Skip to content

chore(deps): DOMA-13434 update keystone deps#7820

Open
condo-bot wants to merge 28 commits into
mainfrom
codex/update-all-@open-keystone/-dependencies
Open

chore(deps): DOMA-13434 update keystone deps#7820
condo-bot wants to merge 28 commits into
mainfrom
codex/update-all-@open-keystone/-dependencies

Conversation

@condo-bot

@condo-bot condo-bot commented Jul 4, 2026

Copy link
Copy Markdown
Member

Motivation

  • Keep the repo on current published @open-keystone/* releases and remove an obsolete local patch so the workspace can resolve newer upstream fixes and security updates.

Description

  • Bumped @open-keystone/* ranges in workspace manifests (notably in packages/keystone, apps/condo, and apps/address-service) to the published current versions such as adapter-knex@^14.0.34, adapter-prisma@^4.0.34, fields@^25.1.1, keystone@^19.4.34, and related packages.
  • Updated packages/webhooks peer range for @open-keystone/fields to ^25.1.1.
  • Removed the root @open-keystone/adapter-prisma@4.0.20 patch/resolution and deleted the corresponding .yarn/patches/@open-keystone-adapter-prisma-npm-4.0.20-*.patch file.
  • Refreshed yarn.lock to reflect the new dependency graph and committed updated manifests and lockfile.

Testing

  • Ran YARN_NPM_MINIMAL_AGE_GATE=0 yarn install --immutable --mode=skip-build to refresh the lockfile and verify resolution, and the install completed successfully with existing yarn peer-dependency warnings.
  • Performed an additional YARN_NPM_MINIMAL_AGE_GATE=0 yarn install during the update flow which completed (warnings only).

Codex Task

Summary by CodeRabbit

  • Chores
    • Updated app build/start scripts for the address service to use standardized environment handling and production startup behavior.
    • Migrated many workspace package versions to centralized catalog-based resolution, with expanded package extension metadata.
    • Broadened peer dependency compatibility for React/React DOM/GraphQL across multiple packages.
    • Refreshed bundled app/service code via submodule pointer updates across several apps.

@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This PR updates dependency specifiers, peer ranges, Yarn catalog metadata, resolution pins, and recorded submodule commits across the workspace.

Changes

Dependency and submodule updates

Layer / File(s) Summary
Root config and Yarn metadata
package.json, .yarnrc.yml
Updates root devDependencies and resolutions, adds a Yarn catalog block, and expands packageExtensions with additional peer metadata and optional peer settings.
App package manifests
apps/address-service/package.json, apps/condo/package.json, apps/dev-portal-api/package.json, apps/dev-portal-web/package.json, apps/miniapp/package.json
Switches app dependency and devDependency specifiers to catalog:, adjusts peer ranges where shown, and adds @tiptap/extensions in the UI package.
Package manifest updates
packages/*.json, packages/codegen/templates/*/package.json
Updates workspace package dependencies, devDependencies, and peerDependencies to catalog: or wildcard ranges, including template manifest reductions and dependency set changes.
Submodule pointer bumps
apps/*
Advances recorded git submodule commits for the listed app subprojects.

Estimated code review effort: 3 (Moderate) | ~30 minutes

Possibly related PRs

Suggested reviewers: dkoviazin, toplenboren

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the dependency update theme and matches the Keystone dependency refresh in the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/update-all-@open-keystone/-dependencies

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
package.json (1)

78-81: 🚀 Performance & Scalability | 🔵 Trivial | ⚡ Quick win

Unbounded rollup resolution risks unexpected major bumps.

rollup: ">=4.59.0" has no upper bound, so any future rollup major release (5.x, 6.x, ...) could be silently pulled in workspace-wide on the next yarn.lock refresh, potentially breaking builds without an explicit, reviewable version bump.

♻️ Suggested tighter range
-    "rollup": ">=4.59.0",
+    "rollup": "^4.59.0",
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 78 - 81, The rollup dependency is currently
unbounded, which can allow accidental major upgrades during lockfile refreshes.
Update the version range in package.json for rollup to a bounded semver range
with an explicit upper limit, keeping the change confined to the dependency
entry alongside react, react-dom, and graphql.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@package.json`:
- Around line 78-81: The rollup dependency is currently unbounded, which can
allow accidental major upgrades during lockfile refreshes. Update the version
range in package.json for rollup to a bounded semver range with an explicit
upper limit, keeping the change confined to the dependency entry alongside
react, react-dom, and graphql.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bfdddd6c-d0a8-4664-a92f-aa7c62e8ffde

📥 Commits

Reviewing files that changed from the base of the PR and between e255556 and f2ccd95.

⛔ Files ignored due to path filters (1)
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (7)
  • .yarnrc.yml
  • apps/condo/package.json
  • package.json
  • packages/apollo/package.json
  • packages/featureflags/package.json
  • packages/next/package.json
  • packages/ui/package.json

@pahaz pahaz changed the title chore(deps): DOMA-0000 update keystone deps chore(deps): DOMA-13405 update keystone deps Jul 5, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (4)
packages/next/package.json (1)

33-34: 🎯 Functional Correctness | 🔵 Trivial | 💤 Low value

Unbounded peer range removes upper-version protection.

Changing react/react-dom peers from ^16.13.1 to >=16.13.1 drops the implicit upper bound, so any future major React release would silently satisfy this peer dependency without a compatibility guarantee.

Consider a bounded range (e.g. >=16.13.1 <19) if broad compatibility isn't actually intended, though this appears consistent with how other packages in this PR (e.g. packages/apollo, packages/surveys) loosen peers for catalog compatibility.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/next/package.json` around lines 33 - 34, The peer dependency change
in the package.json entry for react and react-dom removes the implicit upper
bound, so adjust the peer ranges to keep version protection if broad future
compatibility is not intended. Update the package.json peer declarations for
react and react-dom to a bounded range that preserves compatibility
expectations, and make sure the chosen range aligns with the other
peer-dependency patterns used in this PR.
packages/surveys/package.json (1)

9-9: 🎯 Functional Correctness | 🔵 Trivial | 💤 Low value

Fully wildcard peer range for react.

Changing from >=18.3.1 to * removes any lower-bound guarantee too, so even incompatible pre-18 React versions would satisfy this peer. This mirrors the same pattern used elsewhere in this PR (packages/apollo, packages/next), so likely intentional for catalog alignment, but worth confirming no older React consumer exists in the workspace.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/surveys/package.json` at line 9, The React peer dependency in the
surveys package is now fully wildcarded, so update the peer range in the
package.json entry for react to match the intended catalog-wide pattern and make
sure it is consistent with the analogous package.json changes in apollo and
next. Confirm the surveys package should accept any React version before keeping
"*", or restore a lower-bound constraint in the react peer declaration if
older/incompatible consumers must be excluded.
packages/codegen/package.json (1)

30-39: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Wildcard peerDependencies lose compatibility signaling for a published package.

@open-condo/codegen is published publicly on npm. Widening react, react-dom, and the @graphql-tools/* peers to "*" means the package manager no longer warns external consumers about incompatible versions — it accepts anything. This matches the packageExtensions entry marking these peers optional in .yarnrc.yml (lines 90-101), so within the monorepo it's harmless, but for external installs it removes a useful guardrail.

Consider keeping a meaningful range (e.g. matching the catalog version) instead of *, while still marking the peer optional via peerDependenciesMeta if needed.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/codegen/package.json` around lines 30 - 39, The peerDependencies in
the package manifest are too broad because using "*" for react, react-dom, and
the `@graphql-tools` peers removes compatibility warnings for external consumers.
Update the `@open-condo/codegen` package.json peerDependencies to use meaningful
version ranges that match the intended supported versions, while keeping the
peers optional via peerDependenciesMeta if that was the goal. Use the existing
devDependencies/catalog entries as the reference for the supported versions and
keep the published package’s compatibility signaling intact.
packages/icons/package.json (1)

36-37: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

peerDependencies widened to "*" drops minimum-version enforcement.

Changing react/react-dom from ">=16" to "*" means any major version (including pre-16 or future breaking majors) satisfies the peer check, even though the catalog pins react/react-dom to ^18.3.1. This weakens the compatibility contract for consumers of @open-condo/icons. This same pattern recurs in packages/messaging/package.json and packages/miniapp-utils/package.json.

