create-node-app
create-node-app copied to clipboard
Create-Node-App
Bump turbo from 2.5.6 to 2.5.8
Bumps turbo from 2.5.6 to 2.5.8.
Release notes
Sourced from turbo's releases.
Turborepo v2.5.8
What's Changed
create-turbo
- fix: revert #10847 by
@anthonyshewin vercel/turborepo#10882Changelog
- chore: add Cursor slash command by
@anthonyshewin vercel/turborepo#10881Full Changelog: https://github.com/vercel/turborepo/compare/v2.5.7...v2.5.8
Turborepo v2.5.8-canary.0
What's Changed
create-turbo
- fix: revert #10847 by
@anthonyshewin vercel/turborepo#10882Changelog
- chore: add Cursor slash command by
@anthonyshewin vercel/turborepo#10881Full Changelog: https://github.com/vercel/turborepo/compare/v2.5.7...v2.5.8-canary.0
Turborepo v2.5.7
What's Changed
Docs
- docs: add
TURBO_CONCURRENCYto options overview page by@anthonyshewin vercel/turborepo#10772- fix(docs): fix broken anchor links to --graph option by
@anthonyshewin vercel/turborepo#10773- docs: clarify TURBO_TEAM secret usage by
@vikhyathdevadigain vercel/turborepo#10795- docs: add Buildkite example to CI Vendors documentation by
@AndrewDiMolain vercel/turborepo#10721- docs: rework llms.txt and add .md responses by
@anthonyshewin vercel/turborepo#10811- docs: add
namefield mention to migration page by@anthonyshewin vercel/turborepo#10823- docs: update configuration reference to use correct turbo.json title by
@xcfioin vercel/turborepo#10843- docs: correct description of how
^works by@anthonyshewin vercel/turborepo#10865create-turbo
- feat(create-turbo):
--no-gitflag by@anthonyshewin vercel/turborepo#10720- chore(create-turbo): fix lint by
@chris-olszewskiin vercel/turborepo#10807- fix(security): update dependencies to resolve warning for
node-plopby@anthonyshewin vercel/turborepo#10847eslint
- docs: adjust typo on instructions for eslint-config-turbo legacy config by
@evsassein vercel/turborepo#10717
@turbo/repository
- chore: reformat code with 2024 edition by
@ognevnyin vercel/turborepo#10775Examples
- chore(deps-dev): bump the with-svelte group in /examples/with-svelte with 6 updates by
@dependabot[bot] in vercel/turborepo#10752- chore(deps-dev): bump turbo from 2.5.5 to 2.5.6 in /examples/with-shell-commands by
@dependabot[bot] in vercel/turborepo#10781- chore(deps-dev): bump
@sveltejs/kitfrom 2.27.3 to 2.31.1 in /examples/with-svelte in the with-svelte group by@dependabot[bot] in vercel/turborepo#10780- chore(deps-dev): bump
@next/eslint-plugin-nextfrom 15.4.2 to 15.4.6 in /examples/with-tailwind by@dependabot[bot] in vercel/turborepo#10779
... (truncated)
Commits
98fe819publish 2.5.8 to registry132cf58release(turborepo): 2.5.8-canary.0 (#10883)adfdbb1fix: revert #10847 (#10882)157e277chore: add Cursor slash command (#10881)0a5070arelease(turborepo): 2.5.7 (#10878)1b512ecfix: sanitize logging prefix for GitLab groups (#10850)f5ff573ci: update deprecated turbo setting (#10857)9b85af0fix: output valid turbo.json for prune with Boundaries definition (#10866)2c6f798docs: correct description of how^works (#10865)7ea16e8fix: add WINDIR to default passthroughs (#10868)- Additional commits viewable in compare view
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
[!IMPORTANT]
Review skipped
Bot user detected.
To trigger a single review, invoke the
@coderabbitai reviewcommand.You can disable this status message by setting the
reviews.review_statustofalsein the CodeRabbit configuration file.
Comment @coderabbitai help to get the list of available commands and usage tips.
