Skip to content

refactor: run npm audit fix to fix security issues#1529

Merged
stalniy merged 1 commit intomainfrom
chore/npm-audit-fix
Jun 24, 2025
Merged

refactor: run npm audit fix to fix security issues#1529
stalniy merged 1 commit intomainfrom
chore/npm-audit-fix

Conversation

@stalniy
Copy link
Contributor

@stalniy stalniy commented Jun 23, 2025
edited
Loading

What

  1. run npm audit fix which fixed minor dep sec issues
  2. added package-lock diff workflow, to have better understanding of what was changed

Summary by CodeRabbit

  • Chores
    • Updated workflow to include changes to 'package-lock.json' when determining if app validation should be triggered.
    • Improved dependency installation to target specific app workspaces during setup.
    • Added new workflow to automatically display differences in 'package-lock.json' on pull requests.
    • Updated dependency versions for improved stability.
    • Added configuration to exclude test files from certain processing.
    • Enhanced test suite with improved type handling for API response data to increase type safety and clarity.

@stalniy stalniy requested a review from a team as a code owner June 23, 2025 10:39
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jun 23, 2025
edited
Loading

Warning

Rate limit exceeded

@stalniy has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 16 minutes and 55 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 5f9f7b7 and 951242a.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (5)
  • .github/workflows/diff-package-lock.yml (1 hunks)
  • .github/workflows/reusable-should-validate.yml (1 hunks)
  • apps/api/package.json (1 hunks)
  • apps/api/src/auth/routes/send-verification-email/send-verification-email.router.ts (1 hunks)
  • apps/indexer/package.json (1 hunks)

Walkthrough

The GitHub Actions workflows were enhanced to include package-lock.json in the 'app' filter and to add a new workflow that diffs changes in package-lock.json on pull requests to main, posting the diff as a PR comment. The npm install command in the setup-app-deps action was scoped to the specific app workspace. Several package dependency versions and import paths were updated. Many test files and a service were modified to add explicit TypeScript type assertions on JSON responses. A .dcignore file was added to exclude test files from certain processing.

Changes

File(s) Change Summary
.github/workflows/reusable-should-validate.yml Added package-lock.json to the 'app' filter in the paths-filter step
.github/actions/setup-app-deps/action.yml Scoped npm ci command with -w apps/${{ inputs.app }} to install dependencies only in the specified app workspace
.github/workflows/diff-package-lock.yml Added new workflow to diff package-lock.json changes on PRs to main branch and post formatted diff as PR comments
apps/api/package.json Updated dependency "@hono/zod-openapi" from "0.18.0" to "0.18.4"
apps/indexer/package.json Changed "@grpc/grpc-js" version specifier from "^1.10.6" to "~1.10.8"
apps/indexer/src/providers/statusEndpointHandlers/fake-insecure-credentials.ts Changed import of ChannelCredentials to import from package root instead of deep path
apps/indexer/src/providers/statusEndpointHandlers/grpc.ts Changed import paths for parseDecimalKubernetesString and parseSizeStr from absolute to relative
.dcignore Added .dcignore file to exclude test files and folders from processing
apps/api/src/auth/routes/send-verification-email/send-verification-email.router.ts Added as never type assertion on return statement in async handler
apps/api/test/functional/*.spec.ts (multiple test files) Added explicit TypeScript type assertions (as any) or specific types on await response.json() results in tests
apps/api/test/functional/usage.spec.ts Added import of UsageHistoryStats type and used type assertions for JSON responses
apps/api/test/services/wallet-testing.service.ts Added explicit (await response.json()) as any type assertions in service methods

Suggested reviewers

  • ygrishajev

Poem

🐇 In workflows where the lockfiles play,
Changes now hop in a clearer way.
Scoped installs keep the builds so light,
Diffing locks brings PRs insight.
Imports fixed, versions aligned,
A bunny’s touch, so well designed! 🥕✨

✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Jun 23, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
.github/workflows/reusable-should-validate.yml (1)

46-46: Optional: include root package.json
If direct dependency bumps should also fire the workflow, consider adding the root package.json alongside the lockfile.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 57ec76c and 9922a99.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • .github/workflows/reusable-should-validate.yml (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (10)
  • GitHub Check: test-provider-console-build
  • GitHub Check: validate-deploy-web
  • GitHub Check: test-deploy-web-build
  • GitHub Check: validate-provider-proxy
  • GitHub Check: test-provider-proxy-build
  • GitHub Check: test-api-build
  • GitHub Check: validate-api
  • GitHub Check: validate-notifications
  • GitHub Check: validate-stats-web
  • GitHub Check: test-stats-web-build
🔇 Additional comments (1)
.github/workflows/reusable-should-validate.yml (1)

46-46: Add package-lock.json to the app filter
Including the root lockfile ensures any npm audit fix or dependency updates at the repo root trigger validation for this app.

@codecov
Copy link

codecov bot commented Jun 23, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Project coverage is 40.52%. Comparing base (c84d30a) to head (951242a).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...rification-email/send-verification-email.router.ts 0.00% 1 Missing ⚠️

❌ Your patch status has failed because the patch coverage (0.00%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1529      +/-   ##
==========================================
- Coverage   40.52%   40.52%   -0.01%     
==========================================
  Files         871      871              
  Lines       21189    21189              
  Branches     3870     3852      -18     
==========================================
- Hits         8587     8586       -1     
- Misses      11874    11876       +2     
+ Partials      728      727       -1
Flag Coverage Δ
api 71.33% <0.00%> (ø)
deploy-web 18.76% <ø> (-0.01%) ⬇️
notifications 87.87% <ø> (ø)
provider-proxy 82.13% <ø> (ø)
Files with missing lines Coverage Δ
...rification-email/send-verification-email.router.ts 81.81% <0.00%> (ø)

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@stalniy stalniy force-pushed the chore/npm-audit-fix branch from 9922a99 to 7dae64f Compare June 23, 2025 10:59
coderabbitai[bot]
coderabbitai bot reviewed Jun 23, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
.github/actions/setup-app-deps/action.yml (1)

30-30: Scoped workspace install: verify root deps requirements
Using npm ci -w apps/${{ inputs.app }} speeds up installs by targeting only the specified workspace. Please confirm that no root-level dependencies (in node_modules at the repo root) are required by downstream steps, as they won’t be populated here. If root packages are needed, consider installing them alongside the workspace:

-      run: npm ci -w apps/${{ inputs.app }}
+      run: |
+        npm ci              # install root dependencies
+        npm ci -w apps/${{ inputs.app }}
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9922a99 and 7dae64f.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (2)
  • .github/actions/setup-app-deps/action.yml (1 hunks)
  • .github/workflows/reusable-should-validate.yml (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/reusable-should-validate.yml
⏰ Context from checks skipped due to timeout of 90000ms (8)
  • GitHub Check: validate-notifications
  • GitHub Check: validate-api
  • GitHub Check: test-api-build
  • GitHub Check: test-stats-web-build
  • GitHub Check: test-provider-proxy-build
  • GitHub Check: test-provider-console-build
  • GitHub Check: test-deploy-web-build
  • GitHub Check: validate-deploy-web

@stalniy stalniy force-pushed the chore/npm-audit-fix branch 3 times, most recently from c401cd4 to ebffdd3 Compare June 23, 2025 12:40
@stalniy stalniy changed the title chore: run npm audit fix on our repo refactor: run npm audit fix to fix security issues Jun 23, 2025
@stalniy stalniy force-pushed the chore/npm-audit-fix branch from ebffdd3 to b9388a8 Compare June 23, 2025 13:05
coderabbitai[bot]
coderabbitai bot reviewed Jun 23, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
.github/workflows/diff-package-lock.yml (1)

22-22: Pin lock-diff version for stability
Using npx --yes lock-diff pulls the latest version each run, which can introduce unpredictability. Pin to a tested version, e.g.:

diff=$(npx lock-diff@0.3.0 --format=text package-lock-on-main.json package-lock.json)
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7dae64f and b9388a8.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (7)
  • .github/actions/setup-app-deps/action.yml (1 hunks)
  • .github/workflows/diff-package-lock.yml (1 hunks)
  • .github/workflows/reusable-should-validate.yml (1 hunks)
  • apps/api/package.json (1 hunks)
  • apps/indexer/package.json (1 hunks)
  • apps/indexer/src/providers/statusEndpointHandlers/fake-insecure-credentials.ts (1 hunks)
  • apps/indexer/src/providers/statusEndpointHandlers/grpc.ts (1 hunks)
✅ Files skipped from review due to trivial changes (4)
  • apps/indexer/src/providers/statusEndpointHandlers/fake-insecure-credentials.ts
  • apps/api/package.json
  • apps/indexer/package.json
  • apps/indexer/src/providers/statusEndpointHandlers/grpc.ts
🚧 Files skipped from review as they are similar to previous changes (2)
  • .github/workflows/reusable-should-validate.yml
  • .github/actions/setup-app-deps/action.yml
⏰ Context from checks skipped due to timeout of 90000ms (9)
  • GitHub Check: test-provider-console-build
  • GitHub Check: validate-notifications
  • GitHub Check: validate-deploy-web
  • GitHub Check: test-deploy-web-build
  • GitHub Check: validate-api
  • GitHub Check: test-api-build
  • GitHub Check: test-provider-proxy-build
  • GitHub Check: test-indexer-build
  • GitHub Check: test-stats-web-build
🔇 Additional comments (2)
.github/workflows/diff-package-lock.yml (2)

1-2: Workflow naming is clear
The name: Diff package lock succinctly describes the purpose of the workflow.

14-16: Checkout action usage
Leveraging actions/checkout@v4 is up-to-date and correctly retrieves the code for diffing.

@stalniy stalniy force-pushed the chore/npm-audit-fix branch 9 times, most recently from 70aada0 to e9b89e0 Compare June 23, 2025 14:22
@github-actions
Copy link
Contributor

github-actions bot commented Jun 23, 2025
edited
Loading 

  * apps/indexer/node_modules/drizzle-kit                                                    0.31.0 -> 0.31.1
* apps/notifications/node_modules/formidable                                               3.5.2 -> 3.5.4
* apps/provider-proxy/node_modules/brace-expansion                                         1.1.11 -> 1.1.12
* node_modules/@akashnetwork/akashjs                                                       0.10.0 -> 0.10.1
* node_modules/@auth0/nextjs-auth0                                                         3.5.0 -> 3.8.0
* node_modules/@babel/code-frame                                                           7.26.2 -> 7.27.1
* node_modules/@babel/helpers                                                              7.24.7 -> 7.27.6
* node_modules/@babel/runtime                                                              7.25.6 -> 7.27.6
* node_modules/@babel/template                                                             7.25.9 -> 7.27.2
* node_modules/@babel/types                                                                7.27.1 -> 7.27.6
* node_modules/@eslint/eslintrc/node_modules/brace-expansion                               1.1.11 -> 1.1.12
* node_modules/@grpc/grpc-js                                                               1.10.8 -> 1.10.11
* node_modules/@hono/zod-openapi                                                           0.18.0 -> 0.18.4
* node_modules/@humanwhocodes/config-array/node_modules/brace-expansion                    1.1.11 -> 1.1.12
* node_modules/@jest/core/node_modules/brace-expansion                                     1.1.11 -> 1.1.12
* node_modules/@jest/reporters/node_modules/brace-expansion                                1.1.11 -> 1.1.12
* node_modules/@nestjs/common                                                              11.0.11 -> 11.1.3
* node_modules/@next/env                                                                   14.2.25 -> 14.2.30
* node_modules/@next/swc-darwin-arm64                                                      14.2.25 -> 14.2.30
* node_modules/@next/swc-darwin-x64                                                        14.2.25 -> 14.2.30
* node_modules/@next/swc-linux-arm64-gnu                                                   14.2.25 -> 14.2.30
* node_modules/@next/swc-linux-arm64-musl                                                  14.2.25 -> 14.2.30
* node_modules/@next/swc-linux-x64-gnu                                                     14.2.25 -> 14.2.30
* node_modules/@next/swc-linux-x64-musl                                                    14.2.25 -> 14.2.30
* node_modules/@next/swc-win32-arm64-msvc                                                  14.2.25 -> 14.2.30
* node_modules/@next/swc-win32-ia32-msvc                                                   14.2.25 -> 14.2.30
* node_modules/@next/swc-win32-x64-msvc                                                    14.2.25 -> 14.2.30
* node_modules/@noble/curves                                                               1.5.0 -> 1.9.1
* node_modules/@noble/hashes                                                               1.4.0 -> 1.8.0
* node_modules/@opentelemetry/api-logs                                                     0.52.1 -> 0.57.2
* node_modules/@opentelemetry/context-async-hooks                                          1.27.0 -> 1.30.1
* node_modules/@opentelemetry/core                                                         1.27.0 -> 1.30.1
* node_modules/@opentelemetry/instrumentation-amqplib                                      0.42.0 -> 0.46.1
* node_modules/@opentelemetry/instrumentation-connect                                      0.39.0 -> 0.43.0
* node_modules/@opentelemetry/instrumentation-dataloader                                   0.12.0 -> 0.16.0
* node_modules/@opentelemetry/instrumentation-express                                      0.42.0 -> 0.47.0
* node_modules/@opentelemetry/instrumentation-fastify                                      0.39.0 -> 0.44.1
* node_modules/@opentelemetry/instrumentation-fs                                           0.15.0 -> 0.19.0
* node_modules/@opentelemetry/instrumentation-generic-pool                                 0.39.0 -> 0.43.0
* node_modules/@opentelemetry/instrumentation-graphql                                      0.43.0 -> 0.47.0
* node_modules/@opentelemetry/instrumentation-hapi                                         0.41.0 -> 0.45.1