If broad compatibility is genuinely intended, consider a wider but still bounded range (e.g., ">=16 <20") rather than an unconstrained wildcard.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/icons/package.json` around lines 36 - 37, The peerDependencies for
`@open-condo/icons` have been widened to unconstrained wildcards, which removes
the minimum-version compatibility guard for react and react-dom. Update the
package.json peerDependencies entries to use a bounded range instead of "*" in
the icons package, and apply the same correction in messaging and miniapp-utils
so the peer contract remains explicit and consistent with the React versions the
catalog supports.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/codegen/templates/app00/package.json`:
- Around line 27-57: The app00 template is missing several scaffold dependencies
that are still imported by template files, so either remove those imports or
restore the packages in the template manifest. Check the referenced modules in
prepare.js, pages/_app.tsx, pages/_document.tsx, middlewares/oidc.js, and
domains/user/utils/testSchema/index.js, and align package.json so every used
import like `@open-condo/cli`, graphql-tag, emotion, emotion-server,
openid-client, and `@faker-js/faker` is declared.

In `@packages/featureflags/package.json`:
- Around line 14-17: The peer dependency declaration in package.json needs to
mark react-dom as optional so consumers that don’t use it won’t get install
warnings. Update the package’s peer dependency metadata by adding a
peerDependenciesMeta entry for react-dom alongside the existing peerDependencies
block, keeping the change scoped to the featureflags package manifest.

---

Nitpick comments:
In `@packages/codegen/package.json`:
- Around line 30-39: The peerDependencies in the package manifest are too broad
because using "*" for react, react-dom, and the `@graphql-tools` peers removes
compatibility warnings for external consumers. Update the `@open-condo/codegen`
package.json peerDependencies to use meaningful version ranges that match the
intended supported versions, while keeping the peers optional via
peerDependenciesMeta if that was the goal. Use the existing
devDependencies/catalog entries as the reference for the supported versions and
keep the published package’s compatibility signaling intact.

In `@packages/icons/package.json`:
- Around line 36-37: The peerDependencies for `@open-condo/icons` have been
widened to unconstrained wildcards, which removes the minimum-version
compatibility guard for react and react-dom. Update the package.json
peerDependencies entries to use a bounded range instead of "*" in the icons
package, and apply the same correction in messaging and miniapp-utils so the
peer contract remains explicit and consistent with the React versions the
catalog supports.

In `@packages/next/package.json`:
- Around line 33-34: The peer dependency change in the package.json entry for
react and react-dom removes the implicit upper bound, so adjust the peer ranges
to keep version protection if broad future compatibility is not intended. Update
the package.json peer declarations for react and react-dom to a bounded range
that preserves compatibility expectations, and make sure the chosen range aligns
with the other peer-dependency patterns used in this PR.

In `@packages/surveys/package.json`:
- Line 9: The React peer dependency in the surveys package is now fully
wildcarded, so update the peer range in the package.json entry for react to
match the intended catalog-wide pattern and make sure it is consistent with the
analogous package.json changes in apollo and next. Confirm the surveys package
should accept any React version before keeping "*", or restore a lower-bound
constraint in the react peer declaration if older/incompatible consumers must be
excluded.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 42dba780-4af4-4292-889c-2bd239aab12e

📥 Commits

Reviewing files that changed from the base of the PR and between f2ccd95 and 71cd22b.

