chore: update maintenance dependencies by afc163 · Pull Request #1079 · react-component/slider

afc163 · 2026-06-29T10:24:06Z

Summary

Link the Ant Design ecosystem logo in README files to https://ant.design
Update React, React DOM, TypeScript, ESLint, Testing Library, @types/, @typescript-eslint/, lint-staged, and related lint dependencies
Add ESLint flat config compatibility for ESLint 9 and TypeScript ESLint 8
Use grouped Dependabot updates for npm and GitHub Actions

Test Plan

npm run lint
npm run tsc

Summary by CodeRabbit

Chores
- 更新了依赖与开发工具链版本，包含 React、TypeScript、ESLint 相关生态，并优化了依赖更新分组管理。
- 补充了类型声明与配置，使项目在编辑器和构建时对样式、测试与常见全局 API 的识别更完整。
Documentation
- 更新了中英文 README 顶部徽标展示方式，链接体验更一致。
Bug Fixes
- 调整了 TypeScript 与 ESLint 配置，减少类型检查和规则兼容性问题。

vercel · 2026-06-29T10:24:11Z

Deployment failed with the following error:

Resource is limited - try again in 24 hours (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/react-component?upgradeToPro=build-rate-limit

coderabbitai · 2026-06-29T10:24:22Z

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8abaa679-2826-4c54-948e-ed468ed5d7cc

📥 Commits

Reviewing files that changed from the base of the PR and between aaf9d2f and 4a70380.

📒 Files selected for processing (8)

.github/dependabot.yml
README.md
README.zh-CN.md
eslint.config.mjs
global.d.ts
package.json
react-compat.d.ts
tsconfig.json

 ___________________________________________________________
< Your API returns 200 OK; your users return 404 Not Found. >
 -----------------------------------------------------------
  \
   \   (\__/)
       (•ㅅ•)
       / 　 づ

✨ Finishing Touches

📝 Generate docstrings

Create stacked PR
Commit on current branch

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch codex/update-maintenance-deps

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands.}

gemini-code-assist

Code Review

This pull request upgrades the project to React 19 and TypeScript 6, updates various dependencies (including ESLint to v9), and introduces compatibility shims and global type definitions. Feedback on these changes highlights critical type-safety concerns: disabling strict type-checking options in tsconfig.json reduces safety during this major upgrade, declaring test globals as any in global.d.ts overrides Jest's strongly-typed definitions, and shimming the deprecated hydrate method in react-compat.d.ts is unsafe and could lead to runtime crashes.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

gemini-code-assist · 2026-06-29T10:24:58Z

+    "noImplicitAny": false,
+    "strictNullChecks": false,
+    "strictPropertyInitialization": false,
+    "strictFunctionTypes": false,
+    "strict": false,
+    "noImplicitThis": false,
+    "strictBindCallApply": false


Disabling strict type-checking options (strict, strictNullChecks, noImplicitAny, etc.) significantly reduces type safety and can mask potential runtime errors, especially during a major upgrade to React 19 and TypeScript 6. It is highly recommended to keep strict mode enabled and address the type errors directly.

gemini-code-assist · 2026-06-29T10:24:58Z

+declare const describe: any;
+declare const it: any;
+declare const test: any;
+declare const beforeEach: any;
+declare const afterEach: any;
+declare const beforeAll: any;
+declare const afterAll: any;
+declare const expect: any;


Declaring test globals like describe, it, and expect as any overrides the strongly-typed definitions provided by the jest reference at the top of the file. This disables type safety and autocompletion in test files. These declarations should be removed.

gemini-code-assist · 2026-06-29T10:24:58Z

+declare module 'react-dom' {
+  function hydrate(element: React.ReactNode, container: Element | DocumentFragment): void;
+}


Shimming hydrate in react-dom for React 19 is unsafe. React 19 has completely removed hydrate from react-dom (replaced by hydrateRoot in react-dom/client). Shimming the type will allow the code to compile but will result in runtime crashes if hydrate is called. It is recommended to migrate the usage to hydrateRoot instead.

socket-security · 2026-06-29T10:28:44Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/@typescript-eslint/parser@8.62.0
	npm/@types/react-dom@19.2.3
	npm/@types/react@19.2.17
	npm/@typescript-eslint/eslint-plugin@8.62.0
	npm/@eslint/eslintrc@3.3.5
	npm/eslint-config-prettier@10.1.8
	npm/@testing-library/react@16.3.2
	npm/@eslint/js@9.39.4
	npm/typescript@6.0.3
	npm/eslint-plugin-unicorn@65.0.1
	npm/lint-staged@17.0.8
	npm/eslint-plugin-react-hooks@7.1.1
	npm/eslint@9.39.4
	npm/eslint-plugin-jest@29.15.3

View full report

socket-security · 2026-06-29T10:28:46Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `@typescript-eslint/eslint-plugin` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → `npm/@typescript-eslint/eslint-plugin@8.62.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.62.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

coderabbitai

Actionable comments posted: 3

🧹 Nitpick comments (1)

react-compat.d.ts (1)
3-6: 📐 Maintainability & Code Quality | 🔵 Trivial | 🏗️ Heavy lift

useRef() 的零参数重载建议只作为极短期过渡。

React 19 类型层面要求 useRef 显式传入初始值；这里全局补回零参数签名后，旧调用点都不会再被 tsc 报出来，等于绕过了这次升级最有价值的一条检查。更稳妥的是把调用点改成 useRef(undefined) / useRef(null)，然后删除这个 augmentation。
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@react-compat.d.ts` around lines 3 - 6, The zero-argument useRef overload
added in the react module augmentation is masking React 19 migration errors.
Update the affected call sites to pass an explicit initial value such as
useRef(undefined) or useRef(null), using the useRef signature in
react-compat.d.ts as the locator, and then remove this temporary augmentation so
tsc continues to flag any remaining legacy usages.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@react-compat.d.ts`:
- Around line 14-16: Remove the ambient react-dom hydrate declaration from
react-compat.d.ts so the typings stay aligned with React 19. This module
augmentation is reintroducing an API that no longer exists at runtime and can
hide migration issues; update any call sites to use hydrateRoot instead of
relying on hydrate being typed.

In `@tsconfig.json`:
- Around line 39-41: 主 tsconfig 的 include 现在把 global.d.ts 一起纳入了，导致
vi、describe、it、expect 等测试全局泄露到 src 和 docs/examples。请把这些测试类型从主配置中移出，放到专用的测试
tsconfig 中，或将它们的范围限制到 tests/**/*，并保留 react-compat.d.ts 等业务通用声明在主配置里。
- Around line 31-37: The root tsconfig has been loosened too much by disabling
strict mode and related checks, which hides real type regressions across src,
tests, and docs/examples. Keep the main configuration strict, then move
test-only globals from global.d.ts into a separate test-specific declaration or
tsconfig so they do not leak into production source. In tsconfig and the shared
type declarations, preserve the strict baseline and only relax individual flags
temporarily where a migration blocker is unavoidable.

---

Nitpick comments:
In `@react-compat.d.ts`:
- Around line 3-6: The zero-argument useRef overload added in the react module
augmentation is masking React 19 migration errors. Update the affected call
sites to pass an explicit initial value such as useRef(undefined) or
useRef(null), using the useRef signature in react-compat.d.ts as the locator,
and then remove this temporary augmentation so tsc continues to flag any
remaining legacy usages.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8abaa679-2826-4c54-948e-ed468ed5d7cc

📥 Commits

Reviewing files that changed from the base of the PR and between aaf9d2f and 4a70380.

📒 Files selected for processing (8)

.github/dependabot.yml
README.md
README.zh-CN.md
eslint.config.mjs
global.d.ts
package.json
react-compat.d.ts
tsconfig.json

coderabbitai · 2026-06-29T10:34:22Z

+declare module 'react-dom' {
+  function hydrate(element: React.ReactNode, container: Element | DocumentFragment): void;
+}


🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash rg -nP --glob '!react-compat.d.ts' --type=ts --type=tsx '\bhydrate\s*\(' .

Repository: react-component/slider

Length of output: 188

🏁 Script executed:

#!/bin/bash set -euo pipefail # Locate the compatibility file and related React API usages. git ls-files | rg '(^|/)react-compat\.d\.ts$|(^|/)package\.json$|(^|/)tsconfig.*\.json$|(^|/)react-dom|(^|/)react\.d\.ts$' printf '\n--- react-compat.d.ts ---\n' cat -n react-compat.d.ts printf '\n--- hydrate / hydrateRoot usages ---\n' rg -n --glob '*.ts' --glob '*.tsx' --glob '*.d.ts' '\bhydrateRoot\b|\bhydrate\s*\(' . printf '\n--- useRef overloads/usages in compat file ---\n' rg -n --glob '*.d.ts' '\buseRef\b' react-compat.d.ts

Repository: react-component/slider

Length of output: 1200

🏁 Script executed:

#!/bin/bash set -euo pipefail printf '\n--- package.json ---\n' cat -n package.json printf '\n--- tsconfig.json ---\n' cat -n tsconfig.json

Repository: react-component/slider

Length of output: 5326

🏁 Script executed:

#!/bin/bash set -euo pipefail # Check whether the repo targets React 18/19 or ships its own typings shim. rg -n --glob 'package.json' '"react"|"react-dom"|"`@types/react`"|"`@types/react-dom`"'

Repository: react-component/slider

Length of output: 160

🏁 Script executed:

#!/bin/bash set -euo pipefail cat -n package.json

Repository: react-component/slider

Length of output: 3886

不要把 react-dom.hydrate 加回类型定义。
这个仓库已经依赖 react / react-dom 19 和对应 typings，hydrate 在运行时并不存在；把它补进 ambient types 只会掩盖迁移问题。需要的话直接迁移到 hydrateRoot。

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@react-compat.d.ts` around lines 14 - 16, Remove the ambient react-dom hydrate declaration from react-compat.d.ts so the typings stay aligned with React 19. This module augmentation is reintroducing an API that no longer exists at runtime and can hide migration issues; update any call sites to use hydrateRoot instead of relying on hydrate being typed.

coderabbitai · 2026-06-29T10:34:22Z

+    "noImplicitAny": false,
+    "strictNullChecks": false,
+    "strictPropertyInitialization": false,
+    "strictFunctionTypes": false,
+    "strict": false,
+    "noImplicitThis": false,
+    "strictBindCallApply": false


📐 Maintainability & Code Quality | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail printf '\n== files ==\n' git ls-files 'tsconfig.json' 'package.json' 'global.d.ts' 'react-compat.d.ts' '**/global.d.ts' '**/react-compat.d.ts' printf '\n== tsconfig.json ==\n' if [ -f tsconfig.json ]; then cat -n tsconfig.json fi printf '\n== package.json scripts ==\n' if [ -f package.json ]; then python3 - <<'PY' import json, pathlib p = pathlib.Path('package.json') data = json.loads(p.read_text()) for k,v in data.get('scripts', {}).items(): if any(x in k.lower() for x in ['tsc','type','test','lint','check']): print(f"{k}: {v}") PY fi printf '\n== global.d.ts candidates ==\n' for f in $(git ls-files '**/global.d.ts'); do echo "--- $f" cat -n "$f" done printf '\n== react-compat.d.ts candidates ==\n' for f in $(git ls-files '**/react-compat.d.ts'); do echo "--- $f" cat -n "$f" done

Repository: react-component/slider

Length of output: 1818

🏁 Script executed:

#!/bin/bash set -euo pipefail printf '\n== tsconfig.json outline ==\n' ast-grep outline tsconfig.json || true printf '\n== tsconfig.json relevant lines ==\n' if [ -f tsconfig.json ]; then nl -ba tsconfig.json | sed -n '1,120p' fi printf '\n== declarations outline ==\n' for f in $(git ls-files '**/global.d.ts' '**/react-compat.d.ts'); do echo "--- $f" ast-grep outline "$f" || true done printf '\n== declaration contents ==\n' for f in $(git ls-files '**/global.d.ts' '**/react-compat.d.ts'); do echo "--- $f" nl -ba "$f" | sed -n '1,200p' done

Repository: react-component/slider

Length of output: 293

🏁 Script executed:

#!/bin/bash set -euo pipefail printf '\n== global.d.ts ==\n' cat -n global.d.ts printf '\n== react-compat.d.ts ==\n' cat -n react-compat.d.ts

Repository: react-component/slider

Length of output: 3263

别把主 tsconfig 的 strict 基线整体放宽。
tsc --noEmit 现在会用这份配置同时编译 src、tests 和 docs/examples，strict: false 会把这次升级里最有价值的类型回归都屏蔽掉。global.d.ts 里的 vi / describe / it / test / expect 也被同一配置暴露给所有源码；把测试专用声明拆出去，主配置尽量保留 strict，只临时豁免卡住迁移的单项。

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@tsconfig.json` around lines 31 - 37, The root tsconfig has been loosened too much by disabling strict mode and related checks, which hides real type regressions across src, tests, and docs/examples. Keep the main configuration strict, then move test-only globals from global.d.ts into a separate test-specific declaration or tsconfig so they do not leak into production source. In tsconfig and the shared type declarations, preserve the strict baseline and only relax individual flags temporarily where a migration blocker is unavoidable.

coderabbitai · 2026-06-29T10:34:22Z

  "include": [
+    "react-compat.d.ts",
+    "global.d.ts",


🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail # Map relevant files and inspect the TypeScript config plus the declaration file. git ls-files 'tsconfig.json' 'global.d.ts' 'tests/**' 'src/**' 'docs/examples/**' | sed -n '1,200p' printf '\n--- tsconfig.json ---\n' cat -n tsconfig.json printf '\n--- global.d.ts ---\n' cat -n global.d.ts

Repository: react-component/slider

Length of output: 4831

🏁 Script executed:

#!/bin/bash set -euo pipefail # Inspect any tsconfig variants that might scope tests separately. git ls-files '*tsconfig*.json' | sed -n '1,200p' for f in $(git ls-files '*tsconfig*.json'); do printf '\n=== %s ===\n' "$f" cat -n "$f" done

Repository: react-component/slider

Length of output: 1592

🏁 Script executed:

#!/bin/bash set -euo pipefail # Find references to the testing globals and the declaration file across the repo. rg -n --glob '!**/node_modules/**' --glob '!**/dist/**' --glob '!**/build/**' '\b(vi|describe|it|expect)\b' .

Repository: react-component/slider

Length of output: 35685

🏁 Script executed:

#!/bin/bash set -euo pipefail # Read only the lines around the main tsconfig include and any test-specific configs. printf 'tsconfig.json lines 1-120\n' sed -n '1,120p' tsconfig.json printf '\nSearch for test-only tsconfig files and references to global.d.ts:\n' rg -n --glob '*tsconfig*.json' --glob '!**/node_modules/**' 'global\.d\.ts|vitest|jest|mocha|describe|it|vi|expect' .

Repository: react-component/slider

Length of output: 1473

🏁 Script executed:

#!/bin/bash set -euo pipefail # Summarize repository files likely relevant to tsconfig scoping. printf 'Top-level files:\n' find . -maxdepth 1 -type f | sed 's#^\./##' | sort | sed -n '1,200p' printf '\nFiles matching tsconfig / d.ts / test patterns:\n' git ls-files | rg '(^|/)(tsconfig.*\.json|.*\.d\.ts|.*test.*|.*spec.*|vitest.*|jest.*)$' | sed -n '1,200p'

Repository: react-component/slider

Length of output: 817

不要把测试全局暴露到主 tsconfig
global.d.ts 里把 vi / describe / it / expect 等测试全局放进了主 include，src 和 docs/examples 也会默认拿到这些名字，业务代码误用测试 API 时不会再被 tsc 拦住。把这部分拆到测试专用 tsconfig，或至少只限定到 tests/**/*。

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@tsconfig.json` around lines 39 - 41, 主 tsconfig 的 include 现在把 global.d.ts 一起纳入了，导致 vi、describe、it、expect 等测试全局泄露到 src 和 docs/examples。请把这些测试类型从主配置中移出，放到专用的测试 tsconfig 中，或将它们的范围限制到 tests/**/*，并保留 react-compat.d.ts 等业务通用声明在主配置里。

chore: update maintenance dependencies

4a70380

gemini-code-assist Bot reviewed Jun 29, 2026

View reviewed changes

coderabbitai Bot reviewed Jun 29, 2026

View reviewed changes

Uh oh!

Uh oh!

Conversation

afc163 commented Jun 29, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Test Plan

Summary by CodeRabbit

Uh oh!

vercel Bot commented Jun 29, 2026

Uh oh!

coderabbitai Bot commented Jun 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

gemini-code-assist Bot Jun 29, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist Bot Jun 29, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist Bot Jun 29, 2026

Choose a reason for hiding this comment

Uh oh!

socket-security Bot commented Jun 29, 2026

Uh oh!

socket-security Bot commented Jun 29, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 29, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 29, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 29, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

afc163 commented Jun 29, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented Jun 29, 2026 •

edited

Loading