Update non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@actions/core (source)	3.0.0 → 3.0.1			dependencies	patch
@types/node (source)	24.12.2 → 24.12.4			devDependencies	patch
actions/setup-node	v6.3.0 → v6.4.0			action	minor
axios (source)	1.15.2 → 1.16.1			dependencies	minor
tsx (source)	4.21.0 → 4.22.3			devDependencies	minor
typescript-eslint (source)	8.58.2 → 8.59.4			devDependencies	minor
yaml (source)	2.8.3 → 2.9.0			devDependencies	minor
zod (source)	4.3.6 → 4.4.3			dependencies	minor

---

Release Notes

actions/toolkit (@​actions/core)

v3.0.1

• Bump undici from 6.23.0 to 6.24.1 #​2348

actions/setup-node (actions/setup-node)

v6.4.0

Compare Source

axios/axios (axios)

v1.16.1

Compare Source

v1.16.0

Compare Source

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

• Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (#​10795)
• Proxy requests now preserve user-supplied Host headers. Previously, the proxy path could overwrite a custom Host. Virtual-host-style routing through a proxy will now behave correctly. (#​10822)
• Basic auth credentials embedded in URLs are now URL-decoded. If you have percent-encoded credentials in a URL (e.g. https://user:p%40ss@host), the decoded value is what now goes on the wire. (#​10825)
• parseProtocol now strictly requires a colon in the protocol separator. Strings that loosely parsed as protocols before may no longer match. (#​10729)
• Deprecated unescape() replaced with modern UTF-8 encoding. Non-ASCII URL handling is now spec-correct; consumers depending on legacy unescape() quirks may see different output bytes. (#​7378)
• transformRequest input typing change was reverted. The typing change introduced in #​10745 was reverted in #​10810 after follow-up review — net behavior is unchanged from 1.15.2. (#​10745, #​10810)

🚀 New Features

• QUERY HTTP Method: Added support for the QUERY HTTP method across adapters and type definitions. (#​10802)
• ECONNREFUSED Error Constant: Exposed ECONNREFUSED as a constant on AxiosError so callers can match connection-refused failures without comparing string literals (closes #​6485). (#​10680)
• Encode Helper Export: Exported the internal encode helper from buildURL so userland param serializers can reuse the same encoding logic that axios uses internally. (#​6897)

🐛 Bug Fixes

• HTTP Adapter — Redirects & Headers: Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing requestDetails argument on beforeRedirect, preserved user-supplied Host headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (#​10794, #​10800, #​6241, #​10822, #​10825)
• HTTP Adapter — Streams & Timeouts: Preserved the partial response object on AxiosError when a stream is aborted after headers arrive, honoured the timeout option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and maxRedirects: 0. (#​10708, #​10819, #​7149)
• Fetch Adapter: Enforced maxBodyLength / maxContentLength in the fetch adapter, set the User-Agent header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a TypeError in restricted environments. (#​10795, #​10772, #​10806, #​7260)
• XHR Adapter: Unsubscribed the cancelToken and AbortSignal listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (#​10787)
• Error Handling: Attached the parsed response to AxiosError when JSON.parse fails inside dispatchRequest, prevented settle from emitting undefined error codes, and tightened the parseProtocol regex to require a colon in the protocol separator. (#​10724, #​7276, #​10729)
• Types & Exports: Aligned the CommonJS CancelToken typings with the ESM build, fixed a compiler error caused by RawAxiosHeaders, and re-exported create from the package index. (#​7414, #​6389, #​6460)
• UTF-8 Encoding: Replaced the deprecated unescape() call with a modern UTF-8 encoding implementation. (#​7378)
• Misc Cleanup: Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (#​10833)

🔧 Maintenance & Chores

• Refactor — ES6 Modernisation: Modernised the utils module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (#​10588, #​7419)
• Tests: Hardened the HTTP test server lifecycle to fix flaky FormData EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (#​10820, #​10791, #​10796)
• Docs: Documented paramsSerializer.encode for strict RFC 3986 query encoding, updated the parseReviver TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (#​10821, #​10782, #​10759, #​10804)
• Reverted: Reverted the transformRequest input typing change from #​10745 after follow-up review. (#​10745, #​10810)
• Dependencies: Bumped actions/setup-node, the github-actions group, and postcss (in /docs) to their latest versions. (#​10785, #​10813, #​10814)
• Release: Updated changelog and packages, and prepared the 1.16.0 release. (#​10790, #​10834)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​singhankit001 (#​10588)
• @​cuiweixie (#​7419)
• @​iruizsalinas (#​10787)
• @​MarcosNocetti (#​10680)
• @​deepview-autofix (#​10729)
• @​atharvasingh7007 (#​10745)
• @​OfekDanny (#​10772)
• @​mnahkies (#​7414)
• @​tboyila (#​10759)
• @​Kingo64 (#​6897)
• @​ramram1048 (#​6389)
• @​FLNacif (#​6460)
• @​zozo123 (#​10806)
• @​pierluigilenoci (#​10802)
• @​afurm (#​10708)
• @​karan-lrn (#​7378)
• @​ebeigarts (#​7149)
• @​Raymondo97 (#​10782)
• @​mixelburg (#​10821)
• @​ashishkr96 (#​10822)
• @​cyphercodes (#​10819)
• @​Jye10032 (#​7260)
• @​VeerShah41 (#​7276)

Full Changelog

privatenumber/tsx (tsx)

v4.22.3

Compare Source

v4.22.2

Compare Source

v4.22.1

Compare Source

v4.22.0

Compare Source

v4.21.1

Compare Source

Bug Fixes

• support Node 20.11/21.2 import.meta paths (acf3d8f)
• support Node.js 24.15.0 (c1d2d45)
• support Node.js 26.1.0 and 25.9.0 (1d7e528)

---

This release is also available on:

• npm package (@​latest dist-tag)

typescript-eslint/typescript-eslint (typescript-eslint)

v8.59.4

Compare Source

🩹 Fixes

• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#​12340)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.3

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.2

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

eemeli/yaml (yaml)

v2.9.0

Compare Source

v2.8.4

Compare Source

• Disable alias resolution with maxAliasCount:0 (#​677)
• Handle invalid unicode escapes (e1a1a77)
• Apply minFractionDigits only to decimal strings (#​676)

colinhacks/zod (zod)

v4.4.3

Compare Source

v4.4.2

Compare Source

v4.4.1

Compare Source

v4.4.0

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

This update refreshes CI workflows by upgrading the Node setup action to v6.4.0 and bumps several core dependencies in both pr-review and pr-summary packages to their latest patch versions. These chore-based changes improve build stability, security, and align the project with the newest bug fixes.

Walkthrough

• Chore: Upgraded actions/setup-node from v6.3.0 to v6.4.0 in CI workflows (build.yaml, code-quality.yaml).
• Chore: Updated dependencies in pr-review and pr-summary packages:
  • @actions/core 3.0.0 → 3.0.1
  • axios 1.15.1 → 1.15.2
  • typescript-eslint 8.58.2 → 8.59.0

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1371 | Completion Tokens: 643}

[github-actions]

Here is a friendly overview of your code enhanced by AI. Some suggestions are educated guesses rather than definitive answers, so feel free to pick what fits your style. You guide the process—AI is here to offer support and encouragement.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 2092 | Completion Tokens: 2776}

[github-actions]

Consider using a floating version tag (e.g., @v6) or a setup-node release name rather than pinning to a specific SHA. This will make it easier to pick up non-breaking updates without continually updating your workflow. For example:

- name: Setup Node (PR Summary)
  uses: actions/setup-node@v6
  with:
    node-version-file: source-folder/.tool-versions
    cache: npm

If you need strict reproducibility, you can still pin a major version to balance stability and convenience.

[github-actions]

You have nearly identical "Setup Node" steps for PR Summary and PR Review. To DRY this up, you can use YAML anchors or a reusable workflow. Here’s an example with anchors:

# at the top of your file
defaults: &setup-node-defaults
  uses: actions/setup-node@v6
  with:
    node-version-file: source-folder/.tool-versions
    cache: npm

jobs:
  pr_summary:
    steps:
      - name: Setup Node (PR Summary)
        <<: *setup-node-defaults

  pr_review:
    steps:
      - name: Setup Node (PR Review)
        <<: *setup-node-defaults

This reduces duplication and centralizes configuration.

[github-actions]

You’re repeating the same checkout and Node setup steps multiple times. Consider extracting them into a reusable workflow or using YAML anchors. This makes maintenance easier and ensures consistency. For example:

# Define an anchor
steps:
  - &checkout-and-setup
    - name: Checkout source branch
      uses: actions/checkout@v6
    - name: Setup Node
      uses: actions/setup-node@v6
      with:
        node-version-file: .tool-versions
        cache: npm

# Reuse it
jobs:
  lint:
    steps:
      <<: *checkout-and-setup
      - name: Run linter
        run: npm run lint

  test:
    steps:
      <<: *checkout-and-setup
      - name: Run tests
        run: npm test

[github-actions]

By reusing the same anchor (or calling a reusable workflow), you avoid duplication in both sections. This approach also ensures that if you need to update the checkout or setup logic, you only do it once.

[github-actions]

Your dependencies are pinned to exact patch versions. To get non-breaking updates automatically while still respecting semver, consider using caret ranges (^). It simplifies version maintenance and ensures you get important patches:

"dependencies": {
  "@actions/core": "^3.0.1",
  "@actions/github": "^7.0.0",
  "axios": "^1.15.2",
  "typescript-eslint": "^8.59.0",
  // …
}

You can lock down critical dependencies manually if needed, but for most packages, caret ranges are a good balance between stability and automatic patch updates.

[github-actions]

Similar to the pr-review package, switching to caret ranges (^) for dependencies reduces the overhead of manual upgrades and ensures you receive backward-compatible fixes automatically. For example:

"dependencies": {
  "@actions/core": "^3.0.1",
  "axios": "^1.15.2",
  "typescript-eslint": "^8.59.0",
  // …
}

If a breaking change appears, you can still pin that specific package at the next major version.

[github-actions]

This update bumps the Node setup action in CI workflows to v6.4.0 and upgrades key dependencies across both PR review and PR summary packages for improved compatibility and maintenance.

Walkthrough

• Chore: Updated actions/setup-node to v6.4.0 in build and code-quality workflows.
• Chore: Upgraded @actions/core to 3.0.1 in both pr-review and pr-summary.
• Chore: Bumped axios to 1.15.2 and typescript-eslint to 8.59.1 in both packages.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1371 | Completion Tokens: 596 | Diff Range: fb70ea2...1f93dd5}

[github-actions]

Thank you for letting me review your code. I’ve included AI-supported suggestions to help you sharpen your work. These are gentle pointers, not hard rules, so use what resonates with your approach. You know your project best—AI is here to support your vision, while you remain in the driver’s seat.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 816 | Completion Tokens: 1735 | Diff Range: fb70ea2...1f93dd5}

[github-actions]

It’s generally a best practice to use a semver range operator (caret ^ or tilde ~) rather than pinning to an exact patch version. This allows you to automatically pick up backward-compatible bug fixes and minor improvements without manual bumps. For example:

{
  "typescript-eslint": "^8.59.1"
}

You can still control breaking changes by sticking to major versions, while safely receiving patches.

[github-actions]

Similar to the above, consider switching to a semver range operator (e.g., ^8.59.1) instead of an exact match. This helps avoid frequent manual updates for non-breaking fixes:

{  
  "typescript-eslint": "^8.59.1"
}

Also, keep your devDependencies consistent across packages to prevent drift and simplify maintenance.

[github-actions]

This update improves CI consistency and security by bumping the GitHub Actions Node setup to v6.4.0 and upgrading several package dependencies across the PR review and summary tools.