![coderabbitai[bot] avatar](https://avatars.githubusercontent.com/in/347564?v=4 "Published by a pub.dev verified publisher"){kind=small}
❌MegaLinter analysis: Error
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ❌ COPYPASTE | jscpd | yes | 5 | no | 3.29s | |
| ✅ EDITORCONFIG | editorconfig-checker | 2 | 0 | 0 | 0.27s | |
| ✅ JSON | jsonlint | 2 | 0 | 0 | 0.44s | |
| ✅ JSON | npm-package-json-lint | yes | no | no | 0.4s | |
| ✅ JSON | prettier | 2 | 0 | 0 | 0 | 0.46s |
| ✅ JSON | v8r | 2 | 0 | 0 | 5.93s | |
| ✅ REPOSITORY | gitleaks | yes | no | no | 3.1s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.01s | |
| ✅ REPOSITORY | grype | yes | no | no | 25.79s | |
| ✅ REPOSITORY | secretlint | yes | no | no | 0.52s | |
| ✅ REPOSITORY | syft | yes | no | no | 1.58s | |
| ❌ REPOSITORY | trivy | yes | 1 | no | 6.7s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 3.85s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 2.32s | |
| ✅ SPELL | cspell | 3 | 0 | 0 | 3.6s | |
| ❌ SPELL | lychee | 2 | 2 | 0 | 2.51s |
Detailed Issues
❌ COPYPASTE / jscpd - 5 errors
Clone found (typescript):
- packages/create-awesome-node-app/src/list.ts [76:16 - 87:2] (11 lines, 82 tokens)
packages/create-awesome-node-app/src/list.ts [21:24 - 32:10]
Clone found (typescript):
- packages/create-node-app-core/loaders.ts [143:21 - 155:6] (12 lines, 80 tokens)
packages/create-node-app-core/loaders.ts [80:19 - 92:32]
Clone found (typescript):
- packages/create-node-app-core/loaders.ts [186:9 - 201:19] (15 lines, 115 tokens)
packages/create-node-app-core/loaders.ts [161:9 - 176:17]
Clone found (markdown):
- packages/create-awesome-node-app/CHANGELOG.md [21:1 - 33:8] (12 lines, 327 tokens)
packages/create-node-app-core/CHANGELOG.md [13:1 - 29:4]
Clone found (url):
- README.md [218:1 - 232:70] (14 lines, 88 tokens)
packages/create-awesome-node-app/README.md [286:1 - 300:70]
┌────────────┬────────────────┬─────────────┬──────────────┬──────────────┬──────────────────┬───────────────────┐
│ Format │ Files analyzed │ Total lines │ Total tokens │ Clones found │ Duplicated lines │ Duplicated tokens │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ typescript │ 16 │ 2835 │ 22977 │ 3 │ 38 (1.34%) │ 277 (1.21%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ json │ 23 │ 558 │ 3477 │ 0 │ 0 (0%) │ 0 (0%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ markdown │ 12 │ 1229 │ 7706 │ 1 │ 12 (0.98%) │ 327 (4.24%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ javascript │ 5 │ 81 │ 458 │ 0 │ 0 (0%) │ 0 (0%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ url │ 2 │ 32 │ 200 │ 1 │ 14 (43.75%) │ 88 (44%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ yaml │ 1 │ 22 │ 45 │ 0 │ 0 (0%) │ 0 (0%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ Total: │ 59 │ 4757 │ 34863 │ 5 │ 64 (1.35%) │ 692 (1.98%) │
└────────────┴────────────────┴─────────────┴──────────────┴──────────────┴──────────────────┴───────────────────┘
Found 5 clones.
HTML report saved to megalinter-reports/copy-paste/html/
ERROR: jscpd found too many duplicates (1.35%) over threshold (0%)
Error: ERROR: jscpd found too many duplicates (1.35%) over threshold (0%)
at ThresholdReporter.report (/node-deps/node_modules/@jscpd/finder/dist/index.js:612:13)
at /node-deps/node_modules/@jscpd/finder/dist/index.js:110:18
at Array.forEach (<anonymous>)
at /node-deps/node_modules/@jscpd/finder/dist/index.js:109:22
at async /node-deps/node_modules/jscpd/dist/jscpd.js:351:5
❌ SPELL / lychee - 2 errors
[404] https://opencollective.com/unts/projects/eslint-import-resolver-ts | Network error: Not Found
[403] https://www.patreon.com/feross | Network error: Forbidden
📝 Summary
---------------------
🔍 Total..........626
✅ Successful.....624
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........2
Errors in package-lock.json
[404] https://opencollective.com/unts/projects/eslint-import-resolver-ts | Network error: Not Found
[403] https://www.patreon.com/feross | Network error: Forbidden
❌ REPOSITORY / trivy - 1 error
2025-09-29T04:20:02Z INFO [vulndb] Need to update DB
2025-09-29T04:20:02Z INFO [vulndb] Downloading vulnerability DB...
