feat: Add dependency changelog viewer and improve ESLint configuration for mixed TypeScript/JavaScript projects (#47)

* chore: upgrade ESLint to v9 and update config

Upgrades ESLint and related TypeScript dependencies,
adds flat config, and backs up the old setup.

* chore: actualizar dependencias del proyecto

Co-authored-by: aider (anthropic/claude-haiku-4-5) <aider@aider.chat>

* chore: update guidelines and clean up configs

Adds project coding and style guidelines;
removes legacy ESLint and run scripts.

* chore: update dependency versions

Bumps numerous dependency versions for improved stability.

* chore: bump dependency versions

Upgrades ESLint, TypeScript, Prettier, and related packages

* chore: upgrade dependencies

Bump versions for telegraf, winston, nock, ts-jest, and others

* chore: upgrade dependency versions

Bumps numerous package versions in the lock file for improved stability and compatibility.

* feat: add dependency changelog tool

Adds a script that fetches and formats changelog URLs for updated dependencies.
Updates package scripts accordingly.

* chore: update ESLint config and deps

Refines linting rules and file patterns,
simplifies error handling in changelog,
and upgrades dependency versions.

* chore: upgrade dependency versions

Updates cron, dotenv, and dotenv-cli to latest compatible versions.

* chore: upgrade husky & update hook script

Upgrades husky to v9 and refactors pre-commit hook script for consistency.

* chore: update date-fns dependency

* chore: upgrade dependency versions

Updates various packages and their lockfile entries.

* chore: upgrade dependencies

Upgrade Express to 5.1.0 and update related packages in lock file.

* fix: resolve codecov major issues

* docs: update ESLint migration doc

Updates markdown formatting and headings in ESLint migration guide

* fix: move files

* fix: move files

---------

Co-authored-by: aider (anthropic/claude-haiku-4-5) <aider@aider.chat>

Author: laendoor

.clinerules

@@ -0,0 +1,50 @@
+# Cline Rules for Espinoso Bot
+
+## Code Style
+- Follow ESLint and Prettier configurations strictly (already set up in project)
+- Single quotes, 2-space indentation, 120 char line width
+- Organize imports: builtin → external → internal → parent → sibling → index
+- Alphabetize imports within groups
+- Use arrow functions without parens when single parameter
+- Prefix unused vars with underscore (_)
+
+## TypeScript Conventions
+- Use TypeScript types but avoid over-engineering
+- No explicit function return types unless adding clarity
+- Allow `any` when pragmatic (not dogmatic about types)
+- Keep interfaces and types close to where they're used
+
+## Project Structure
+- Controllers: API/webhook handlers
+- Core: Business logic (GPT, Holidays, Stickers, etc.)
+- Helpers: Utility functions
+- Lib: External service clients (GitHub, HTTP, logging)
+- Exceptions: Custom error classes
+- Keep separation of concerns clear
+
+## Testing Philosophy
+- Currently: Unit tests only (Jest)
+- Future goal: Add integration test layer
+- Test files in `__tests__/` directory
+- Mock external services (using nock)
+- Keep fixtures in `__tests__/__fixtures__/`
+
+## Documentation (Work in Progress)
+- TODO: Improve README with setup instructions
+- TODO: Create bot usage documentation
+- In code: Add comments when logic isn't obvious, but don't over-comment
+
+## Communication Style
+- Be technical but friendly
+- Add some humor when appropriate 😄
+- It's okay to express uncertainty - nobody knows everything
+- Focus on learning together and teaching clearly
+- Concise explanations, but thorough when needed
+- No corporate speak or overly formal language
+
+## Bot-Specific Guidelines
+- This is "Espinoso" (unfriendly bot) - embrace the personality
+- Handle Telegram webhooks through Express
+- Use Winston for logging
+- Environment variables via dotenv
+- Keep webhook handling efficient (quick responses)

.eslintignore

@@ -15,7 +15,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        node: ['20.10.0']
+        node: ['20.17.0']
 
     steps:
       - name: Checkout 🛎

.eslintrc.json

@@ -10,7 +10,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        node: ['20.10.0']
+        node: ['20.17.0']
     steps:
       - name: Checkout 🛎
         uses: actions/checkout@v3

.github/workflows/ci-stage.yml

@@ -1,5 +1,4 @@
 #!/bin/sh
-. "$(dirname "$0")/_/husky.sh"
 
-echo 'linting staged'
+echo '🐶 Husky pre-commit: npx lint-staged'
 npx lint-staged