Walkthrough

• Chore: Upgraded actions/setup-node in build and code-quality workflows to v6.4.0 for better caching and compatibility.
• Chore: Bumped @actions/core, axios, zod, typescript-eslint, and other libraries in pr-review to their latest patch versions.
• Chore: Mirrored the same dependency upgrades in pr-summary for alignment and stability.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1489 | Completion Tokens: 663 | Diff Range: 1f93dd5...b548348}

[github-actions]

Provide a gentle code review with AI support. Suggestions are just options, not absolute truths. Pick what fits your style. You’re in the driver’s seat—AI is here to help.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1170 | Completion Tokens: 3776 | Diff Range: 1f93dd5...b548348}

[github-actions]

You’re pinning axios to an exact patch version. To allow compatible patch and minor fixes automatically while avoiding unexpected breaking changes, consider using a caret (^) range instead of a fixed version. For example:

"dependencies": {
  "axios": "^1.15.2",
  // …other deps
}

This reduces maintenance overhead for routine updates and works well with tooling like Dependabot.

[github-actions]

Similar to axios, zod is pinned exactly to 4.4.1. Switching to a caret range will let you pick up patch releases (bug fixes) automatically:

"dependencies": {
  "zod": "^4.4.1",
  // …other deps
}

Also, double-check the changelog for any potential breaking changes between 4.3.6 and 4.4.1 before rolling this out.

[github-actions]

@actions/core has been bumped to 3.0.1. Pinning exact versions can lead to duplication across multiple packages. Consider using:

"dependencies": {
  "@actions/core": "^3.0.1",
  // …other deps
}

This approach lets you get non-breaking updates automatically. If this is a monorepo, you can further hoist this dependency into the root package.json using workspaces.

[github-actions]

You’ve applied the same axios bump here. To avoid drift and duplication, you can switch to a caret range:

"dependencies": {
  "axios": "^1.15.2",
  // …other deps
}

Or, if you maintain both packages together, consider defining shared dependencies in a root-level package.json and enabling npm/Yarn workspaces to hoist them.

[github-actions]

zod is also updated here. Align it with a caret range so that patch updates flow through both packages without manual bumps:

"dependencies": {
  "zod": "^4.4.1",
  // …other deps
}

This keeps your versions consistent and lowers the friction of upgrades.

[github-actions]

This update refreshes CI workflows and package dependencies to their latest patch releases, ensuring consistency across build, code-quality, PR summary, and PR review processes without altering user-facing features.

Walkthrough

• Chore: Upgraded actions/setup-node in build and code-quality workflows from v6.3.0 to v6.4.0
• Chore: Bumped @actions/core to 3.0.1 in both pr-summary and pr-review packages
• Chore: Updated axios to 1.15.2, zod to 4.4.2, and typescript-eslint to 8.59.1
• Chore: General dependency refresh to align minor/patch versions across projects

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1489 | Completion Tokens: 617 | Diff Range: b548348...dfa60d2}

[github-actions]

Welcome to your AI-supported code review. These insights are based on predictions and may not apply in every situation, so choose what resonates with your goals. Your expertise guides the way, and the AI is here to help you explore ideas and improve your code.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1170 | Completion Tokens: 2172 | Diff Range: b548348...dfa60d2}

[github-actions]

I recommend switching from exact version pins to caret (^) ranges for axios and zod. This allows you to pick up non-breaking patches and minor updates automatically without manual bumps. For example:

{
  "dependencies": {
    "axios": "^1.15.2",
    "zod": "^4.4.2",
    // other deps...
  }
}

This change improves maintainability by ensuring you receive backwards-compatible updates while avoiding unexpected breaking changes.

[github-actions]

Since pr-summary and pr-review share many of the same dependencies (like axios, zod, etc.), you could consolidate them in your monorepo’s root package.json using npm workspaces. This prevents version drift and keeps everything in sync.

Root package.json:

{
  "workspaces": ["pr-review", "pr-summary"],
  "dependencies": {
    "axios": "^1.15.2",
    "zod": "^4.4.2"
  }
}

Then in each package you can reference the workspace versions:

{
  "dependencies": {
    "axios": "workspace:^",
    "zod": "workspace:^"
  }
}

This setup centralizes version management, ensures consistency across packages, and simplifies upgrades.

[github-actions]

Updated the CI workflows to use the latest setup-node action and bumped several dependencies in the PR review and PR summary packages for maintenance and patch fixes.

Walkthrough

• Chore: Upgraded actions/setup-node in build and code-quality workflows to v6.4.0 for consistent Node setup.
• Chore: Bumped @actions/core to 3.0.1, axios to 1.15.2, zod to 4.4.2, typescript-eslint to 8.59.1, and yaml to 2.8.4 in both pr-review and pr-summary packages for minor improvements and patches.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1515 | Completion Tokens: 536 | Diff Range: dfa60d2...ac2e470}

[github-actions]

I’m here to help review your code with AI support by offering suggestions that you’re welcome to adopt or adapt as needed. Some insights are predictive and may not always apply, so trust your own judgment. In the end, your choices guide the process—AI is here to assist, not to decide.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 850 | Completion Tokens: 1803 | Diff Range: dfa60d2...ac2e470}

[github-actions]

These dependency bumps are fine, but to reduce future churn and allow non-breaking updates you can switch to caret ranges instead of pinning exact versions. This will let you pick up patch and minor updates without needing another change. Also consider centralizing shared devDependencies in the root if this is a monorepo. For example:

"devDependencies": {
  "typescript-eslint": "^8.59.1",
  "yaml": "^2.8.4"
}

Don’t forget to regenerate your lockfile (npm install or yarn install) after making these changes to keep everyone in sync.

[github-actions]

Same suggestion here: use caret ranges to automatically accept compatible updates and avoid manual bumps for every patch. If you’re managing multiple packages in a monorepo, you could also hoist these shared devDependencies to the root package.json to DRY up your configuration. For example:

"devDependencies": {
  "typescript-eslint": "^8.59.1",
  "yaml": "^2.8.4"
}

Run your install command afterwards to update the lockfile and ensure consistency across environments.

