chore: migrate stable-hash to stable-hash-x

[JounQin]

Summary by CodeRabbit

• Chores
  • Updated dependencies and development tools to newer versions.
  • Migrated from the stable-hash package to stable-hash-x.
  • Updated Yarn to version 4.9.2.
  • Refined GitHub Actions workflows to use a more specific version of the checkout action.
• Tests
  • Updated a test case for improved accuracy with import statements.

---

Important

Migrate from stable-hash to stable-hash-x across dependencies, source code, workflows, and tests.

• Dependencies:
  • Replace stable-hash with stable-hash-x in package.json dependencies.
  • Update various dependencies and devDependencies to newer versions in package.json.
• Source Code:
  • Change import from stable-hash to stable-hash-x in export-map.ts and resolve.ts.
• Workflows:
  • Update actions/checkout version comment to v4.2.2 in autofix.yml, ci.yml, pkg-pr-new.yml, and release.yml.
• Yarn:
  • Update yarnPath to yarn-4.9.2.cjs in .yarnrc.yml.
• Tests:
  • Update snapshot in node-resolver.spec.ts.snap to reflect changes in Jest path resolution.
  • Modify test case in no-named-as-default.spec.ts to use eslint-plugin-import-x.

^{This description was created by for f660985. You can customize this summary. It will automatically update as commits are pushed.}

[changeset-bot]

🦋 Changeset detected

Latest commit: 74ca0f3

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
eslint-plugin-import-x	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

The updates consist of dependency version bumps, migration from stable-hash to stable-hash-x, and workflow refinements. Several GitHub Actions workflows now reference a more specific actions/checkout version. The Yarn configuration and package.json dependencies were updated, and two utility files migrated their imports. One test file was slightly adjusted for naming.

Changes

File(s)	Change Summary
.github/workflows/autofix.yml .github/workflows/ci.yml .github/workflows/pkg-pr-new.yml .github/workflows/release.yml	Updated actions/checkout version tag from v4 to v4.2.2 in workflows.
.yarnrc.yml package.json	Bumped Yarn version from 4.9.1 to 4.9.2 and updated multiple dependencies and resolutions.
src/utils/export-map.ts src/utils/resolve.ts	Changed import of stableHash from stable-hash to stable-hash-x.
.changeset/breezy-toys-pump.md	Added a changeset documenting the migration from stable-hash to stable-hash-x.
test/rules/no-named-as-default.spec.ts	Modified test import and expected error identifier from z to importX for a specific test case.

Possibly related PRs

• chore: bump all (dev)Dependencies #357: Updates dependencies including migration from stable-hash to stable-hash-x and bumps @typescript-eslint/utils and unrs-resolver.

Suggested labels

documentation

Poem

A patch arrives, dependencies bloom,
Workflows now precise, no hint of gloom.
Hashing’s new, with an “x” in tow,
Yarn hops ahead, just so you know.
Tests renamed and changes set,
The codebase fresh—no need to fret!
🐇✨

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

src/utils/export-map.ts

Oops! Something went wrong! :(

ESLint: 9.28.0

Error [ERR_MODULE_NOT_FOUND]: Cannot find module '/lib/index.js' imported from /eslint.config.js
at finalizeResolution (node:internal/modules/esm/resolve:274:11)
at moduleResolve (node:internal/modules/esm/resolve:859:10)
at defaultResolve (node:internal/modules/esm/resolve:983:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:799:12)
at #cachedDefaultResolve (node:internal/modules/esm/loader:723:25)
at ModuleLoader.resolve (node:internal/modules/esm/loader:706:38)
at ModuleLoader.getModuleJobForImport (node:internal/modules/esm/loader:307:38)
at #link (node:internal/modules/esm/module_job:170:49)

test/rules/no-named-as-default.spec.ts

Oops! Something went wrong! :(

ESLint: 9.28.0

Error [ERR_MODULE_NOT_FOUND]: Cannot find module '/lib/index.js' imported from /eslint.config.js
at finalizeResolution (node:internal/modules/esm/resolve:274:11)
at moduleResolve (node:internal/modules/esm/resolve:859:10)
at defaultResolve (node:internal/modules/esm/resolve:983:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:799:12)
at #cachedDefaultResolve (node:internal/modules/esm/loader:723:25)
at ModuleLoader.resolve (node:internal/modules/esm/loader:706:38)
at ModuleLoader.getModuleJobForImport (node:internal/modules/esm/loader:307:38)
at #link (node:internal/modules/esm/module_job:170:49)

src/utils/resolve.ts

Oops! Something went wrong! :(

ESLint: 9.28.0

Error [ERR_MODULE_NOT_FOUND]: Cannot find module '/lib/index.js' imported from /eslint.config.js
at finalizeResolution (node:internal/modules/esm/resolve:274:11)
at moduleResolve (node:internal/modules/esm/resolve:859:10)
at defaultResolve (node:internal/modules/esm/resolve:983:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:799:12)
at #cachedDefaultResolve (node:internal/modules/esm/loader:723:25)
at ModuleLoader.resolve (node:internal/modules/esm/loader:706:38)
at ModuleLoader.getModuleJobForImport (node:internal/modules/esm/loader:307:38)
at #link (node:internal/modules/esm/module_job:170:49)

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 74a16c5 and 74ca0f3.

⛔ Files ignored due to path filters (3)

• .yarn/releases/yarn-4.9.2.cjs is excluded by !**/.yarn/**
• test/__snapshots__/node-resolver.spec.ts.snap is excluded by !**/*.snap
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (10)

• .changeset/breezy-toys-pump.md (1 hunks)
• .github/workflows/autofix.yml (1 hunks)
• .github/workflows/ci.yml (1 hunks)
• .github/workflows/pkg-pr-new.yml (1 hunks)
• .github/workflows/release.yml (1 hunks)
• .yarnrc.yml (1 hunks)
• package.json (5 hunks)
• src/utils/export-map.ts (1 hunks)
• src/utils/resolve.ts (1 hunks)
• test/rules/no-named-as-default.spec.ts (1 hunks)

🔇 Additional comments (19)

src/utils/resolve.ts (1)

6-6: Import source updated to stable-hash-x
The stableHash import now references the new stable-hash-x package, aligning with the dependency migration.

src/utils/export-map.ts (1)

9-9: Import source updated to stable-hash-x
Consistent with the broader migration, the stableHash import now points to stable-hash-x.

test/rules/no-named-as-default.spec.ts (2)

165-166: Update invalid test to use plugin package
The invalid test now imports importX from 'eslint-plugin-import-x' instead of zod, matching the removal of the zod devDependency.

---

165-167:

✅ Verification successful

Ensure no residual zod imports remain
Search the codebase for any leftover zod references to confirm the migration is complete.

---

🏁 Script executed:

#!/bin/bash
# Verify no zod imports remain
rg --files-with-matches "zod"

Length of output: 43

---

✔ No residual zod imports found
The only occurrence of “zod” is in renovate.json (configuration), not in source code. Migration is complete.

.yarnrc.yml (1)

10-10:

✅ Verification successful

Verify bumped Yarn path file exists
Please confirm that .yarn/releases/yarn-4.9.2.cjs is committed and available in the repository.

---

🏁 Script executed:

#!/bin/bash
# Check for the new Yarn release file
if [ -f .yarn/releases/yarn-4.9.2.cjs ]; then
  echo "Found yarn-4.9.2.cjs"
else
  echo "Missing yarn-4.9.2.cjs"
fi

Length of output: 93

---

Yarn release file verified
The file .yarn/releases/yarn-4.9.2.cjs is present in the repository.

.changeset/breezy-toys-pump.md (1)

1-3: Changeset documents the migration
The new changeset accurately records the chore: migrating from stable-hash to stable-hash-x.

Also applies to: 5-5

.github/workflows/pkg-pr-new.yml (1)

17-17: Pinned Checkout Action Version
Locking actions/checkout to the specific commit SHA ensures reproducible CI runs while reflecting the intended v4.2.2 patch.

.github/workflows/release.yml (1)

23-23: Pinned Checkout Action Version
Consistent pinning of actions/checkout to the same SHA (v4.2.2) across workflows is ideal for stability.

.github/workflows/ci.yml (1)

44-44: Pinned Checkout Action Version
Using the exact commit SHA aligns with the other workflows and avoids unexpected updates.

.github/workflows/autofix.yml (1)

19-19: Pinned Checkout Action Version
Good to see the checkout action pinned to the stable v4.2.2 commit for consistency.

package.json (9)

11-11: Validate Yarn Version Alignment
The packageManager field now points to [email protected]. Please verify this matches the Yarn path in .yarnrc.yml.

---

80-86: Dependency Upgrades
The bumps to @typescript-eslint/types, comment-parser, debug, and others align with the changeset. No conflicts detected.

---

88-88: New Dependency unrs-resolver
Upgrading unrs-resolver to ^1.7.10 is acceptable. Ensure its transitive dependencies remain compatible.

---

91-95: DevDeps: Internal Config Packages
The updates to @1stg/* packages look intentional and consistent with internal conventions.

---

97-101: DevDeps: Babel Toolchain
Babel presets and plugins have been bumped; ensure the build output remains unchanged by running a full build.

---

111-136: DevDeps: ESLint & SWC Binaries
The ESLint, SWC, and helper dependencies are upgraded as expected. Confirm linter runs pass without regressions.

---

149-168: DevDeps: Testing & Auxiliary Tools
Upgrades to jest, tsdown, typescript-eslint, and related tools are acceptable. A full test suite run is recommended.

---

171-173: Resolutions Updates
Locking @typescript-eslint/utils and prettier via resolutions matches the updated devDependencies.