* node_modules/@opentelemetry/instrumentation-ioredis                                      0.43.0 -> 0.47.0
* node_modules/@opentelemetry/instrumentation-kafkajs                                      0.3.0 -> 0.7.0
* node_modules/@opentelemetry/instrumentation-koa                                          0.43.0 -> 0.47.0
* node_modules/@opentelemetry/instrumentation-mongodb                                      0.47.0 -> 0.51.0
* node_modules/@opentelemetry/instrumentation-mongoose                                     0.42.0 -> 0.46.0
* node_modules/@opentelemetry/instrumentation-mysql2                                       0.41.0 -> 0.45.0
* node_modules/@opentelemetry/instrumentation-mysql                                        0.41.0 -> 0.45.0
* node_modules/@opentelemetry/instrumentation-nestjs-core                                  0.40.0 -> 0.44.0
* node_modules/@opentelemetry/instrumentation-pg                                           0.44.0 -> 0.50.0
* node_modules/@opentelemetry/instrumentation-redis-4                                      0.42.0 -> 0.46.0
* node_modules/@opentelemetry/instrumentation-undici/node_modules/@opentelemetry/api-logs -> node_modules/@prisma/instrumentation/node_modules/ opentelemetry/api-logs
* node_modules/@opentelemetry/instrumentation-undici/node_modules/@opentelemetry/instrumentation -> node_modules/@prisma/instrumentation/node_modules/ opentelemetry/instrumentation
* node_modules/@opentelemetry/instrumentation-undici                                       0.6.0 -> 0.10.0
* node_modules/@opentelemetry/instrumentation                                              0.52.1 -> 0.57.2
* node_modules/@opentelemetry/resources                                                    1.27.0 -> 1.30.1
* node_modules/@opentelemetry/sdk-trace-base                                               1.27.0 -> 1.30.1
* node_modules/@opentelemetry/semantic-conventions                                         1.27.0 -> 1.34.0
* node_modules/@prisma/instrumentation                                                     5.19.1 -> 5.22.0
* node_modules/@rollup/plugin-commonjs                                                     26.0.1 -> 28.0.1
* node_modules/@rollup/pluginutils                                                         5.1.0 -> 5.2.0
* node_modules/@sentry-internal/browser-utils/node_modules/@sentry/core                    8.34.0 -> 8.55.0
* node_modules/@sentry-internal/browser-utils                                              8.34.0 -> 8.55.0
* node_modules/@sentry-internal/feedback/node_modules/@sentry/core                         8.34.0 -> 8.55.0
* node_modules/@sentry-internal/feedback                                                   8.34.0 -> 8.55.0
* node_modules/@sentry-internal/replay-canvas/node_modules/@sentry/core                    8.34.0 -> 8.55.0
* node_modules/@sentry-internal/replay-canvas                                              8.34.0 -> 8.55.0
* node_modules/@sentry-internal/replay/node_modules/@sentry/core                           8.34.0 -> 8.55.0
* node_modules/@sentry-internal/replay                                                     8.34.0 -> 8.55.0
* node_modules/@sentry/babel-plugin-component-annotate                                     2.22.3 -> 2.22.7
* node_modules/@sentry/browser/node_modules/@sentry/core                                   8.34.0 -> 8.55.0
* node_modules/@sentry/browser                                                             8.34.0 -> 8.55.0
* node_modules/@sentry/bundler-plugin-core/node_modules/dotenv                             16.4.5 -> 16.5.0
* node_modules/@sentry/bundler-plugin-core                                                 2.22.3 -> 2.22.7
* node_modules/@sentry/cli-darwin                                                          2.36.1 -> 2.39.1
* node_modules/@sentry/cli-linux-arm64                                                     2.36.1 -> 2.39.1
* node_modules/@sentry/cli-linux-arm                                                       2.36.1 -> 2.39.1
* node_modules/@sentry/cli-linux-i686                                                      2.36.1 -> 2.39.1
* node_modules/@sentry/cli-linux-x64                                                       2.36.1 -> 2.39.1
* node_modules/@sentry/cli-win32-i686                                                      2.36.1 -> 2.39.1
* node_modules/@sentry/cli-win32-x64                                                       2.36.1 -> 2.39.1
* node_modules/@sentry/cli                                                                 2.36.1 -> 2.39.1
* node_modules/@sentry/nextjs/node_modules/@opentelemetry/api-logs                         0.53.0 -> 0.57.1
* node_modules/@sentry/nextjs/node_modules/@opentelemetry/instrumentation-http             0.53.0 -> 0.57.1
* node_modules/@sentry/nextjs/node_modules/@opentelemetry/instrumentation-lru-memoizer     0.40.0 -> 0.44.0
