chore(deps): 13 outdated deps identified. Priority: puppeteer (security, major jump),

[isagoakira]

🔧 依赖维护更新 — facebook/create-react-app

此 PR 由 Code Legacy Reviver 自动生成🤖

📋 更新摘要

13 outdated deps identified. Priority: puppeteer (security, major jump), husky (3 minor), jest (2 majors). Moderate-risk: lerna, execa, prettier, globby (breaking changes). Low-risk: eslint, web-vitals, lint-staged, tempy, wait-for-localhost, multimatch. Testing-library packages are only 1 minor behind — defer until other deps are updated.

📦 变更清单

🔴 jest: ^27.4.3 → ^27.5.0
27.4.3 is 2+ major versions behind current 29.x. Safer to bump within 27.x first (27.5.0+ has security fixes). Major jump to 29.x may break test setup.

🔴 puppeteer: ^12.0.1 → ^22.0.0
12.0.1 is 10 major versions behind (current 22.x). Contains critical CVE fixes. Puppeteer has breaking API changes across major versions — test carefully before upgrading.

🔴 husky: ^4.3.8 → ^9.0.0
4.3.8 is 5 major versions behind (current 9.x). Breaking config format change (v5+) but well-documented. Essential for CI integrity.

🟡 lerna: ^4.0.0 → ^8.0.0
4.0.0 is 4 major versions behind (current 8.x). Lerna 5+ switched toNx for caching — may require config migration. Verify workspace publishing still works.

🟡 execa: ^5.1.1 → ^9.0.0
5.1.1 is 4 major versions behind (current 9.x). Execa 6+ switched to named exports and changed return type shape. Review all execa usage before bumping.

🟡 prettier: ^2.5.0 → ^3.0.0
2.5.0 is behind current 3.x. Prettier 3 has breaking formatting changes (e.g., CSS print width). Run format script and diff carefully.

🔴 web-vitals: ^2.1.2 → ^3.5.0
2.1.2 is 3 minor versions behind (current 3.x). 3.0 added new attribution features — minor risk, mostly additive API.

🟢 globby: ^11.0.4 → ^14.0.0
11.0.4 is 3 major versions behind (current 14.x). v13+ requires Node 18+. v14 uses ESM. If codebase is CommonJS, stick with 13.x.

🔴 lint-staged: ^12.1.2 → ^15.2.0
12.1.2 is 3 minor versions behind (current 15.x). v13+ uses ESM config. Likely safe but config format may differ.

🔴 tempy: ^1.0.1 → ^3.1.0
1.0.1 is 2 major versions behind (current 3.x). Breaking: dropNode 12 support, changed API defaults. Low risk if only used in scripts.

🔴 wait-for-localhost: ^3.3.0 → ^4.1.0
3.3.0 is 1 minor behind current 4.x. Small, focused CLI tool — low risk upgrade.

🔴 eslint: ^8.3.0 → ^8.57.0
8.3.0 is behind within same major. 8.57.0 patches CVEs and adds TypeScript 5.4 support. Staying in 8.x is safe.

🔴 multimatch: ^5.0.0 → ^7.0.0
5.0.0 is 2 minor versions behind (current 7.x). Low risk — small utility lib, minor changes.

⚠️ 风险等级

🟡 Medium

📝 文件变更

• package.json

---

Generated by Code Legacy Reviver

[meta-cla]

Hi @isagoakira!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks!

[meta-cla]

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks!