Update dependency ranges and lockfiles#766
Conversation
Update the shared tsdown version used by package builds and Deno imports. Migrate tsdown configs from deprecated external and noExternal options to the deps namespace introduced by newer tsdown releases. Assisted-by: Codex:gpt-5.5
Update the shared @logtape/file and @logtape/logtape catalog entries for Deno and Node/Bun consumers. Refresh the Deno and pnpm lockfiles so all workspace packages resolve the newer Logtape patch release. Assisted-by: Codex:gpt-5.5
Update @types/estree in the lint package and refresh the lockfiles so Deno, Node.js, and Bun resolve the newer type package consistently. Assisted-by: Codex:gpt-5.5
Update the shared @types/amqplib catalog entry used by the AMQP package and docs. Refresh the pnpm lockfile so Node.js and Bun resolve the newer type package consistently. Assisted-by: Codex:gpt-5.5
Update the CLI package to depend on smol-toml 1.6.1 in both npm and Deno manifests. Refresh the lockfiles so all supported runtimes resolve the same parser version. Assisted-by: Codex:gpt-5.5
Update the CLI image rendering dependencies in the Jimp package family to 1.6.1 across npm and Deno manifests. Refresh the lockfiles for the corresponding image parser transitive updates. Assisted-by: Codex:gpt-5.5
Update the documentation site's direct sanitize-url dependency to 7.1.2 and refresh the corresponding pnpm lockfile entries. Assisted-by: Codex:gpt-5.5
Update asn1js to 3.0.10 across npm and Deno dependency metadata. Move the Deno import to the workspace root so Fedify and vocab-runtime share the same specifier. Assisted-by: Codex:gpt-5.5
Update the documentation site's direct dayjs dependency to 1.11.20 and refresh the corresponding pnpm lockfile entries. Assisted-by: Codex:gpt-5.5
Update yaml for @fedify/vocab-tools while keeping framework compatibility ranges unchanged. The lockfiles now resolve yaml 2.9.0 for Deno and npm consumers. Assisted-by: Codex:gpt-5.5
Update tsx for the Express, Fastify, and Koa examples and for the Fedify package test tooling. This keeps framework dependency ranges unchanged while refreshing the runner used by these packages. Assisted-by: Codex:gpt-5.5
Update dax for the init package and the root Deno import map. This keeps framework integration dependency ranges unchanged while refreshing the shell helper used by init tooling. Assisted-by: Codex:gpt-5.5
Update Valibot for the CLI configuration schema. This refreshes not change any framework integration dependency ranges. Assisted-by: Codex:gpt-5.5
Refresh mysql2 for the MySQL adapter and init templates. This keeps the generated MySQL dependency aligned with the catalog without changing framework integration dependency ranges. Assisted-by: Codex:gpt-5.5
Refresh es-toolkit across the workspace catalog, Deno imports, and package manifests so every direct range resolves to the same current release. Assisted-by: Codex:gpt-5.5
Refresh @cloudflare/workers-types across the catalog and Deno imports so Cloudflare Workers integrations use the current type definitions. Assisted-by: Codex:gpt-5.5
Refresh the direct OpenTelemetry dependency ranges used by Fedify, debugger, fixture, docs, and related workspace packages. This keeps the 2.x SDK packages and semantic conventions aligned with the current compatible releases. Assisted-by: Codex:gpt-5.5
|
ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR updates dependency versions across the codebase and migrates tsdown build configurations. Central catalogs in ChangesDependency updates and tsdown configuration migration
🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/fedify/tsdown.config.ts`:
- Around line 48-61: The neverBundle callback in the deps config uses the wrong
signature; change its parameters to match tsdown v0.22.0 — accept (id: string,
parentId?: string, isResolved?: boolean) — and update internal uses to call
isTestingHelperImporter(parentId) instead of importer, keeping the same return
logic (return true for node: prefix, return for non-@fedify/fixture, otherwise
return !isTestingHelperImporter(parentId)); leave alwaysBundle as-is.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: eb3b9bfd-5654-4b18-b836-1ffcfbc253db
⛔ Files ignored due to path filters (2)
deno.lockis excluded by!**/*.lockpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (28)
deno.jsondocs/package.jsonexamples/express/package.jsonexamples/fastify/package.jsonexamples/koa/package.jsonpackages/cfworkers/deno.jsonpackages/cli/deno.jsonpackages/cli/package.jsonpackages/create/tsdown.config.tspackages/denokv/deno.jsonpackages/fedify/deno.jsonpackages/fedify/package.jsonpackages/fedify/tsdown.config.tspackages/fixture/tsdown.config.tspackages/init/package.jsonpackages/init/src/json/kv.jsonpackages/init/src/json/mq.jsonpackages/init/tsdown.config.tspackages/lint/package.jsonpackages/sqlite/package.jsonpackages/vocab-runtime/deno.jsonpackages/vocab-runtime/tsdown.config.tspackages/vocab-tools/deno.jsonpackages/vocab-tools/package.jsonpackages/vocab-tools/tsdown.config.tspackages/vocab/tsdown.config.tspackages/webfinger/deno.jsonpnpm-workspace.yaml
💤 Files with no reviewable changes (2)
- packages/vocab-runtime/deno.json
- packages/fedify/deno.json
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates various dependencies across the monorepo, including core packages like @cloudflare/workers-types, @opentelemetry, and others, while also refactoring build configurations in packages/fedify, packages/fixture, packages/init, packages/vocab-runtime, packages/vocab-tools, and packages/vocab to use the deps.neverBundle pattern instead of external. I have reviewed the comments provided and determined that they offer specific, actionable guidance on path normalization and build configuration consistency, which are valuable for maintaining the project's build integrity.
Codecov Report✅ All modified and coverable lines are covered by tests. 🚀 New features to boost your workflow:
|
The neverBundle callback's second parameter should be `parentId?: string` (optional) per tsdown/rolldown's ExternalOptionFunction type, not `importer: string | undefined` (required). While TypeScript's callback compatibility allows passing fewer parameters, aligning the name and optionality with the documented API makes the intent clearer and avoids any future type mismatch if the type is checked strictly. fedify-dev#766 (comment) Assisted-by: Claude Code:claude-sonnet-4-6
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request performs a comprehensive update of dependencies across the entire monorepo, affecting core packages, examples, and documentation. Key changes include upgrading various libraries such as OpenTelemetry, Cloudflare Workers types, and es-toolkit, alongside refactoring tsdown configurations to align with version 0.22.0 by transitioning from external and noExternal options to the new deps property. I have no feedback to provide.
|
@codex review |
|
Codex Review: Didn't find any major issues. Another round soon, please! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
2 participants
Description
This PR updates a set of direct dependencies in small, reviewable batches and refreshes both committed lockfiles. The goal is to bring routine dependencies current while avoiding unnecessary version bumps for framework integration packages that still need to support older framework versions.
The updates cover build and test tooling, type packages, logging packages, parser/image/security utilities, database/runtime dependencies, Cloudflare Workers types, and OpenTelemetry packages. Compatibility-sensitive framework dependencies such as Next.js, Express, Koa, Astro, H3, and Preact were left alone unless they changed indirectly through lockfile peer resolution.
Notable manifest changes:
No dependency API migration was needed for these updates, so the source changes are limited to dependency metadata, lockfiles, and generated project templates.
Verification
mise run --jobs=1 testmise run test-each mysqlmise run test-each cfworkersI used
--jobs=1for the fulltesttask because the default parallel dependency execution can make the Node and Bun CLI tests share and remove the same relative test_output_* directories. The same full test task passed when its dependent test tasks ran sequentially.