chore(deps): march updates

[basmasking]

Fixes #755

Changes proposed in this pull request:

• dependency updates for the packages
• dependency updates for the website

@MaskingTechnology/jitar

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

Summary by CodeRabbit

• Chores
  • Updated development dependencies including ESLint, TypeScript, Vitest, Rollup, and other build tooling to latest stable versions
  • Bumped all package versions to 0.10.7
  • Added explicit Node.js version compatibility requirements

Walkthrough

Repository-wide version bumps and dev-dependency updates; added root engines field. Two small code tweaks: remove a local token reassignment in packages/analysis/src/static/Parser.ts and replace context.getSourceCode() with context.sourceCode in tools/eslint-plugin/index.js.

Changes

Cohort / File(s)	Summary
Root / Workspace manifests package.json, website/package.json	Bumped root package version and multiple devDependencies (@eslint/js, eslint, @typescript-eslint/eslint-plugin, vitest, @vitest/coverage-v8, turbo, rimraf); added engines field to root package.json.
All package manifests packages/*/package.json, tools/eslint-plugin/package.json	Version bump from 0.10.6 → 0.10.7 across many packages.
packages/jitar & packages/sourcing packages/jitar/package.json, packages/sourcing/package.json	Updated dotenv, glob, and rollup/terser-related dev deps in packages/jitar; glob updated in packages/sourcing.
packages/configuration packages/configuration/package.json	Updated dotenv 17.2.4 → 17.3.1.
Lint/plugin code tools/eslint-plugin/index.js	Switched usage from context.getSourceCode() to context.sourceCode.
Parser logic packages/analysis/src/static/Parser.ts	Removed local token reassignment when advancing tokenList (now calls tokenList.step() without reassigning).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• chore(deps): october update #696 — Overlapping devDependency updates for ESLint-related tooling.
• chore(deps): april updates #633 — Prior repository-wide dependency bumps for eslint/vitest/@typescript-eslint and related packages.
• chore: simplify development setup #751 — Changes touching the same packages/analysis/src/static/Parser.ts file.

Poem

🐰 I hopped through package.json rows,

nudged versions where the wild breeze blows,
spared a token, swapped a tiny call,
tidy hops across the monorepo hall,
carrots and commits — hooray for small!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	❓ Inconclusive	Most changes are in-scope dependency updates; however, the modification in Parser.ts (tokenList.step() without assignment) appears unrelated to dependency management and requires clarification.	Verify whether the Parser.ts change is intentional and related to issue #755, or if it was included unintentionally. If unintended, remove it from this PR.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change as dependency updates scheduled for March, which aligns with the changeset of version bumps and dependency updates across all packages.
Description check	✅ Passed	The description follows the repository template with issue reference (#755), lists the proposed changes (dependency updates), and includes the team mention. All required sections are present and appropriately filled.
Linked Issues check	✅ Passed	The PR addresses issue #755 (March update of dependencies) with comprehensive version bumps across all packages and devDependency updates, meeting the linked issue's objective of dependency updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can disable sequence diagrams in the walkthrough.

Disable the reviews.sequence_diagrams setting to disable sequence diagrams in the walkthrough.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 27: Add a top-level "engines" field to package.json to enforce the
Node.js minimum required for ESLint 10 (e.g. set node >=20.19.0), so CI and
contributors use a compatible runtime; update the root package.json by adding
the engines object (key "node") and ensure this change is committed alongside
the existing eslint.config.mjs and tools/eslint-plugin/index.js updates so the
monorepo enforces the Node requirement.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 3912effb-10d0-4031-aa11-1eccd4fde62b

📥 Commits

Reviewing files that changed from the base of the PR and between 1a30f55 and fa9c46d.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

[coderabbitai]

♻️ Duplicate comments (1)

package.json (1)

40-42: ⚠️ Potential issue | 🟠 Major

Tighten the Node engines floor to match ESLint 10 requirements.

Line 41 currently allows Node ranges that may be below ESLint 10’s supported minimum, which can produce install/lint failures on valid-by-engine environments.

💡 Suggested change

   "engines": {
-    "node": "^20.17.0 || >=22.9.0"
+    "node": "^20.19.0 || >=22.13.0"
   },

For ESLint v10.0.3, what Node.js versions are officially supported (minimum versions for Node 20.x and 22.x)?

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 40 - 42, The package.json "engines.node" range is
too permissive for ESLint v10; update the "engines.node" value (the engines.node
field) to the minimum Node versions required by ESLint v10.0.3 — set the Node 20
floor to 20.22.0 and ensure Node 22 is >=22.9.0 (e.g. "engines": { "node":
">=20.22.0 || >=22.9.0" }) so the declared engine range matches ESLint 10’s
supported minimums.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 40-42: The package.json "engines.node" range is too permissive for
ESLint v10; update the "engines.node" value (the engines.node field) to the
minimum Node versions required by ESLint v10.0.3 — set the Node 20 floor to
20.22.0 and ensure Node 22 is >=22.9.0 (e.g. "engines": { "node": ">=20.22.0 ||
>=22.9.0" }) so the declared engine range matches ESLint 10’s supported
minimums.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1c1631c9-c413-432e-960b-dc07f785afeb

📥 Commits

Reviewing files that changed from the base of the PR and between fa9c46d and a126f66.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
1 Accepted issue

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud