stable unique identifier: `key={item.id}` or `key={item.slug}` — index keys break on reorder/filter�[22m
�[2m    src/webview/components/TriggerBadge.tsx: 64�[22m
�[2m    src/App.tsx: 632�[22m
�[2m    src/components/TriggerNode.tsx: 26�[22m
�[2m    src/components/JobPropertyPanel.tsx: 916�[22m
�[2m    src/components/SourceCodeDialog.tsx: 206�[22m
�[2m    src/webview/components/TriggerNode.tsx: 26�[22m
�[2m    src/webview/components/JobPropertyPanel.tsx: 916�[22m
�[2m    src/webview/App.tsx: 649�[22m
�[2m    src/webview/components/SourceCodeDialog.tsx: 220�[22m
�[2m    src/components/TriggerPropertyPanel.tsx: 144�[22m
�[2m    src/components/TriggerBadge.tsx: 64�[22m
�[2m    src/webview/components/TriggerPropertyPanel.tsx: 144�[22m

  �[33m⚠�[39m Enforce a clickable non-interactive element has at least one keyboard event listener.�[33m (20)�[39m
�[2m    Visible, non-interactive elements with click handlers must have one of `keyup`, `keydown`, or `keypress` listener.�[22m
�[2m    src/App.tsx: 489�[22m
�[2m    src/components/PasteYamlDialog.tsx: 21, 28�[22m
�[2m    src/components/JobPropertyPanel.tsx: 1048�[22m
�[2m    src/components/SourceCodeDialog.tsx: 146, 153�[22m
�[2m    src/components/ConfirmDialog.tsx: 30, 37�[22m
�[2m    src/webview/components/PasteYamlDialog.tsx: 21, 28�[22m
�[2m    src/components/RunScriptDialog.tsx: 111, 118�[22m
�[2m    src/webview/components/JobPropertyPanel.tsx: 1048�[22m
�[2m    src/webview/App.tsx: 533�[22m
�[2m    src/webview/components/SourceCodeDialog.tsx: 160, 167�[22m
�[2m    src/webview/components/ConfirmDialog.tsx: 30, 37�[22m
�[2m    src/webview/components/RunScriptDialog.tsx: 123, 130�[22m

  �[33m⚠�[39m Component "AppInner" has 11 useState calls — consider useReducer for related state�[33m (4)�[39m
�[2m    Group related state: `const [state, dispatch] = useReducer(reducer, { field1, field2, ... })`�[22m
�[2m    src/App.tsx: 56�[22m
�[2m    src/components/JobPropertyPanel.tsx: 48�[22m
�[2m    src/webview/components/JobPropertyPanel.tsx: 48�[22m
�[2m    src/webview/App.tsx: 56�[22m

  �[33m⚠�[39m Component "AppInner" is 666 lines — consider breaking it into smaller focused components�[33m (6)�[39m
�[2m    Extract logical sections into focused components: `<UserHeader />`, `<UserActions />`, etc.�[22m
�[2m    src/App.tsx: 56�[22m
�[2m    src/components/JobPropertyPanel.tsx: 42�[22m
�[2m    src/webview/components/JobPropertyPanel.tsx: 42�[22m
�[2m    src/webview/App.tsx: 56�[22m
�[2m    src/components/TriggerPropertyPanel.tsx: 48�[22m
�[2m    src/webview/components/TriggerPropertyPanel.tsx: 48�[22m

  �[33m⚠�[39m Static HTML elements with event handlers require a role.�[33m (10)�[39m
�[2m    Add a role attribute to this element, or use a semantic HTML element instead.�[22m
�[2m    src/components/PasteYamlDialog.tsx: 28�[22m
�[2m    src/components/JobPropertyPanel.tsx: 1048�[22m
�[2m    src/components/SourceCodeDialog.tsx: 153�[22m
�[2m    src/components/ConfirmDialog.tsx: 37�[22m
�[2m    src/webview/components/PasteYamlDialog.tsx: 28�[22m
�[2m    src/components/RunScriptDialog.tsx: 118�[22m
�[2m    src/webview/components/JobPropertyPanel.tsx: 1048�[22m
�[2m    src/webview/components/SourceCodeDialog.tsx: 167�[22m
�[2m    src/webview/components/ConfirmDialog.tsx: 37�[22m
�[2m    src/webview/components/RunScriptDialog.tsx: 130�[22m