[github-actions]

This update refreshes CI workflows to use the latest setup-node action and bumps several dependencies in the PR summary and review packages. The changes ensure you’re on the newest patch releases for core GitHub Actions, HTTP utilities, validation schemas, and dev tooling. These upgrades improve build reliability, security, and compatibility without altering any end-user deliverables.

Walkthrough

• Chore: Upgraded GitHub Action setup-node to v6.4.0 for consistent Node.js environments.
• Chore: Bumped core Action SDK and HTTP client (@actions/core, axios) to latest patches.
• Chore: Updated validation library (zod) to 4.4.2 to include recent fixes and improvements.
• Chore: Refreshed dev tools (typescript-eslint, yaml) for improved linting and parsing stability.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1515 | Completion Tokens: 1028 | Diff Range: ac2e470...82649ba}

[github-actions]

We’ve reviewed your code and provided AI-backed suggestions. While these insights aim to guide you, they aren’t guaranteed facts, so choose what suits you best. You remain in charge of your decisions—AI is here simply to support your process.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1170 | Completion Tokens: 2719 | Diff Range: ac2e470...82649ba}

[github-actions]

You’ve pinned dependencies (axios and zod) to exact versions, which means every non-breaking patch or minor release will require a manual bump. Consider using caret (^) ranges to automatically receive compatible updates:

"dependencies": {
  "axios": "^1.16.0",
  "zod": "^4.4.2"
}

[github-actions]

Similarly here, switching from exact versions to caret ranges lets you pull in non-breaking updates without manual intervention. For example:

"dependencies": {
  "axios": "^1.16.0",
  "zod": "^4.4.2"
}

[github-actions]

After bumping dependencies, remember to run your package manager so the lockfile is updated, then commit it (package-lock.json or yarn.lock). This ensures everyone installs the exact same dependency tree:

npm install
git add package-lock.json

[github-actions]

Here are some suggestions to improve your code with a little help from AI. These notes are based on predictions and aren’t set in stone so pick what suits you best. Trust your own judgment as you decide which ideas to apply. AI is here to lend a hand, not to take charge.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1170 | Completion Tokens: 2030 | Diff Range: 82649ba...cf7e4fe}

[github-actions]

The dependency axios is currently pinned to an exact version (1.16.0). Pinning to an exact version can make it harder to receive non-breaking patches automatically. Consider using a caret (^) or tilde (~) range to allow minor or patch updates without manual bumps. For example:

{
  "dependencies": {
    "axios": "^1.16.0"
  }
}

[github-actions]

Similarly, zod is locked to 4.4.3. To reduce manual maintenance and safely pick up patch releases, use a semver range. For instance:

- "zod": "4.4.3"
+ "zod": "^4.4.3"

[github-actions]

This package also pins axios to 1.16.0. To keep consistent maintenance and avoid duplicate manual bumps, align with the caret range approach used above:

{
  "dependencies": {
    "axios": "^1.16.0"
  }
}

[github-actions]

You've bumped @actions/core from 3.0.0 to 3.0.1. Ensure you review the changelog for any bug fixes or breaking changes before releasing. Optionally, to receive non-breaking updates automatically, apply a semver range:

- "@actions/core": "3.0.1"
+ "@actions/core": "^3.0.1"

[github-actions]

This update standardizes CI workflows to use the latest setup-node action and brings various dependencies to their newest patch versions for improved stability and security.

Walkthrough

• Chore: Updated actions/setup-node to v6.4.0 in build and code-quality workflows
• Chore: Bumped @actions/core to v3.0.1 in both pr-summary and pr-review packages
• Chore: Upgraded axios to 1.16.0 and zod to 4.4.3 for HTTP and schema validation
• Chore: Advanced dev tooling: typescript-eslint to 8.59.1 and yaml to 2.8.4

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1515 | Completion Tokens: 799 | Diff Range: 82649ba...cf7e4fe}

[github-actions]

This update standardizes the CI/CD pipelines on the latest actions and refreshes key package dependencies to their newest versions, improving build consistency and keeping development tooling up to date.

Walkthrough

• Chore: Upgraded actions/setup-node from v6.3.0 to v6.4.0 in both build and code-quality workflows for consistent Node version management.
• Chore: Bumped core libraries (@actions/core, axios, zod) and dev tools (typescript-eslint, yaml) in pr-summary and pr-review packages to incorporate recent bug fixes and improvements.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1515 | Completion Tokens: 595 | Diff Range: cf7e4fe...36796a8}

[github-actions]

I’ve prepared a friendly code review with AI insights. These suggestions are possibilities, not guarantees, so feel free to pick what works best. You’re guiding the process—AI just offers support.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 850 | Completion Tokens: 2816 | Diff Range: cf7e4fe...36796a8}

[github-actions]

Currently the versions are pinned exactly, which means each patch update requires a manual bump. Consider using caret ranges to allow non-breaking updates automatically:

"devDependencies": {
  "prettier": "^3.8.3",
  "tsx": "^4.21.0",
  "typescript": "^5.9.3",
  "typescript-eslint": "^8.59.2",
  "yaml": "^2.8.4"
}

After adjusting the version specifiers, don’t forget to run your package manager (e.g., npm install or yarn install) to update the lockfile accordingly.

[github-actions]

The devDependencies in this file are identical to those in pr-review/package.json. To reduce duplication and the risk of version drift, consider extracting these into a shared root (monorepo) package.json using NPM or Yarn workspaces. Example root package.json:

{
  "workspaces": ["packages/pr-review", "packages/pr-summary"],
  "devDependencies": {
    "prettier": "^3.8.3",
    "tsx": "^4.21.0",
    "typescript": "^5.9.3",
    "typescript-eslint": "^8.59.2",
    "yaml": "^2.8.4"
  }
}

This ensures a single source of truth for shared tools and simplifies version management.