.github/workflows/deploy-stage.yml

@@ -0,0 +1,127 @@
+#!/usr/bin/env node
+
+const { execSync } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+
+/**
+ * Validates that a package name is safe (contains only valid npm package characters)
+ */
+function isValidPackageName(name) {
+  // npm package names must be lowercase, can contain hyphens and underscores
+  // This regex matches valid npm package names
+  return /^(@?[a-z0-9]([a-z0-9-]*[a-z0-9])?\/)?[a-z0-9]([a-z0-9._-]*[a-z0-9])?$/.test(name);
+}
+
+/**
+ * Fetches the repository URL for a given package
+ */
+function getRepoUrl(packageName) {
+  try {
+    // Validate package name to prevent command injection
+    if (!isValidPackageName(packageName)) {
+      return null;
+    }
+
+    const result = execSync(`npm view ${packageName} repository.url`, {
+      encoding: 'utf-8',
+      stdio: ['pipe', 'pipe', 'pipe'],
+    });
+    return result.trim();
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Converts git URLs to HTTPS GitHub URLs and attempts to link to changelog
+ */
+function formatChangelogUrl(repoUrl) {
+  if (!repoUrl) return null;
+
+  // Convert git:// or git+https:// to https://
+  let url = repoUrl
+    .replace('git+https://', 'https://')
+    .replace('git://', 'https://')
+    .replace('git@github.com:', 'https://github.com/')
+    .replace(/\.git$/, '');
+
+  // Try to link to releases page for GitHub repos
+  if (url.includes('github.com')) {
+    return `${url}/releases`;
+  }
+
+  return url;
+}
+
+/**
+ * Safely reads package.json from the current working directory
+ */
+function readPackageJson() {
+  const cwd = process.cwd();
+  const packageJsonPath = path.join(cwd, 'package.json');
+
+  // Validate that the resolved path is within the current working directory
+  // to prevent directory traversal attacks
+  const resolvedPath = path.resolve(packageJsonPath);
+  const resolvedCwd = path.resolve(cwd);
+
+  if (!resolvedPath.startsWith(resolvedCwd)) {
+    throw new Error('Invalid package.json path');
+  }
+
+  return JSON.parse(fs.readFileSync(resolvedPath, 'utf-8'));
+}
+
+/**
+ * Main function
+ */
+async function main() {
+  try {
+    // Read current package.json
+    const packageJson = readPackageJson();
+    const currentDeps = { ...packageJson.dependencies, ...packageJson.devDependencies };
+
+    // Run ncu and get JSON output
+    const ncuOutput = execSync('ncu --jsonUpgraded', {
+      encoding: 'utf-8',
+    });
+
+    const upgrades = JSON.parse(ncuOutput);
+
+    if (Object.keys(upgrades).length === 0) {
+      console.log('✨ All dependencies are up to date!');
+      return;
+    }
+
+    console.log('\n📦 Outdated Dependencies:\n');
+
+    // Process each package
+    for (const [packageName, latestVersion] of Object.entries(upgrades)) {
+      const currentVersion = currentDeps[packageName] || 'unknown';
+
+      const repoUrl = getRepoUrl(packageName);
+      const changelogUrl = formatChangelogUrl(repoUrl);
+
+      // Format output
+      const packageInfo = `${packageName.padEnd(30)} ${currentVersion.padEnd(15)} → ${latestVersion.padEnd(15)}`;
+
+      if (changelogUrl) {
+        console.log(`${packageInfo} ${changelogUrl}`);
+      } else {
+        console.log(`${packageInfo} (no repo found)`);
+      }
+    }
+
+    console.log('\n');
+  } catch (error) {
+    if (error.message.includes('No dependencies')) {
+      console.log('✨ All dependencies are up to date!');
+    } else {
+      console.error('Error:', error.message);
+      process.exit(1);
+    }
+  }
+}
+
+main();

.husky/pre-commit

@@ -1,5 +1,5 @@
 # Building stage
-FROM node:20.10-alpine as builder
+FROM node:20.17-alpine as builder
 WORKDIR /app
 
 COPY package.json yarn.lock /app/
@@ -10,7 +10,7 @@ RUN yarn install --frozen-lockfile
 RUN yarn build
 
 # Preparing stage
-FROM node:20.10-alpine as prod
+FROM node:20.17-alpine as prod
 ENV NODE_ENV=production
 WORKDIR /app
 
@@ -19,7 +19,7 @@ RUN yarn install --frozen-lockfile
 COPY --from=builder /app/dist/ /app/dist/
 
 # Deployed stage
-FROM node:20.10-alpine
+FROM node:20.17-alpine
 RUN apk add --no-cache bash=~5
 
 ENV NODE_ENV=production

.scripts/ncu-changelog.js

@@ -1,3 +1,3 @@
 import * as dotenv from 'dotenv';
 
-dotenv.config({ path: './.env.test' });
+dotenv.config({ path: './.env.test', quiet: true });