[pull] master from diygod:master

.github/dependabot.yml

@@ -35,6 +35,7 @@ updates:
                   - '@oxlint/*'
                   - 'oxfmt'
                   - 'oxlint'
+                  - 'oxlint-plugin-eslint'
                   - 'oxlint-tsgolint'
           proxy-agent:
               patterns:
@@ -45,6 +46,15 @@ updates:
               patterns:
                   - '@typescript-eslint/*'
 
+    - package-ecosystem: 'nix'
+      directory: '/'
+      schedule:
+          interval: daily
+          time: '08:00'
+      open-pull-requests-limit: 100
+      labels:
+          - dependencies
+
     - package-ecosystem: 'github-actions'
       directory: '/'
       schedule:

.github/workflows/comment-on-issue.yml

@@ -22,7 +22,7 @@ jobs:
             - name: Install dependencies (pnpm) # import remark-parse and unified
               run: pnpm i
             - name: Generate feedback
-              uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
               with:
                   github-token: ${{ secrets.GITHUB_TOKEN }}
                   script: |

.github/workflows/docker-release.yml

@@ -74,13 +74,13 @@ jobs:
               uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
 
             - name: Log in to Docker Hub
-              uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
               with:
                   username: ${{ vars.DOCKER_USERNAME }}
                   password: ${{ secrets.DOCKER_PASSWORD }}
 
             - name: Log in to the Container registry
-              uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
               with:
                   registry: ghcr.io
                   username: ${{ github.actor }}
@@ -207,13 +207,13 @@ jobs:
               uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
 
             - name: Log in to Docker Hub
-              uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
               with:
                   username: ${{ vars.DOCKER_USERNAME }}
                   password: ${{ secrets.DOCKER_PASSWORD }}
 
             - name: Log in to the Container registry
-              uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
               with:
                   registry: ghcr.io
                   username: ${{ github.actor }}

.github/workflows/docker-test-cont.yml

@@ -58,7 +58,7 @@ jobs:
 
             - name: Fetch affected routes
               id: fetch-route
-              uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
               env:
                   PULL_REQUEST: ${{ steps.pr-data.outputs.data }}
               with:
@@ -74,7 +74,7 @@ jobs:
 
             - name: Fetch Docker image
               if: (env.TEST_CONTINUE)
-              uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19
+              uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
               with:
                   workflow: ${{ github.event.workflow_run.workflow_id }}
                   run_id: ${{ github.event.workflow_run.id }}
@@ -127,7 +127,7 @@ jobs:
               if: (env.TEST_CONTINUE)
               id: generate-feedback
               timeout-minutes: 10
-              uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
               env:
                   TEST_BASEURL: http://localhost:1200
                   TEST_ROUTES: ${{ steps.fetch-route.outputs.result }}

.github/workflows/issue-command.yml

@@ -81,7 +81,7 @@ jobs:
 
             - name: Fetch affected routes
               id: fetch-route
-              uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
               env:
                   EVENT: ${{ toJson(github.event) }}
               with:
@@ -109,7 +109,7 @@ jobs:
 
             - name: Generate feedback
               if: env.TEST_CONTINUE
-              uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
               env:
                   TEST_BASEURL: http://localhost:1200
                   TEST_ROUTES: ${{ steps.fetch-route.outputs.result }}

.github/workflows/pr-review.yml

@@ -134,6 +134,20 @@ jobs:
                   - Otherwise create a new PR comment.
                   - If there are no findings and marker comment exists, edit marker comment to a short pass status.
 
+                  gh command reference (PR_NUMBER and GITHUB_REPOSITORY are available as env vars):
+                  - Create a new PR comment:
+                      gh pr comment \"\$PR_NUMBER\" --repo \"\$GITHUB_REPOSITORY\" --body \"<!-- pr-auto-review -->
+                      ## Auto Review
+                      ...\"
+                  - List existing marker comments to find the one to update:
+                      gh pr view \"\$PR_NUMBER\" --repo \"\$GITHUB_REPOSITORY\" --json comments \\
+                        --jq '.comments[] | select(.body | startswith(\"<!-- pr-auto-review -->\")) | {id: .id, body: .body}'
+                  - Update an existing marker comment (use the numeric id from the URL, not the node id):
+                      gh api \"repos/\$GITHUB_REPOSITORY/issues/comments/<comment_id>\" -X PATCH -f body=\"<!-- pr-auto-review -->
+                      ## Auto Review
+                      ...\"
+                  - Prefer --body-file - with a heredoc when the body contains quotes or many lines.
+
                   Suggested comment format:
                   <!-- pr-auto-review -->
                   ## Auto Review

.github/workflows/test.yml

@@ -145,7 +145,7 @@ jobs:
             pull-requests: write
             contents: write
         steps:
-            - uses: fastify/github-action-merge-dependabot@1b2ed42db8f9d81a46bac83adedfc03eb5149dff # v3.11.2
+            - uses: fastify/github-action-merge-dependabot@30c3f8f14a4f7b315ba38dbc1b793d27128fef82 # v3.12.0
               with:
                   github-token: ${{ secrets.GITHUB_TOKEN }}
                   target: patch