[github-actions]

Bumps the GitHub Actions setup-node action to v6.4.0 and upgrades several internal dependencies across the pr-summary and pr-review packages for improved compatibility and maintenance.

Walkthrough

• Chore: Updated Node setup action to v6.4.0 in CI workflows.
• Chore: Bumped various package dependencies including @actions/core, axios, zod, @types/node, typescript-eslint, and yaml in pr-summary and pr-review.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1643 | Completion Tokens: 756 | Diff Range: 36796a8...e1191b2}

[github-actions]

Enjoy a friendly code review with AI support. Some insights are based on predictions and not guaranteed facts, so feel free to use what works best for you. You’re in the driver’s seat—AI is here to assist.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1338 | Completion Tokens: 2398 | Diff Range: 36796a8...e1191b2}

[github-actions]

I noticed that axios is pinned to an exact version. It’s generally recommended to use semver ranges (e.g., "^1.16.0") to receive backwards-compatible updates automatically and reduce maintenance overhead:

"axios": "^1.16.0"

[github-actions]

The zod dependency was bumped from 4.3.6 to 4.4.3. Before merging, please review the changelog for any minor feature additions or fixes that could impact your schemas. Also consider using a semver range like "^4.4.3" instead of pinning exactly.

[github-actions]

@types/node was updated to 24.12.3—please ensure your code is still compatible with the new Node.js types. As a best practice, adopt a semver range (for example, "^24.12.3") rather than an exact pin to benefit from compatible updates.

[github-actions]

Similar to the other manifest, consider using a semver range for @actions/core:

"@actions/core": "^3.0.1"
```This will help you pick up compatible patches and minor releases without manual bumps.

[github-actions]

Both package.json files share many identical dependencies. To reduce duplication and streamline version management, consider using an npm workspace or a shared config (e.g., via npm workspaces or pnpm) to hoist common dependencies into a single location.

[github-actions]

This change updates the GitHub workflows to use setup-node v6.4.0 and bumps patch-level dependencies in both pr-review and pr-summary packages for better tooling reliability.

Walkthrough

• Chore: Update actions/setup-node to v6.4.0 in build and code-quality workflows for consistent Node environments.
• Chore: Bump @actions/core to 3.0.1, zod to 4.4.3, and devDeps (typescript-eslint, @types/node, yaml) in pr-review.
• Chore: Apply the same dependency bumps in pr-summary for aligned maintenance.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1477 | Completion Tokens: 1109 | Diff Range: e1191b2...55ee60f}

[github-actions]

This update modernizes our CI workflows and project dependencies by upgrading the Node.js setup action to v6.4.0 across build and quality pipelines, and bumping multiple package versions in pr-summary and pr-review modules for minor improvements and patches.

Walkthrough

• Chore: Upgraded GitHub Actions setup-node to v6.4.0 for both build and code-quality workflows, enhancing CI reliability.
• Chore: Updated core action dependencies (@actions/core, @actions/github) to latest patches, improving integration stability.
• Chore: Bumped common libraries (axios, zod, typescript-eslint, yaml) across pr-summary and pr-review packages, bringing in bug fixes, performance tweaks, and security patches.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1643 | Completion Tokens: 1835 | Diff Range: 32b5974...9d95a37}

[github-actions]

Updated the Node.js setup actions to the latest patch release and bumped several package versions in both the PR summary and PR review tools for improved dependency upkeep.

Walkthrough

• Chore: Updated actions/setup-node from v6.3.0 to v6.4.0 in CI workflows
• Chore: Bumped @actions/core, axios, zod, @types/node, tsx, typescript-eslint, and yaml versions in pr-review
• Chore: Applied the same dependency upgrades in pr-summary
• Chore: Ensures the latest minor/patch releases are used without altering end-user behavior

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1727 | Completion Tokens: 344 | Diff Range: 9d95a37...7dd4316}

[github-actions]

This friendly code review is powered by AI to support you. Remember that some suggestions are AI forecasts and not absolute truths. Choose what feels right for your project. You remain in charge—AI is here to encourage and guide your own decisions.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1696 | Completion Tokens: 3134 | Diff Range: 9d95a37...7dd4316}

[github-actions]

Consider using caret (^) prefixes for your dependencies to allow non-breaking updates automatically. This reduces manual version bumps and keeps your project up to date with patch and minor releases.

"axios": "^1.16.1",

[github-actions]

Sorting dependencies alphabetically can improve readability and reduce merge conflicts. For example:

"dependencies": {
  "@octokit/webhooks": "^13.9.1",
  "@sap-ai-sdk/ai-api": "^2.10.0",
  "@sap-ai-sdk/orchestration": "^2.10.0",
  "axios": "^1.16.1",
  // …other dependencies sorted alphabetically
}

[github-actions]

It’s a good practice to specify the supported Node.js version using the engines field. This helps ensure consistency across environments and CI/CD pipelines.

"engines": {
  "node": ">=18.0.0"
}

[github-actions]

Consider using caret (^) prefixes for dependencies here as well to allow minor and patch updates without manual bumps. For example:

"@actions/core": "^3.0.1",

[github-actions]

These two package.json files share many identical dependencies. You could simplify maintenance by adopting a monorepo setup (e.g., Yarn or PNPM workspaces) and hoisting common dependencies.

// root package.json
{
  "workspaces": ["pr-review", "pr-summary"]
}

[github-actions]

Upgraded Node setup actions and package dependencies across CI workflows and packages to keep tooling and modules current and ensure compatibility.

Walkthrough

• Chore: Updated GitHub Actions setup-node from v6.3.0 to v6.4.0 in build and code-quality workflows
• Chore: Bumped core dependencies (@actions/core, axios, zod) in both pr-review and pr-summary packages
• Chore: Upgraded devDependencies (@types/node, tsx, typescript-eslint, yaml) for latest linting and build tools

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1727 | Completion Tokens: 397 | Diff Range: 7dd4316...9161358}

[github-actions]

Enjoy an AI-assisted review of your code with gentle suggestions based on predictions. Feel free to adopt the ideas that resonate and rely on your own expertise for final choices. You remain in charge while AI lends a helpful hand.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1696 | Completion Tokens: 3330 | Diff Range: 7dd4316...9161358}

[github-actions]

Consider using caret (^) version ranges instead of pinning to exact versions. This allows backward-compatible patch and minor updates without manual bumps. For example:

"dependencies": {
  "axios": "^1.16.1",
  // other dependencies...
}

[github-actions]

Similar to above, pinning exact versions can lead to more churn on minor patches. Switching to a caret range helps keep packages up-to-date automatically:

"dependencies": {
  "axios": "^1.16.1",
  // other dependencies...
}

[github-actions]

The entry "typescript-eslint" is not the official scoped ESLint plugin/formatter. You likely meant to use @typescript-eslint packages. For example:

"devDependencies": {
  "@typescript-eslint/parser": "^8.59.3",
  "@typescript-eslint/eslint-plugin": "^8.59.3",
  "yaml": "^2.9.0",
  // ...
}

[github-actions]

The use of "typescript-eslint" in devDependencies appears incorrect. Replace it with the official scoped packages and bump them accordingly. For example:

"devDependencies": {
  "@typescript-eslint/parser": "^8.59.3",
  "@typescript-eslint/eslint-plugin": "^8.59.3",
  "yaml": "^2.9.0"
}

[github-actions]

Both package.json files share identical dependencies and devDependencies sections. Consider consolidating into a monorepo with npm/yarn workspaces or a shared base config to avoid duplicate updates. For example, at root package.json:

{
  "workspaces": ["pr-review","pr-summary"],
  "dependencies": {
    "axios": "^1.16.1",
    "zod": "^4.4.3",
    // ...
  },
  "devDependencies": {
    "@typescript-eslint/parser": "^8.59.3",
    // ...
  }
}

[github-actions]

Add an "engines" field to specify supported Node.js versions and prevent accidental installations on unsupported runtimes. For example:

"engines": {
  "node": ">=18.0.0 <21.0.0"
}

[github-actions]

This update bumps the GitHub Actions setup-node steps to v6.4.0 and refreshes a suite of dependencies across the pr-summary and pr-review packages, improving CI consistency and tapping into the latest patch releases for stability.

Walkthrough

• Chore: Upgraded actions/setup-node in build and code-quality workflows from v6.3.0 to v6.4.0.
• Chore: Updated key dependencies (e.g., @actions/core, axios, zod, tsx, typescript-eslint, yaml) to their latest patch versions in both packages.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1727 | Completion Tokens: 660 | Diff Range: 9161358...78c9bf5}

[github-actions]

Thank you for sharing your code. We gathered insights with the help of AI to suggest potential improvements. Remember these suggestions are based on patterns and may not fit every scenario. Feel free to keep, modify, or discard any idea that doesn’t suit your goals. Your expertise and decision-making guide the process—it’s your project, and AI is here to support your vision.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1696 | Completion Tokens: 2365 | Diff Range: 9161358...78c9bf5}

