feat: add automated dependency bump checker and changelog validator

[cryptodev-2s]

Description

Adds a new check-deps command to automatically detect, validate, and update dependency bump entries in CHANGELOGs.

Usage

# Detect and validate
yarn check-dependency-bumps

# Auto-fix
yarn check-dependency-bumps --fix --pr 1234

Key Features

• Detects dependency bumps from git diffs in package.json files
• Validates exact versions in changelog entries (catches stale entries)
• Auto-updates changelogs with --fix flag
• Preserves PR history when bumping same dependency multiple times
• Release-aware - adds entries to ## [X.Y.Z] section when package version changes, or [Unreleased] otherwise
• Repository agnostic - reads repo URL from package.json

Example:

# Before (PR #7007):
- Bump `@metamask/transaction-controller` from `^61.0.0` to `^61.1.0` ([#7007](...))

# After fix (PR #1234):
- Bump `@metamask/transaction-controller` from `^61.0.0` to `^62.0.0` ([#7007](...), [#1234](...))

Implementation

New files:

• src/check-dependency-bumps.ts + tests (24 tests)
• src/changelog-validator.ts + tests (27 tests)

Modified:

• src/command-line-arguments.ts - Added check-deps command
• src/main.ts - Command routing
• Updated test files for command structure

Coverage: 100% (statements, branches, functions, lines) - 340 passing tests

Testing in MetaMask/core

# Build tool
cd /path/to/create-release-branch && yarn build

# From core
cd /path/to/core
git checkout -b test-dep-bumps

# In one or more packages, modify package.json to:
# - Bump some dependencies
# - Bump some peerDependencies  
# - Bump some devDependencies (to verify they're correctly excluded)
# - Change the package version (to test release detection)

git add . && git commit -m "Test: bump dependencies"

# Validate
node /path/to/create-release-branch/dist/cli.js check-deps

# Fix without PR number
node /path/to/create-release-branch/dist/cli.js check-deps --fix

# Fix with PR number
node /path/to/create-release-branch/dist/cli.js check-deps --fix --pr 4532

# Validate with github-tools (https://github.com/MetaMask/github-tools)
cd /path/to/github-tools
yarn run changelog:check "/path/to/core" "main" "4532"

---

Note

Introduces a CLI to detect dependency bumps from git diffs and validate/update changelog entries, with command routing and comprehensive tests.

• CLI:
  • Add check-deps command (src/check-dependency-bumps.ts) to detect dependency bumps from git diffs, validate changelogs, and optionally auto-fix with PR linking.
  • Route commands in src/main.ts; parse new options in src/command-line-arguments.ts.
• Changelog Validation:
  • New module src/changelog-validator.ts to validate and update CHANGELOG.md (supports Unreleased and release sections, preserves/concats PRs, BREAKING for peerDeps).
  • Shared types in src/types.ts.
• Release Flow:
  • Guard determineInitialParameters for release-only; tests updated accordingly.
• Docs/Changelog:
  • Update CHANGELOG.md with check-deps feature and usage.
• Tests:
  • Extensive unit tests for checker, validator, CLI routing, and initial parameters.

^{Written by Cursor Bugbot for commit 9b796b6. This will update automatically on new commits. Configure here.}

[cursor]

Bug: Grammatical pluralization gap in changelog updates

Missing singular/plural handling for the "added" count in the combined update message. When both updating and adding entries, the message always uses "changelog entries" (plural) even when only 1 entry is added. The message should use conditional pluralization like: ${entriesToAdd.length} changelog ${entriesToAdd.length === 1 ? 'entry' : 'entries'} to be grammatically correct and consistent with other messages in the codebase (see lines 340 and 420).

 

[mcmire]

@cryptodev-2s I haven't had time to review this yet, but I have one initial thought:

Should we rename check-deps to validate? My thought is that we will want to include some more validation steps in the future (e.g. #176), and if we group everything under validate it will create room for that work.

[cryptodev-2s]

@cryptodev-2s I haven't had time to review this yet, but I have one initial thought:

Should we rename check-deps to validate? My thought is that we will want to include some more validation steps in the future (e.g. #176), and if we group everything under validate it will create room for that work.

Good point about future validation commands! However, I think check-deps should remain separate from release validation (#176) since:

1. Different scope: check-deps works on any branch (feature branches included), not just release branches
2. Independent use case: Validating dependency changelog entries is useful outside the release process
3. Clear separation: Release-specific validation (Add command for validating release branch #176) deserves its own command

Suggestion:

• Keep: check-deps (or rename to validate-deps for clarity)
• Add: validate-release for Add command for validating release branch #176

Side note: Given we're adding more commands beyond release creation, we could consider renaming the package to something like @metamask/monorepo-tools in a future major version. But that's a separate discussion.