---

87-87:

✅ Verification successful

Verify Removal of stable-hash
The migration to stable-hash-x is in place. Run a search to confirm there are no lingering stable-hash imports or requires:

---

🏁 Script executed:

#!/bin/bash
# Ensure no references to the deprecated `stable-hash` package remain
rg -n "stable-hash([^x])" .

Length of output: 566

---

No stable-hash imports detected
A repository‐wide search (rg -n "stable-hash([^x])") shows all source files now import only stable-hash-x. The only remaining stable-hash entries live in yarn.lock as transitive dependencies and will clear out when the lockfile is regenerated. No further changes required.

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​pkgr/​core@​0.2.4 ⏵ 0.3.3			+1	+1
	@​pkgr/​utils@​3.1.2 ⏵ 4.0.0
	@​angular-eslint/​template-parser@​19.6.0 ⏵ 19.7.1
	stable-hash-x@​0.1.1
	@​typescript-eslint/​visitor-keys@​8.33.0 ⏵ 8.33.1
	@​typescript-eslint/​parser@​8.33.0 ⏵ 8.33.1
	@​typescript-eslint/​project-service@​8.33.0 ⏵ 8.33.1				+1
	@​1stg/​remark-preset@​3.1.1 ⏵ 3.1.2	-3			+3
	@​1stg/​config@​1.0.5 ⏵ 1.1.0	+1		+3	+3
	caniuse-lite@​1.0.30001720 ⏵ 1.0.30001721	+1		+1
	@​typescript-eslint/​type-utils@​8.33.0 ⏵ 8.33.1
	@​babel/​plugin-transform-block-scoping@​7.27.3 ⏵ 7.27.5
	@​typescript-eslint/​types@​8.33.0 ⏵ 8.33.1
	@​angular-eslint/​bundled-angular-compiler@​19.6.0 ⏵ 19.7.1
	@​typescript-eslint/​utils@​8.33.0 ⏵ 8.33.1
	@​babel/​plugin-transform-regenerator@​7.27.1 ⏵ 7.27.5	+1		+1
See 46 more rows in the dashboard

View full report

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/eslint-plugin-import-x@373

commit: f75c0e4

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.01% (target: -1.00%)	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (74a16c5)	3702	3539	95.60%
Head commit (74ca0f3)	3707 (+5)	3544 (+5)	95.60% (+0.01%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#373)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.04%. Comparing base (74a16c5) to head (74ca0f3).
Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #373   +/-   ##
=======================================
  Coverage   96.04%   96.04%           
=======================================
  Files          95       95           
  Lines        4926     4931    +5     
  Branches     1849     1827   -22     
=======================================
+ Hits         4731     4736    +5     
  Misses        194      194           
  Partials        1        1           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[JounQin]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to f660985 in 51 minutes and 32 seconds. Click for details.

• Reviewed 250 lines of code in 10 files
• Skipped 2 files when reviewing.
• Skipped posting 8 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. .github/workflows/autofix.yml:19

• Draft comment:
  Updated checkout action commit to v4.2.2. Confirm this pinning follows your security guidelines.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

2. .yarnrc.yml:10

• Draft comment:
  Yarn release updated to 4.9.2; ensure all team members update their tools accordingly.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

3. package.json:80

• Draft comment:
  Migrated dependency from 'stable-hash' to 'stable-hash-x'. Verify that the stableHash API remains fully compatible.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the PR author to verify compatibility of a dependency change, which is against the rules. It doesn't provide a specific suggestion or point out a specific issue.

4. package.json:90

• Draft comment:
  Several dependency version bumps (e.g., @typescript-eslint/*, eslint, jest) are introduced. Verify compatibility with your codebase.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

5. src/utils/export-map.ts:9

• Draft comment:
  Import now uses 'stable-hash-x'. Ensure the stableHash function behaves identically to the old package.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the author to ensure that the new package behaves identically to the old one. This falls under asking the author to double-check things, which is against the rules.

6. src/utils/resolve.ts:6

• Draft comment:
  Updated import to use 'stable-hash-x'. Confirm that its API and performance characteristics match expectations.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the PR author to confirm the API and performance characteristics of a dependency, which is not allowed according to the rules. It does not provide a specific code suggestion or ask for a specific test to be written.

7. test/__snapshots__/node-resolver.spec.ts.snap:60

• Draft comment:
  Snapshot now shows jest module path as index.js (not index.mjs). Confirm that this change is intended.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

8. test/rules/no-named-as-default.spec.ts:165

• Draft comment:
  Invalid test updated to use 'eslint-plugin-import-x' as the imported module. Confirm that the error ('ImportDefaultSpecifier') is correctly triggered.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the author to confirm that an error is correctly triggered, which violates the rule against asking the author to confirm their intention or ensure behavior. It does not provide a specific suggestion or ask for a specific test to be written.

Workflow ID: wflow_n5sVROVFxNwPL4CJ

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}