chore(deps): DOMA-13434 update keystone deps#7820
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThis PR updates dependency specifiers, peer ranges, Yarn catalog metadata, resolution pins, and recorded submodule commits across the workspace. ChangesDependency and submodule updates
Estimated code review effort: 3 (Moderate) | ~30 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
package.json (1)
78-81: 🚀 Performance & Scalability | 🔵 Trivial | ⚡ Quick winUnbounded
rollupresolution risks unexpected major bumps.
rollup: ">=4.59.0"has no upper bound, so any future rollup major release (5.x, 6.x, ...) could be silently pulled in workspace-wide on the nextyarn.lockrefresh, potentially breaking builds without an explicit, reviewable version bump.♻️ Suggested tighter range
- "rollup": ">=4.59.0", + "rollup": "^4.59.0",🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@package.json` around lines 78 - 81, The rollup dependency is currently unbounded, which can allow accidental major upgrades during lockfile refreshes. Update the version range in package.json for rollup to a bounded semver range with an explicit upper limit, keeping the change confined to the dependency entry alongside react, react-dom, and graphql.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@package.json`:
- Around line 78-81: The rollup dependency is currently unbounded, which can
allow accidental major upgrades during lockfile refreshes. Update the version
range in package.json for rollup to a bounded semver range with an explicit
upper limit, keeping the change confined to the dependency entry alongside
react, react-dom, and graphql.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: bfdddd6c-d0a8-4664-a92f-aa7c62e8ffde
⛔ Files ignored due to path filters (1)
yarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (7)
.yarnrc.ymlapps/condo/package.jsonpackage.jsonpackages/apollo/package.jsonpackages/featureflags/package.jsonpackages/next/package.jsonpackages/ui/package.json
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (4)
packages/next/package.json (1)
33-34: 🎯 Functional Correctness | 🔵 Trivial | 💤 Low valueUnbounded peer range removes upper-version protection.
Changing
react/react-dompeers from^16.13.1to>=16.13.1drops the implicit upper bound, so any future major React release would silently satisfy this peer dependency without a compatibility guarantee.Consider a bounded range (e.g.
>=16.13.1 <19) if broad compatibility isn't actually intended, though this appears consistent with how other packages in this PR (e.g.packages/apollo,packages/surveys) loosen peers for catalog compatibility.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/next/package.json` around lines 33 - 34, The peer dependency change in the package.json entry for react and react-dom removes the implicit upper bound, so adjust the peer ranges to keep version protection if broad future compatibility is not intended. Update the package.json peer declarations for react and react-dom to a bounded range that preserves compatibility expectations, and make sure the chosen range aligns with the other peer-dependency patterns used in this PR.packages/surveys/package.json (1)
9-9: 🎯 Functional Correctness | 🔵 Trivial | 💤 Low valueFully wildcard peer range for
react.Changing from
>=18.3.1to*removes any lower-bound guarantee too, so even incompatible pre-18 React versions would satisfy this peer. This mirrors the same pattern used elsewhere in this PR (packages/apollo,packages/next), so likely intentional for catalog alignment, but worth confirming no older React consumer exists in the workspace.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/surveys/package.json` at line 9, The React peer dependency in the surveys package is now fully wildcarded, so update the peer range in the package.json entry for react to match the intended catalog-wide pattern and make sure it is consistent with the analogous package.json changes in apollo and next. Confirm the surveys package should accept any React version before keeping "*", or restore a lower-bound constraint in the react peer declaration if older/incompatible consumers must be excluded.packages/codegen/package.json (1)
30-39: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winWildcard peerDependencies lose compatibility signaling for a published package.
