fix!: update dependencies

[fgiova]

Update core dependencies to latest major versions:

• @fgiova/sqs-consumer v2 → v3 with @watchable/unpromise for safe race conditions
• fastify-plugin ^5.0.1 → ^5.1.0

Update Node.js engine requirement to ^22.14.0 || >= 24.10.0 Update CI workflow accordingly

BREAKING-CHANGE: Drop support to Node.js 20.x

[Copilot]

Pull request overview

This PR updates core dependencies to their latest major versions and drops support for Node.js 20.x. The main changes include upgrading @fgiova/sqs-consumer from v2 to v3, which introduces @watchable/unpromise for handling race conditions, and updating fastify-plugin to v5.1.0. The Node.js engine requirement is updated to ^22.14.0 || >= 24.10.0, and the CI workflow is updated accordingly.

Changes:

• Upgraded @fgiova/sqs-consumer to v3.0.0 with @watchable/unpromise integration for safer Promise.race handling
• Refactored consumer structure to track metadata separately and improved shutdown handling with force shutdown timeout
• Updated Node.js engine requirements, dropping support for Node.js 20.x and updating CI/CD workflows

Reviewed changes

Copilot reviewed 7 out of 9 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
package.json	Updated dependencies (@fgiova/sqs-consumer v3, fastify-plugin v5.1.0, @watchable/unpromise), Node.js engine requirement, and devDependencies
package-lock.json	Lock file updates reflecting the dependency changes
src/index.ts	Refactored consumer creation to return object with consumer and meta, added credentials parameter, implemented custom timeout handling with Unpromise.race, improved onClose hook with force shutdown timeout
test/unit/index.ts	Added three new test cases for error scenarios: consumer start failure, stop error handling, and force shutdown timeout
test/scripts/runners/localstack.js	Added reaper session label to testcontainers configuration for proper cleanup
.nvmrc	Updated from Node 20 to Node 22
.gitignore	Added development artifact directories (.plans/, /.tap/, /.claude/)
.github/workflows/node.js.yml	Removed Node 20 from matrix, updated actions versions, added granular permissions, removed NPM_TOKEN in favor of OIDC trusted publishing

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The force shutdown timeout calculation uses maxExecutionTimeout + 2_000 (line 194), but this may not provide enough time for message handlers that are already running. If a handler starts executing just before shutdown and takes the full timeout duration, it could be forcefully terminated. Consider using a formula that accounts for both the maximum execution timeout and some additional grace period, such as maxExecutionTimeout * 1.5 or maxExecutionTimeout + waitTimeForGracefulShutdown to ensure handlers have sufficient time to complete.

[Copilot]

The @ts-expect-error directive is missing the standard biome-ignore comment. The codebase consistently uses "// biome-ignore lint/suspicious/noTsIgnore: " before @ts-ignore or @ts-expect-error directives (see test/unit/index.ts lines 2-4, 13-15, 16-18). This should be updated to match the codebase convention.

Suggested change

	import { type HooksOptions, SQSConsumer } from "@fgiova/sqs-consumer";
	import { type HooksOptions, SQSConsumer } from "@fgiova/sqs-consumer";
	// biome-ignore lint/suspicious/noTsIgnore: Unpromise currently has no TypeScript types