2025-09-29T04:20:02Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
27.31 MiB / 71.49 MiB [----------------------->_____________________________________] 38.21% ? p/s ?68.64 MiB / 71.49 MiB [---------------------------------------------------------->__] 96.02% ? p/s ?71.49 MiB / 71.49 MiB [----------------------------------------------------------->] 100.00% ? p/s ?71.49 MiB / 71.49 MiB [---------------------------------------------->] 100.00% 73.58 MiB p/s ETA 0s71.49 MiB / 71.49 MiB [---------------------------------------------->] 100.00% 73.58 MiB p/s ETA 0s71.49 MiB / 71.49 MiB [---------------------------------------------->] 100.00% 73.58 MiB p/s ETA 0s71.49 MiB / 71.49 MiB [---------------------------------------------->] 100.00% 68.84 MiB p/s ETA 0s71.49 MiB / 71.49 MiB [---------------------------------------------->] 100.00% 68.84 MiB p/s ETA 0s71.49 MiB / 71.49 MiB [---------------------------------------------->] 100.00% 68.84 MiB p/s ETA 0s71.49 MiB / 71.49 MiB [---------------------------------------------->] 100.00% 64.40 MiB p/s ETA 0s71.49 MiB / 71.49 MiB [---------------------------------------------->] 100.00% 64.40 MiB p/s ETA 0s71.49 MiB / 71.49 MiB [---------------------------------------------->] 100.00% 64.40 MiB p/s ETA 0s71.49 MiB / 71.49 MiB [-------------------------------------------------] 100.00% 31.85 MiB p/s 2.4s2025-09-29T04:20:06Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2025-09-29T04:20:06Z INFO [vuln] Vulnerability scanning is enabled
2025-09-29T04:20:06Z INFO [misconfig] Misconfiguration scanning is enabled
2025-09-29T04:20:06Z INFO [misconfig] Need to update the checks bundle
2025-09-29T04:20:06Z INFO [misconfig] Downloading the checks bundle...
165.20 KiB / 165.20 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-09-29T04:20:08Z INFO [npm] To collect the license information of packages, "npm install" needs to be performed beforehand dir="node_modules"
2025-09-29T04:20:08Z INFO [npm] To collect the license information of packages, "npm install" needs to be performed beforehand dir="tools/danger/node_modules"
2025-09-29T04:20:08Z INFO Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2025-09-29T04:20:08Z INFO Number of language-specific files num=2
2025-09-29T04:20:08Z INFO [npm] Detecting vulnerabilities...
2025-09-29T04:20:08Z INFO Detected config files num=2
Report Summary
┌───────────────────────────────┬────────────┬─────────────────┬───────────────────┐
│ Target │ Type │ Vulnerabilities │ Misconfigurations │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┤
│ package-lock.json │ npm │ 0 │ - │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┤
│ .devcontainer/Dockerfile │ dockerfile │ - │ 2 │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┤
│ .devcontainer/base.Dockerfile │ dockerfile │ - │ 2 │
└───────────────────────────────┴────────────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)
.devcontainer/Dockerfile (dockerfile)
=====================================
Tests: 27 (SUCCESSES: 25, FAILURES: 2)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
AVD-DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
See https://avd.aquasec.com/misconfig/ds002
────────────────────────────────────────
AVD-DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.
See https://avd.aquasec.com/misconfig/ds026
────────────────────────────────────────
.devcontainer/base.Dockerfile (dockerfile)
==========================================
Tests: 27 (SUCCESSES: 25, FAILURES: 2)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
AVD-DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
See https://avd.aquasec.com/misconfig/ds002
────────────────────────────────────────
AVD-DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.
See https://avd.aquasec.com/misconfig/ds026
────────────────────────────────────────
See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}