@open-condo/codegenis published publicly on npm. Wideningreact,react-dom, and the@graphql-tools/*peers to"*"means the package manager no longer warns external consumers about incompatible versions — it accepts anything. This matches thepackageExtensionsentry marking these peers optional in.yarnrc.yml(lines 90-101), so within the monorepo it's harmless, but for external installs it removes a useful guardrail.Consider keeping a meaningful range (e.g. matching the catalog version) instead of
*, while still marking the peer optional viapeerDependenciesMetaif needed.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/codegen/package.json` around lines 30 - 39, The peerDependencies in the package manifest are too broad because using "*" for react, react-dom, and the `@graphql-tools` peers removes compatibility warnings for external consumers. Update the `@open-condo/codegen` package.json peerDependencies to use meaningful version ranges that match the intended supported versions, while keeping the peers optional via peerDependenciesMeta if that was the goal. Use the existing devDependencies/catalog entries as the reference for the supported versions and keep the published package’s compatibility signaling intact.packages/icons/package.json (1)
36-37: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win
peerDependencieswidened to"*"drops minimum-version enforcement.Changing
react/react-domfrom">=16"to"*"means any major version (including pre-16 or future breaking majors) satisfies the peer check, even though the catalog pinsreact/react-domto^18.3.1. This weakens the compatibility contract for consumers of@open-condo/icons. This same pattern recurs inpackages/messaging/package.jsonandpackages/miniapp-utils/package.json.If broad compatibility is genuinely intended, consider a wider but still bounded range (e.g.,
">=16 <20") rather than an unconstrained wildcard.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/icons/package.json` around lines 36 - 37, The peerDependencies for `@open-condo/icons` have been widened to unconstrained wildcards, which removes the minimum-version compatibility guard for react and react-dom. Update the package.json peerDependencies entries to use a bounded range instead of "*" in the icons package, and apply the same correction in messaging and miniapp-utils so the peer contract remains explicit and consistent with the React versions the catalog supports.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/codegen/templates/app00/package.json`:
- Around line 27-57: The app00 template is missing several scaffold dependencies
that are still imported by template files, so either remove those imports or
restore the packages in the template manifest. Check the referenced modules in
prepare.js, pages/_app.tsx, pages/_document.tsx, middlewares/oidc.js, and
domains/user/utils/testSchema/index.js, and align package.json so every used
import like `@open-condo/cli`, graphql-tag, emotion, emotion-server,
openid-client, and `@faker-js/faker` is declared.
In `@packages/featureflags/package.json`:
- Around line 14-17: The peer dependency declaration in package.json needs to
mark react-dom as optional so consumers that don’t use it won’t get install
warnings. Update the package’s peer dependency metadata by adding a
peerDependenciesMeta entry for react-dom alongside the existing peerDependencies
block, keeping the change scoped to the featureflags package manifest.
---
Nitpick comments:
In `@packages/codegen/package.json`:
- Around line 30-39: The peerDependencies in the package manifest are too broad
because using "*" for react, react-dom, and the `@graphql-tools` peers removes
compatibility warnings for external consumers. Update the `@open-condo/codegen`
package.json peerDependencies to use meaningful version ranges that match the
intended supported versions, while keeping the peers optional via
peerDependenciesMeta if that was the goal. Use the existing
devDependencies/catalog entries as the reference for the supported versions and
keep the published package’s compatibility signaling intact.
In `@packages/icons/package.json`:
- Around line 36-37: The peerDependencies for `@open-condo/icons` have been
widened to unconstrained wildcards, which removes the minimum-version
compatibility guard for react and react-dom. Update the package.json
peerDependencies entries to use a bounded range instead of "*" in the icons
package, and apply the same correction in messaging and miniapp-utils so the
peer contract remains explicit and consistent with the React versions the
catalog supports.
In `@packages/next/package.json`:
- Around line 33-34: The peer dependency change in the package.json entry for
react and react-dom removes the implicit upper bound, so adjust the peer ranges
to keep version protection if broad future compatibility is not intended. Update
the package.json peer declarations for react and react-dom to a bounded range
that preserves compatibility expectations, and make sure the chosen range aligns
with the other peer-dependency patterns used in this PR.