⛔ Files ignored due to path filters (1)
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (55)
  • .yarnrc.yml
  • apps/accruals-gateway
  • apps/address-service/package.json
  • apps/announcements
  • apps/asterisk-bot
  • apps/b2b-payments-gateway
  • apps/billing-connector
  • apps/callcenter
  • apps/condo/package.json
  • apps/debt-management
  • apps/dev-portal-api/package.json
  • apps/dev-portal-web/package.json
  • apps/documents
  • apps/ecom-gateway
  • apps/employee-bot
  • apps/eps
  • apps/external-api
  • apps/insurance
  • apps/meter-importer
  • apps/miniapp/package.json
  • apps/news-greenhouse
  • apps/news-telegram-api
  • apps/news-telegram-web
  • apps/pass
  • apps/pos-integration
  • apps/property-ai-assistant
  • apps/property-importer
  • apps/rb
  • apps/registry-importer
  • apps/resident-app
  • apps/telephony
  • apps/telephony-ws-api
  • apps/ticket-importer
  • package.json
  • packages/apollo-server-client/package.json
  • packages/apollo/package.json
  • packages/billing/package.json
  • packages/bridge/package.json
  • packages/clients/package.json
  • packages/codegen/package.json
  • packages/codegen/templates/app00/package.json
  • packages/codegen/templates/app01/package.json
  • packages/featureflags/package.json
  • packages/files/package.json
  • packages/icons/package.json
  • packages/keystone/package.json
  • packages/locales/package.json
  • packages/messaging/package.json
  • packages/migrator/package.json
  • packages/miniapp-utils/package.json
  • packages/next/package.json
  • packages/surveys/package.json
  • packages/tsconfig/package.json
  • packages/ui/package.json
  • packages/webhooks/package.json
💤 Files with no reviewable changes (1)
  • packages/tsconfig/package.json
✅ Files skipped from review due to trivial changes (3)
  • packages/clients/package.json
  • apps/rb
  • packages/files/package.json

Comment thread packages/codegen/templates/app00/package.json
Comment on lines 14 to +17
"peerDependencies": {
"next": ">=15",
"react": ">=18.3.1"
"next": "*",
"react": "*",
"react-dom": "*"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check whether featureflags has a corresponding packageExtensions/peerDependenciesMeta entry
rg -n -A10 '"`@open-condo/featureflags`' .yarnrc.yml

Repository: open-condo-software/condo

Length of output: 163


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== packages/featureflags/package.json ==\n'
wc -l packages/featureflags/package.json
sed -n '1,120p' packages/featureflags/package.json

printf '\n== .yarnrc.yml matches ==\n'
rg -n -C 4 'featureflags|react-dom|peerDependenciesMeta|packageExtensions|react:' .yarnrc.yml

Repository: open-condo-software/condo

Length of output: 3705


Mark react-dom optional packages/featureflags/package.json declares react-dom as a peer, but there’s no peerDependenciesMeta entry for this package, so consumers without react-dom will get install warnings.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/featureflags/package.json` around lines 14 - 17, The peer dependency
declaration in package.json needs to mark react-dom as optional so consumers
that don’t use it won’t get install warnings. Update the package’s peer
dependency metadata by adding a peerDependenciesMeta entry for react-dom
alongside the existing peerDependencies block, keeping the change scoped to the
featureflags package manifest.

@AleX83Xpert AleX83Xpert changed the title chore(deps): DOMA-13405 update keystone deps chore(deps): DOMA-13434 update keystone deps Jul 7, 2026
@AleX83Xpert AleX83Xpert force-pushed the codex/update-all-@open-keystone/-dependencies branch from 71cd22b to b5022a7 Compare July 7, 2026 09:23
@AleX83Xpert AleX83Xpert force-pushed the codex/update-all-@open-keystone/-dependencies branch from c2d87e6 to 9cfce28 Compare July 8, 2026 07:50
pahaz and others added 20 commits July 8, 2026 18:49
Trying to keep current versions moved to yarn catalog
…dencies

- Remove insurance app knip config
- Expand resident-app entry points to include bot.js and telegram-bot domains
- Remove storybook from ui package ignore list
- Add admin-ui/index.jsx to KS app entry points
- Remove telegram bot and @types/jest ignore rules
- Refine webpack-cli ignore condition to exclude ui and icons packages
- Add rc-menu dependency to ui package
…le packages

- Remove @types/jest from miniapp, billing, migrator, and miniapp-utils packages
- Update insurance and news-greenhouse submodules
…-service admin-ui index file to .jsx extension
…, radio group stories, and typography stories
@AleX83Xpert AleX83Xpert force-pushed the codex/update-all-@open-keystone/-dependencies branch from 1d22298 to 8b1a8f7 Compare July 8, 2026 14:16
@sonarqubecloud

sonarqubecloud Bot commented Jul 8, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Development

Successfully merging this pull request may close these issues.

3 participants