Conversation
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the dev-minor-patch group with 2 updates: [axios](https://github.com/axios/axios) and [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli). Updates `axios` from 1.17.0 to 1.18.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.17.0...v1.18.0) Updates `markdownlint-cli` from 0.48.0 to 0.49.0 - [Release notes](https://github.com/igorshubovych/markdownlint-cli/releases) - [Commits](igorshubovych/markdownlint-cli@v0.48.0...v0.49.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.18.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-patch - dependency-name: markdownlint-cli dependency-version: 0.49.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the prod-minor-patch group with 1 update: [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript). Updates `@anthropic-ai/sdk` from 0.104.1 to 0.105.0 - [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases) - [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md) - [Commits](anthropics/anthropic-sdk-typescript@sdk-v0.104.1...sdk-v0.105.0) --- updated-dependencies: - dependency-name: "@anthropic-ai/sdk" dependency-version: 0.105.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
BREAKING: raises engines.node from >=16 to >=22 across root + all 14 plugin packages. Tracks #686. Rationale: - Node 18 EOL: 2025-04-30 (14mo ago); Node 20 EOL: 2026-04-30 (2mo ago). Our CI was testing two EOL versions. - Three dependabot PRs in one week (#683 eslint@10, #684 @eslint/js@10, #685 which@7) closed for the same Node-floor mismatch. Cheaper to align with active LTS once than to keep gating major bumps weekly. Changes: - engines.node >=22.0.0, engines.npm >=10.0.0 in 15 package.json files - All @claudeautopm/plugin-* bumped to 4.0.0 (plugin-obsidian to 2.0.0) - CI matrix [18.x,20.x] -> [22.x,24.x] in test.yml - Single-version Node pins -> '22' (commands-sync-check, scripts-sync-check, deploy-docs, npm-publish test job). plugin-publish stays on 24. - package-lock.json regenerated against npm 10
chore: release 4.0.0 — drop Node <22 support
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
✅ Approved
🤖 Claude Sonnet 4.6 (OpenRouter) (anthropic/claude-sonnet-4.6) via OpenRouter
This is a clean version-bump PR promoting v4.0.0 from develop to main: Node engine floor raised from >=16 to >=22, CI matrix updated to [22.x, 24.x], all 14 plugin packages bumped to 4.0.0, actions/checkout bumped to v7, and several dependency updates (anthropic SDK, markdownlint-cli, axios, katex). The diff is mechanical and consistent across all package.json files and the lock file.
1 finding:
- 🟡 MEDIUM CONFIDENCE package.json:17 — The
postinstallscript emoji was changed from a literal 🎉 to Unicode escape sequences (\ud83c\udf89), which are a surrogate pair representing 🎉. In JSON, surrogate pairs (U+D83C U+DF89) are not valid standalone Unicode scalar values and may be mishandled by some JSON parsers or terminals, potentially printing garbled output or throwing on strict parsers. The original literal emoji was correct.- Fix: Restore the literal emoji character
🎉in the postinstall echo string, or use the single valid Unicode escape\uD83C\uDF89only if the toolchain requires ASCII-safe JSON (but prefer the literal). - Evidence:
'- "postinstall": "echo '🎉 ClaudeAutoPM installed! Run: autopm --help'",' → '+ "postinstall": "echo '\ud83c\udf89 ClaudeAutoPM installed! Run: autopm --help'",'
- Fix: Restore the literal emoji character
Gate wrong or a false positive? Do not edit this workflow to pass — open an issue on lagowski/pr-review-gate.
rlagowski
approved these changes
Jun 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Promotes v4.0.0 from develop → main for the npm release.
What's in this release
Breaking — Node floor raised to 22.0.0. See CHANGELOG for full breakdown.
Headline change (closes #686):
engines.noderaised from>=16→>=22across root + 14@claudeautopm/plugin-*packages[18.x, 20.x]→[22.x, 24.x]4.0.0(plugin-obsidian:1.0.0→2.0.0)engines.npmraised to>=10.0.0Bundled dependency bumps (already on develop):
actions/checkout4 → 7 (chore(deps): bump actions/checkout from 4 to 7 #680)@anthropic-ai/sdkminor bump in prod-minor-patch group (deps(deps): bump @anthropic-ai/sdk from 0.104.1 to 0.105.0 in the prod-minor-patch group #682)Why v4.0.0
Three dependabot PRs in one week (#683, #684, #685) all closed for the same Node-floor mismatch — the pattern is structural, not transient. Both Node 18 (EOL 2025-04-30) and Node 20 (EOL 2026-04-30) had already passed upstream end-of-life by the time CI was still testing against them. Active LTS targets are now Node 22 (until 2027-04-30) and Node 24.
Provenance: prep landed via #687 (CI verified Node 22.x + 24.x compatibility, AI Review Gate ✅).
Migration
npm install -g claude-autopm@4works unchanged.nvm install 22 && nvm use 22). v3.25.7 remains on npm for the lagging tail (no patches will be backported).Post-merge
v4.0.0on the main merge commit → triggers "Publish to npm" workflowTest plan
Verify PR source is developpasses (head is literallydevelop)copilot-reviewpassesnpm install -g claude-autopm@4on a fresh Node 22 shell