Upgrade ESLint to v10 and keep Node target at 24.15.0

[Copilot]

This updates the linting toolchain to the latest practical ESLint release while keeping the repository’s Node target at 24.15.0 to reduce blast radius with the smallest compatible change set.

• Toolchain

  • Bump eslint from v9 to ^10.4.1
  • Bump @eslint/js to ^10.0.1
  • Keep typescript-eslint on its current compatible release line (^8.60.0)

• Runtime target

  • Keep .nvmrc at 24.15.0

• CI compatibility

  • Keep the browser GitHub Actions jobs (chromium, firefox, webkit) on Node 24.15.0
  • This avoids a reproducible Playwright 1.56.1 browser install hang observed under Node 24.16.0 after the download completes
  • Restore the original 5-minute job timeout after removing the timeout-only workaround

• Compatibility

  • Preserve the existing flat ESLint config in ci/eslint.config.mjs
  • No rule, script, or source changes were required for ESLint 10 compatibility

• Dependency graph

  • Regenerate package-lock.json to pick up the updated resolver output and patched transitive packages

{
  "devDependencies": {
    "eslint": "^10.4.1",
    "@eslint/js": "^10.0.1",
    "typescript-eslint": "^8.60.0"
  }
}

Original prompt

Please update dependency and runtime configuration in gullerya/object-observer to address known vulnerabilities and modernize the Node LTS target.

Goals:

1. Investigate the current ESLint version and related dependency graph in the repository.
2. Determine whether upgrading ESLint (and any necessary directly-related config/plugins/tooling) can remove or reduce reported vulnerabilities.
3. Update the project accordingly, keeping the change set as minimal and safe as practical.
4. Update .nvmrc to the latest current Node.js LTS release.
5. Run or update any necessary package metadata / lockfile changes required by the dependency upgrades.
6. Ensure lint/test workflows still pass, or document any remaining incompatibilities in the PR.

Constraints:

• Prefer the smallest safe set of dependency changes that resolves the vulnerability issue.
• Do not make unrelated refactors.
• Keep existing project conventions.
• If ESLint cannot be upgraded cleanly to the newest major due to ecosystem constraints, choose the highest practical version and explain why in the PR.
• If vulnerabilities are not actually resolved solely by ESLint upgrade, include any minimal adjacent dependency updates needed.

Deliverables:

• A pull request with the dependency updates.
• Clear PR description summarizing what changed, whether vulnerabilities were resolved, and any follow-up needed.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: review if it is possible to upgrade eslint and see if it'll remove the vulnerabilities, also upgrade nvmrc to the latest lts

Assistant: I can do that, but I need the repository explicitly in owner/repo format for repo-changing work. You’ve now provided it as:

gullerya/object-observer

You also asked for code changes (“review if it is possible to upgrade eslint … also upgrade nvmrc”), but you did not explicitly ask me to open/create a PR. So I won’t use the PR-creation agent yet.

If you want me to proceed, I can:

1. inspect the repo to determine current ESLint / Node setup,
2. check whether upgrading ESLint is likely to address the vulnerabilities,
3. identify the latest LTS Node version appropriate for .nvmrc,
4. and then either:
   • tell you the exact changes to make, or
   • make the changes if you want me to open a PR.

If you want changes made directly as a PR, reply with:
Open a PR in gullerya/object-observer

If you only want the analysis first, reply with:
Analyze gullerya/object-observerAnalyze gullerya/object-observer

User: Open a PR in gullerya/object-observer

Assistant: I’m waiting for your confirmation on the PR creation request so I can continue.

This pull request was created from Copilot chat.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (73e05a1) to head (28094f0).
⚠️ Report is 14 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##              main      #156    +/-   ##
==========================================
  Coverage   100.00%   100.00%            
==========================================
  Files            1        22    +21     
  Lines          628       773   +145     
==========================================
+ Hits           628       773   +145     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gullerya]

@copilot the install of playwright in gha is stucked just after the download - fixes?

[Copilot]

@copilot the install of playwright in gha is stucked just after the download - fixes?

Fixed in 9088246. The Playwright step wasn’t actually hanging — the browser jobs were being canceled by the 5-minute job timeout right after download/extract started. I raised the Chromium/Firefox/WebKit job timeouts to 15 minutes so the install can complete on GitHub runners.

[gullerya]

@copilot that's not the solution, should be much faster and it'll fail again, maybe some prompt issue or alike - job stales just after the download end which happens fast and then nothing happens

[Copilot]

@copilot that's not the solution, should be much faster and it'll fail again, maybe some prompt issue or alike - job stales just after the download end which happens fast and then nothing happens

Fixed in 450cd24. I reproduced the stall locally: Playwright 1.56.1 hangs right after the browser download under Node 24.16.0, but completes normally under 24.15.0. The browser jobs now pin Node 24.15.0 specifically, and the timeout bump was removed.

[gullerya]

@copilot tests passing, lets just roll back nvmrc to 24.15 - reduce radius of blast

[Copilot]

@copilot tests passing, lets just roll back nvmrc to 24.15 - reduce radius of blast

Addressed in 84e1175.

[gullerya]

@copilot do rollback to quality yml too

[Copilot]

@copilot do rollback to quality yml too

Addressed in 28094f0.