[github-actions]

Consider using semver caret ranges instead of fixed versions for patch updates. This way you’ll automatically receive non-breaking improvements without manual bumps. For example:

{
  "dependencies": {
    "axios": "^1.16.1"
  }
}

[github-actions]

Same suggestion here: pinning to a fixed version means you have to bump manually for every patch. Switching to a caret-range ensures you pick up non-breaking fixes:

{
  "dependencies": {
    "axios": "^1.16.1"
  }
}

[github-actions]

Both package.json files share nearly identical sets of dependencies and devDependencies. To DRY up your configuration and reduce the risk of version drift, consider adopting npm/Yarn workspaces or a shared base config. For example, at the monorepo root:

{
  "workspaces": ["pr-review", "pr-summary"],
  "devDependencies": {
    "typescript": "5.9.3",
    "eslint": "9.39.4",
    "prettier": "3.8.3",
    "@types/node": "24.12.4",
    "tsx": "4.22.1"
  }
}

[github-actions]

It’s best practice to lock down your install environment by committing your lockfile (package-lock.json or yarn.lock). Make sure your CI and collaborators install from the same snapshot to avoid "works-on-my-machine" issues.

[github-actions]

This change updates the CI workflows to use the latest setup-node action and refreshes package dependencies across the pr-review and pr-summary tools to their newest minor and patch releases, improving compatibility, security, and performance without altering user-facing behavior.

Walkthrough

• Chore: Bumped actions/setup-node from v6.3.0 to v6.4.0 in both build and code-quality GitHub workflows.
• Chore: Upgraded core dependencies (@actions/core, axios, zod, and more) in pr-review/package.json to address patches and minor improvements.
• Chore: Mirrored dependency upgrades in pr-summary/package.json, updating dev tooling (tsx, typescript-eslint, yaml, etc.) for consistency.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1727 | Completion Tokens: 628 | Diff Range: 78c9bf5...052b068}

[github-actions]

Welcome to your AI-powered code review. These suggestions aim to support your work, though they aren’t absolute rules. Feel free to adopt what suits your style. You remain in control—AI is here to back you up.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1696 | Completion Tokens: 3550 | Diff Range: 78c9bf5...052b068}

[github-actions]

To improve maintainability and allow non-breaking updates, consider using caret (^) version ranges instead of exact pins for your dependencies. This approach uses Semantic Versioning to automatically pick up patch and minor fixes.

For example, you can update:

"axios": "1.16.1",
"zod": "4.4.3",
"tsx": "4.22.2",
"typescript-eslint": "8.59.4",
"yaml": "2.9.0"

to:

"axios": "^1.16.1",
"zod": "^4.4.3",
"tsx": "^4.22.2",
"typescript-eslint": "^8.59.4",
"yaml": "^2.9.0"

This also makes it easier to keep dependencies sorted alphabetically for readability and faster diff reviews.

[github-actions]

I noticed you have a dependency named typescript-eslint. The official packages are scoped under @typescript-eslint. If you intended to use ESLint plugin and parser for TypeScript, you might want to switch to:

"devDependencies": {
  "@typescript-eslint/parser": "^8.59.4",
  "@typescript-eslint/eslint-plugin": "^8.59.4",
  // ...other dev deps
}

This ensures you’re using the correct, up-to-date tooling supported by the TypeScript ESLint team.

[github-actions]

Similar to the other package, pinning exact versions may lead to missing important patches. Using caret ranges (^) helps you stay secure and up-to-date without manual bumps for every patch release. Also, consider sorting dependencies alphabetically.

"dependencies": {
  "@actions/core": "^3.0.1",
  "@actions/github": "^7.0.0",
  "@octokit/plugin-retry": "^6.1.0",
  "@octokit/plugin-throttling": "^8.2.0",
  "@octokit/webhooks": "^13.9.1",
  "@sap-ai-sdk/ai-api": "^2.10.0",
  "@sap-ai-sdk/orchestration": "^2.10.0",
  "axios": "^1.16.1",
  "minimatch": "^10.2.5",
  "mollitia": "^0.2.0",
  "octokit": "^5.0.5",
  "parse-diff": "^0.12.0",
  "zod": "^4.4.3"
}

[github-actions]

The typescript-eslint entry here may be a mismatch with the scoped packages provided by the TypeScript ESLint project. You should install the parser and plugin separately:

"devDependencies": {
  "@typescript-eslint/parser": "^8.59.4",
  "@typescript-eslint/eslint-plugin": "^8.59.4",
  // existing devDependencies
}

This aligns with the official naming convention and ensures compatibility with TypeScript-specific rules.

[github-actions]

This update standardizes the CI environment by bumping the GitHub Actions Node setup to v6.4.0 and brings multiple package dependencies in both the PR Review and PR Summary tools up to their latest patch releases to ensure compatibility, security, and performance improvements without affecting end-user functionality.

Walkthrough

• Chore: Upgraded actions/setup-node in build and code-quality workflows to v6.4.0.
• Chore: Updated internal dependencies (@actions/core, axios, zod, @types/node, tsx, typescript-eslint, yaml) to latest patch versions in both pr-review and pr-summary packages.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1727 | Completion Tokens: 542 | Diff Range: 052b068...a8dab7f}

[github-actions]

We’ve prepared an AI-assisted code review to offer suggestions and highlight potential improvements. Some recommendations are based on predictions and may not apply in every context, so choose what feels right for your project. Your expertise and decisions are central—AI is here to help and support your process.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1696 | Completion Tokens: 1827 | Diff Range: 052b068...a8dab7f}

[github-actions]

Consider loosening the strict pinning of patch versions for your dependencies by switching to caret (^) ranges. This allows non-breaking updates to be pulled in automatically, reducing the need for frequent manual bumps. For example:

{
  "dependencies": {
    "axios": "^1.16.1",
    "zod": "^4.4.3"
  }
}

Repeat for other packages as needed to follow semantic versioning best practices.

[github-actions]

You’ve duplicated devDependency version bumps across multiple packages. To reduce maintenance overhead and ensure consistency, you could centralize shared devDependencies (like typescript-eslint and yaml) in your monorepo’s root package.json or use a tool like npm workspaces. For example, in your root package.json:

{
  "devDependencies": {
    "typescript-eslint": "^8.59.4",
    "yaml": "^2.9.0"
  }
}

Then remove them from this package to avoid drift.

[github-actions]

As with the other package, I recommend switching to caret ranges for dependencies to automatically include backward-compatible fixes and features. For example:

{
  "dependencies": {
    "@actions/core": "^3.0.1",
    "axios": "^1.16.1",
    "zod": "^4.4.3"
  }
}

This reduces the churn of manual version updates for patch releases.

[github-actions]

DevDependencies are also duplicated here. Consolidating shared tooling across your monorepo can simplify upgrades and ensure consistency. Using npm workspaces or a root-level package.json:

{
  "devDependencies": {
    "tsx": "^4.22.3",
    "typescript-eslint": "^8.59.4",
    "yaml": "^2.9.0"
  }
}

Then remove these entries from individual packages to avoid version mismatches.

[github-actions]

Updated GitHub workflows and project dependencies to the latest patch versions to ensure build reliability, performance, and security consistency across modules.

Walkthrough

• Chore: Updated actions/setup-node references from v6.3.0 to v6.4.0 across build and code-quality workflows for improved compatibility and caching performance.
• Chore: Upgraded core action and runtime dependencies (@actions/core, axios, @octokit/*, zod) to patch releases, addressing potential vulnerabilities and bug fixes.
• Chore: Refreshed devDependencies (@types/node, tsx, typescript-eslint, yaml, etc.) to the latest versions, enhancing linting, formatting, and build stability.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1727 | Completion Tokens: 877 | Diff Range: a8dab7f...a462e1b}

[github-actions]

This update modernizes CI workflows and streamlines the review and summary tools by upgrading GitHub Actions, refreshing key dependencies, and cleaning up configuration and core code. These changes focus on maintainability and build consistency without altering any user-facing functionality.

Walkthrough

• Chore: Upgraded actions/setup-node to v6.4.0 in build and code-quality workflows.
• Chore: Bumped core dependencies (@actions/*, @octokit/*, axios, TypeScript tools) in both pr-review and pr-summary packages.
• Refactor: Simplified context file loops and replaced custom types with Parameters<> in main.ts.
• Refactor: Removed redundant tsconfigRootDir and cleaned up tsconfig.json.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 3096 | Completion Tokens: 693 | Diff Range: a462e1b...c62baf7}

[github-actions]

Enjoy a supportive code review with AI assistance. Some suggestions are based on predictions, not guarantees, so feel free to use what best fits your project. You remain in control as AI offers helpful insights to guide your decisions.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1821 | Completion Tokens: 3322 | Diff Range: a8dab7f...c62baf7}

[github-actions]

Most dependencies are pinned to exact versions, requiring manual bumps for every patch or minor release. Consider using caret (^) ranges to automatically include backwards-compatible updates. This reduces manual maintenance and helps keep your project up-to-date. For example:

"dependencies": {
  "@actions/core": "^3.0.1",
  "@actions/github": "^9.1.1",
  "axios": "^1.16.1",
  "zod": "^4.4.3"
}

[github-actions]

The dependencies block would be easier to scan and maintain if sorted alphabetically by package name. This convention helps catch duplicates and makes reviews simpler. For example:

"dependencies": {
  "@actions/core": "^3.0.1",
  "@actions/github": "^9.1.1",
  "@octokit/action": "^7.0.2",
  "@octokit/plugin-retry": "^8.1.0",
  "@octokit/webhooks": "^13.9.1",
  "@sap-ai-sdk/ai-api": "^2.10.0",
  "@sap-ai-sdk/orchestration": "^2.10.0",
  "axios": "^1.16.1",
  "minimatch": "^10.2.5",
  "mollitia": "^0.2.0",
  "octokit": "^5.0.5",
  "parse-diff": "^0.12.0",
  "zod": "^4.4.3"
}

[github-actions]

The dependency named octokit is deprecated in favor of the scoped @octokit/core or other official Octokit packages. Switching will clarify which Octokit implementation you rely on and receive updates automatically. For example:

"@octokit/core": "^4.2.0"

Then update your imports accordingly:

import { Octokit } from '@octokit/core';

[github-actions]

Consider adding an engines field to enforce the Node.js version your project supports. This prevents accidental installs with incompatible Node versions. For example:

"engines": {
  "node": ">=16 <=20"
}

[github-actions]

Here too, using caret (^) ranges for your dependencies helps automatically pick up patch and minor updates. For example:

"dependencies": {
  "@actions/core": "^3.0.1",
  "axios": "^1.16.1",
  "zod": "^4.4.3"
}

[github-actions]

You have both @octokit/plugin-retry and @octokit/plugin-throttling in dependencies. Unless you need both plugins together, consider choosing one strategy for handling rate-limits or retries to reduce bundle size and complexity. If you only need retry logic, you can remove the throttling plugin, or vice versa.

[github-actions]

As in the other package, the unscoped octokit package is outdated. Switch to the official @octokit/core (or @octokit/rest) to align with current Octokit libraries. For example:

"@octokit/core": "^4.2.0"

[github-actions]

For consistency and readability, alphabetize the dependencies section. This makes diffs smaller and spot duplicates faster. For example:

"dependencies": {
  "@actions/core": "^3.0.1",
  "@actions/github": "^9.1.1",
  "@octokit/plugin-retry": "^8.1.0",
  "@octokit/plugin-throttling": "^11.0.3",
  "@octokit/webhooks": "^13.9.1",
  "@sap-ai-sdk/ai-api": "^2.10.0",
  "@sap-ai-sdk/orchestration": "^2.10.0",
  "axios": "^1.16.1",
  "minimatch": "^10.2.5",
  "mollitia": "^0.2.0",
  "octokit": "^5.0.5",
  "parse-diff": "^0.12.0",
  "zod": "^4.4.3"
}

[github-actions]

This change removes unnecessary type assertions in the configuration parsers, relying solely on Zod’s built-in inference for parsed values. Both pr-review/src/config.ts and pr-summary/src/config.ts are updated to simplify the map operations without altering functionality or user behavior.

Walkthrough

• Refactor: Streamlines configuration parsing in PR review and summary modules by removing redundant type assertions. Both pr-review/src/config.ts and pr-summary/src/config.ts now rely on Zod's built-in inference for parsing environment variable entries. This update has no impact on user-facing behavior but enhances code readability, reduces complexity, and ensures type safety is consistently enforced at runtime.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 354 | Completion Tokens: 1569 | Diff Range: c62baf7...01273a5}

[github-actions]

Here’s a supportive review of your code powered by AI. Some suggestions are based on predictions rather than certainties, so choose what fits your style and goals. You’re in control—AI is here to support your decisions.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 800 | Completion Tokens: 1292 | Diff Range: c62baf7...01273a5}

[github-actions]

Great cleanup removing the redundant cast — zodSchema.parse(v) already returns the correctly inferred type, so you don’t need as z.infer<T>. Here are some further improvements you could make:

1. Use safeParse (or parseAsync) to handle validation errors gracefully instead of throwing at the first failure.
2. Simplify splitting and trimming into a single step using a more targeted regex.
3. Pull this parsing logic into a shared utility since it’s duplicated in both pr-review and pr-summary modules.

Example refactor:

// utils/parseList.ts
import { ZodType, ZodError } from 'zod';

export function parseList<T>(
  raw: string,
  schema: ZodType<T>
): T[] {
  return raw
    .split(/[\s,]+/)           // split on whitespace or commas
    .filter(Boolean)            // drop empty entries
    .map(item => {
      const result = schema.safeParse(item);
      if (!result.success) {
        // handle or rethrow with context
        throw new ZodError([
          ...result.error.issues.map(issue => ({
            ...issue,
            path: ['value'],
          })),
        ]);
      }
      return result.data;
    });
}

Then in your config files:

import { parseList } from '../utils/parseList';
import { yourZodSchema } from './schema';

const values = parseList(rawInput, yourZodSchema);

This makes your code more robust, readable, and eliminates duplication across modules.

[github-actions]

This file is effectively identical to the one in pr-review. To avoid code drift and duplication, extract the shared parsing logic into a common helper (as shown above). This reduces maintenance overhead and ensures consistent behavior when schema parsing changes.

[github-actions]

The setSecret<T>(value: T): T function currently just returns the value unchanged. If you’re using it to mark or handle sensitive data, consider integrating a dedicated secret management approach (e.g., environment variables, AWS Secrets Manager, or vault integrations). Otherwise, if it’s not needed, it’s safe to remove this no-op wrapper to simplify the code.