.github/workflows/update-nix-hash.yml

@@ -5,7 +5,7 @@ on:
         branches:
             - master
         paths:
-            - 'pnpm-lock.yaml'
+            - 'flake.lock'
 
 permissions:
     contents: write
@@ -20,9 +20,11 @@ jobs:
             - name: Checkout
               uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
             - name: Install Nix
-              uses: cachix/install-nix-action@96951a368ba55167b55f1c916f7d416bac6505fe # v31.10.3
+              uses: cachix/install-nix-action@616559265b40713947b9c190a8ff4b507b5df49b # v31.10.4
               with:
                   nix_path: nixpkgs=channel:nixos-unstable
+            - name: Cache Nix store
+              uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13
 
             - name: Update Nix flake hash
               id: update-hash
@@ -47,7 +49,7 @@ jobs:
                   fi
 
                   # Update with correct hash
-                  sed -i "s/hash = \"sha256-[^\"]*\";/hash = \"sha256-$NEW_HASH\";/" flake.nix
+                  sed -i "s#hash = \"sha256-[^\"]*\";#hash = \"sha256-$NEW_HASH\";#" flake.nix
 
                   if [ "$CURRENT_HASH" = "$NEW_HASH" ]; then
                       echo "Hash unchanged"

.oxlintrc.json

@@ -12,11 +12,12 @@
     },
     "plugins": ["eslint", "typescript", "node", "unicorn", "import"],
     "jsPlugins": [
-        "@stylistic/eslint-plugin",
         { "name": "import-x-js", "specifier": "eslint-plugin-import-x" },
         { "name": "n", "specifier": "eslint-plugin-n" },
         { "name": "unicorn-js", "specifier": "eslint-plugin-unicorn" },
+        "@stylistic/eslint-plugin",
         "eslint-plugin-simple-import-sort",
+        "oxlint-plugin-eslint",
         "./eslint-plugins/no-then.js",
         "./eslint-plugins/nsfw-flag.js"
     ],
@@ -325,27 +326,60 @@
             }
         ],
 
-        // "no-implicit-globals": "error", // not yet implemented
+        "eslint-js/no-implicit-globals": "error", // use jsPlugins
         "no-labels": "error",
         "no-lonely-if": "error",
         "no-multi-str": "error",
         "no-new-func": "error",
+
+        "eslint-js/no-restricted-syntax": [
+            "error", // use jsPlugins
+            {
+                "selector": "CallExpression[callee.property.name='get'][arguments.length=0]",
+                "message": "Please use .toArray() instead."
+            },
+            {
+                "selector": "CallExpression[callee.property.name='toArray'] MemberExpression[object.callee.property.name='map']",
+                "message": "Please use .toArray() before .map()."
+            },
+            {
+                "selector": "CallExpression[callee.property.name=\"catch\"] > ArrowFunctionExpression[params.length=0][body.value=null]",
+                "message": "Usage of .catch(() => null) is not allowed. Please handle the error appropriately."
+            },
+            {
+                "selector": "CallExpression[callee.property.name=\"catch\"] > ArrowFunctionExpression[params.length=0][body.type=\"Identifier\"][body.name=\"undefined\"]",
+                "message": "Usage of .catch(() => undefined) is not allowed. Please handle the error appropriately."
+            },
+            {
+                "selector": "CallExpression[callee.property.name=\"catch\"] > ArrowFunctionExpression[params.length=0] > ArrayExpression[elements.length=0]",
+                "message": "Usage of .catch(() => []) is not allowed. Please handle the error appropriately."
+            },
+            {
+                "selector": "CallExpression[callee.property.name=\"catch\"] > ArrowFunctionExpression[params.length=0] > BlockStatement[body.length=0]",
+                "message": "Usage of .catch(() => {}) is not allowed. Please handle the error appropriately."
+            },
+            {
+                "selector": "CallExpression[callee.name=\"load\"] AwaitExpression > CallExpression",
+                "message": "Do not use await in call expressions. Extract the result into a variable first."
+            }
+        ],
+
         "no-unneeded-ternary": "error",
         "no-useless-computed-key": "error",
         "no-useless-concat": "warn",
         "no-useless-rename": "error",
         "no-var": "error",
-        // "object-shorthand": "error", // not yet implemented
-        // "prefer-arrow-callback'": "error", // not yet implemented
+        "eslint-js/object-shorthand": "error", // use jsPlugins
+        "eslint-js/prefer-arrow-callback": "error", // use jsPlugins
         "prefer-const": "error",
         "prefer-object-has-own": "error",
+        "eslint-js/prefer-regex-literals": [
+            "error", // use jsPlugins
+            {
+                "disallowRedundantWrapping": true
+            }
+        ],
         "require-await": "error",
-        // "prefer-regex-literals": [ // not yet implemented
-        //     "error",
-        //     {
-        //         "disallowRedundantWrapping": true
-        //     }
-        // ],
         // #endregion
 
         // #region --- TypeScript ---
@@ -354,6 +388,7 @@
         "@typescript-eslint/ban-ts-comment": "off",
         "@typescript-eslint/consistent-indexed-object-style": "off", // stylistic
         "@typescript-eslint/consistent-type-definitions": "off", // stylistic
+        "@typescript-eslint/dot-notation": "error", // type-aware
         "@typescript-eslint/no-empty-function": "off", // stylistic && tests
         "@typescript-eslint/no-explicit-any": "off",
 
@@ -397,6 +432,7 @@
         "unicorn/no-null": "off",
         "unicorn/no-object-as-default-parameter": "warn",
         "unicorn/no-process-exit": "off",
+        "unicorn/no-useless-iterator-to-array": "off",
         "unicorn/no-useless-switch-case": "off",
 
         "unicorn/no-useless-undefined": ["error", { "checkArguments": false }],