In `@packages/surveys/package.json`:
- Line 9: The React peer dependency in the surveys package is now fully
wildcarded, so update the peer range in the package.json entry for react to
match the intended catalog-wide pattern and make sure it is consistent with the
analogous package.json changes in apollo and next. Confirm the surveys package
should accept any React version before keeping "*", or restore a lower-bound
constraint in the react peer declaration if older/incompatible consumers must be
excluded.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 42dba780-4af4-4292-889c-2bd239aab12e
⛔ Files ignored due to path filters (1)
yarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (55)
.yarnrc.ymlapps/accruals-gatewayapps/address-service/package.jsonapps/announcementsapps/asterisk-botapps/b2b-payments-gatewayapps/billing-connectorapps/callcenterapps/condo/package.jsonapps/debt-managementapps/dev-portal-api/package.jsonapps/dev-portal-web/package.jsonapps/documentsapps/ecom-gatewayapps/employee-botapps/epsapps/external-apiapps/insuranceapps/meter-importerapps/miniapp/package.jsonapps/news-greenhouseapps/news-telegram-apiapps/news-telegram-webapps/passapps/pos-integrationapps/property-ai-assistantapps/property-importerapps/rbapps/registry-importerapps/resident-appapps/telephonyapps/telephony-ws-apiapps/ticket-importerpackage.jsonpackages/apollo-server-client/package.jsonpackages/apollo/package.jsonpackages/billing/package.jsonpackages/bridge/package.jsonpackages/clients/package.jsonpackages/codegen/package.jsonpackages/codegen/templates/app00/package.jsonpackages/codegen/templates/app01/package.jsonpackages/featureflags/package.jsonpackages/files/package.jsonpackages/icons/package.jsonpackages/keystone/package.jsonpackages/locales/package.jsonpackages/messaging/package.jsonpackages/migrator/package.jsonpackages/miniapp-utils/package.jsonpackages/next/package.jsonpackages/surveys/package.jsonpackages/tsconfig/package.jsonpackages/ui/package.jsonpackages/webhooks/package.json
💤 Files with no reviewable changes (1)
- packages/tsconfig/package.json
✅ Files skipped from review due to trivial changes (3)
- packages/clients/package.json
- apps/rb
- packages/files/package.json
| "peerDependencies": { | ||
| "next": ">=15", | ||
| "react": ">=18.3.1" | ||
| "next": "*", | ||
| "react": "*", | ||
| "react-dom": "*" |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check whether featureflags has a corresponding packageExtensions/peerDependenciesMeta entry
rg -n -A10 '"`@open-condo/featureflags`' .yarnrc.ymlRepository: open-condo-software/condo
Length of output: 163
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== packages/featureflags/package.json ==\n'
wc -l packages/featureflags/package.json
sed -n '1,120p' packages/featureflags/package.json
printf '\n== .yarnrc.yml matches ==\n'
rg -n -C 4 'featureflags|react-dom|peerDependenciesMeta|packageExtensions|react:' .yarnrc.ymlRepository: open-condo-software/condo
Length of output: 3705
Mark react-dom optional packages/featureflags/package.json declares react-dom as a peer, but there’s no peerDependenciesMeta entry for this package, so consumers without react-dom will get install warnings.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/featureflags/package.json` around lines 14 - 17, The peer dependency
declaration in package.json needs to mark react-dom as optional so consumers
that don’t use it won’t get install warnings. Update the package’s peer
dependency metadata by adding a peerDependenciesMeta entry for react-dom
alongside the existing peerDependencies block, keeping the change scoped to the
featureflags package manifest.
71cd22b to
b5022a7
Compare
c2d87e6 to
9cfce28
Compare
Trying to keep current versions moved to yarn catalog
…dencies - Remove insurance app knip config - Expand resident-app entry points to include bot.js and telegram-bot domains - Remove storybook from ui package ignore list - Add admin-ui/index.jsx to KS app entry points - Remove telegram bot and @types/jest ignore rules - Refine webpack-cli ignore condition to exclude ui and icons packages - Add rc-menu dependency to ui package
…le packages - Remove @types/jest from miniapp, billing, migrator, and miniapp-utils packages - Update insurance and news-greenhouse submodules
…-service admin-ui index file to .jsx extension
…, radio group stories, and typography stories
…ibility in upload function
1d22298 to
8b1a8f7
Compare
…al dependency to keystone
|



Motivation
@open-keystone/*releases and remove an obsolete local patch so the workspace can resolve newer upstream fixes and security updates.Description
@open-keystone/*ranges in workspace manifests (notably inpackages/keystone,apps/condo, andapps/address-service) to the published current versions such asadapter-knex@^14.0.34,adapter-prisma@^4.0.34,fields@^25.1.1,keystone@^19.4.34, and related packages.packages/webhookspeer range for@open-keystone/fieldsto^25.1.1.@open-keystone/adapter-prisma@4.0.20patch/resolution and deleted the corresponding.yarn/patches/@open-keystone-adapter-prisma-npm-4.0.20-*.patchfile.yarn.lockto reflect the new dependency graph and committed updated manifests and lockfile.Testing
YARN_NPM_MINIMAL_AGE_GATE=0 yarn install --immutable --mode=skip-buildto refresh the lockfile and verify resolution, and the install completed successfully with existing yarn peer-dependency warnings.YARN_NPM_MINIMAL_AGE_GATE=0 yarn installduring the update flow which completed (warnings only).Codex Task
Summary by CodeRabbit