  �[33m⚠�[39m A form label must be associated with a control.�[33m (49)�[39m
�[2m    Either give the label a `htmlFor` attribute with the id of the associated control, or wrap the label around the control.�[22m
�[2m    src/components/JobPropertyPanel.tsx: 205, 217, 224, 282, 364, 406, 431, 499, 778, 816, 882, 905, 946�[22m
�[2m    src/webview/components/JobPropertyPanel.tsx: 205, 217, 224, 282, 364, 406, 431, 499, 778, 816, 882, 905, 946�[22m
�[2m    src/components/WorkflowPropertyPanel.tsx: 71, 81, 92�[22m
�[2m    src/components/TriggerPropertyPanel.tsx: 130, 158, 175, 219, 263, 325, 369, 414�[22m
�[2m    src/webview/components/WorkflowPropertyPanel.tsx: 71, 81, 92�[22m
�[2m    src/webview/components/TriggerPropertyPanel.tsx: 130, 158, 175, 219, 263, 325, 369, 414, 432�[22m

  �[33m⚠�[39m 4 setState calls in a single useEffect — consider using useReducer or deriving state�[33m (3)�[39m
�[2m    Combine into useReducer: `const [state, dispatch] = useReducer(reducer, initialState)`�[22m
�[2m    src/components/JobPropertyPanel.tsx: 143�[22m
�[2m    src/webview/components/JobPropertyPanel.tsx: 143�[22m
�[2m    src/webview/App.tsx: 105�[22m

  �[33m⚠�[39m "@codemirror/view" is a heavy library — use React.lazy() or next/dynamic for code splitting�[33m (8)�[39m
�[2m    Use `const Component = dynamic(() => import('library'), { ssr: false })` from next/dynamic or React.lazy()�[22m
�[2m    src/components/SourceCodeDialog.tsx: 2, 3�[22m
�[2m    src/components/RunScriptDialog.tsx: 2, 3�[22m
�[2m    src/webview/components/SourceCodeDialog.tsx: 2, 3�[22m
�[2m    src/webview/components/RunScriptDialog.tsx: 2, 3�[22m

  �[2m┌────────────────────────────────────────────────────┐�[22m
  �[2m│�[22m �[32m┌─────┐�[39m                                            �[2m│�[22m
  �[2m│�[22m �[32m│ ◠ ◠ │�[39m                                            �[2m│�[22m
  �[2m│�[22m �[32m│  ▽  │�[39m                                            �[2m│�[22m
  �[2m│�[22m �[32m└─────┘�[39m                                            �[2m│�[22m
  �[2m│�[22m React Doctor �[2m(www.react.doctor)�[22m                    �[2m│�[22m
  �[2m│�[22m                                                    �[2m│�[22m
  �[2m│�[22m �[32m94�[39m / 100  �[32mGreat�[39m                                    �[2m│�[22m
  �[2m│�[22m                                                    �[2m│�[22m
  �[2m│�[22m �[32m███████████████████████████████████████████████�[39m�[2m░░░�[22m �[2m│�[22m
  �[2m│�[22m                                                    �[2m│�[22m
  �[2m│�[22m �[33m⚠ 112 warnings�[39m  �[2macross 20/71 files�[22m  �[2min 715ms�[22m       �[2m│�[22m
  �[2m└────────────────────────────────────────────────────┘�[22m

�[2m  Full diagnostics written to /tmp/react-doctor-7bd720d7-7754-4ea4-84d4-f8721147fa88�[22m

�[2m  Share your results: �[36mhttps://www.react.doctor/share?p=workflow-visual-editor&s=94&w=112&f=20�[39m�[22m

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.13%. Comparing base (e231975) to head (8b93442).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #111   +/-   ##
=======================================
  Coverage   94.13%   94.13%           
=======================================
  Files          10       10           
  Lines         290      290           
  Branches      105      105           
=======================================
  Hits          273      273           
  Misses          1        1           
  Partials       16       16           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[timoa]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[timoa-bot]

🎉 This PR is included in version 1.2.42 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