* node_modules/@sentry/nextjs/node_modules/@opentelemetry/instrumentation                  0.53.0 -> 0.57.1
* node_modules/@sentry/nextjs/node_modules/@sentry/core                                    8.34.0 -> 8.55.0
* node_modules/@sentry/nextjs/node_modules/@sentry/node                                    8.34.0 -> 8.55.0
* node_modules/@sentry/nextjs                                                              8.34.0 -> 8.55.0
* node_modules/@sentry/react/node_modules/@sentry/core                                     8.34.0 -> 8.55.0
* node_modules/@sentry/react                                                               8.34.0 -> 8.55.0
* node_modules/@sentry/vercel-edge/node_modules/@sentry/core                               8.34.0 -> 8.55.0
* node_modules/@sentry/vercel-edge                                                         8.34.0 -> 8.55.0
* node_modules/@sentry/webpack-plugin                                                      2.22.3 -> 2.22.7
* node_modules/@walletconnect/core/node_modules/@walletconnect/types                       2.17.2 -> 2.21.3
* node_modules/@walletconnect/core                                                         2.17.2 -> 2.21.3
* node_modules/@walletconnect/jsonrpc-ws-connection                                        1.0.14 -> 1.0.16
* node_modules/@walletconnect/relay-auth                                                   1.0.4 -> 1.1.0
* node_modules/@walletconnect/sign-client/node_modules/@walletconnect/types                2.17.2 -> 2.21.3
* node_modules/@walletconnect/sign-client                                                  2.17.2 -> 2.21.3
* node_modules/@walletconnect/utils/node_modules/@walletconnect/types                      2.17.2 -> 2.21.3
* node_modules/@walletconnect/utils                                                        2.17.2 -> 2.21.3
* node_modules/alias-hq/node_modules/brace-expansion                                       1.1.11 -> 1.1.12
* node_modules/ast-types                                                                   0.14.2 -> 0.13.4
* node_modules/boxen/node_modules/camelcase                                                7.0.1 -> 8.0.0
* node_modules/boxen/node_modules/chalk                                                    5.3.0 -> 5.4.1
* node_modules/boxen/node_modules/string-width                                             5.1.2 -> 7.2.0
* node_modules/boxen/node_modules/type-fest                                                2.19.0 -> 4.41.0
* node_modules/boxen/node_modules/wrap-ansi                                                8.1.0 -> 9.0.0
* node_modules/boxen                                                                       7.1.1 -> 8.0.1
* node_modules/brace-expansion                                                             2.0.1 -> 2.0.2
* node_modules/configstore/node_modules/dot-prop                                           6.0.1 -> 9.0.0
* node_modules/configstore/node_modules/type-fest                                          1.4.0 -> 4.41.0
* node_modules/configstore                                                                 6.0.0 -> 7.0.0
* node_modules/cookie                                                                      0.6.0 -> 0.7.2
* node_modules/create-jest/node_modules/brace-expansion                                    1.1.11 -> 1.1.12
* node_modules/cross-spawn                                                                 7.0.3 -> 7.0.6
* node_modules/del/node_modules/brace-expansion                                            1.1.11 -> 1.1.12
* node_modules/dot-object/node_modules/brace-expansion                                     1.1.11 -> 1.1.12
* node_modules/elliptic                                                                    6.6.0 -> 6.6.1
* node_modules/eslint-plugin-import/node_modules/brace-expansion                           1.1.11 -> 1.1.12
* node_modules/eslint-plugin-jsx-a11y/node_modules/brace-expansion                         1.1.11 -> 1.1.12
* node_modules/eslint-plugin-react/node_modules/brace-expansion                            1.1.11 -> 1.1.12
* node_modules/eslint/node_modules/brace-expansion                                         1.1.11 -> 1.1.12
* node_modules/express                                                                     4.21.1 -> 4.21.2
* node_modules/fork-ts-checker-webpack-plugin/node_modules/brace-expansion                 1.1.11 -> 1.1.12
* node_modules/formidable                                                                  2.1.2 -> 2.1.5
* node_modules/get-uri                                                                     6.0.3 -> 6.0.4
* node_modules/import-in-the-middle                                                        1.11.0 -> 1.14.2
* node_modules/is-in-ci                                                                    0.1.0 -> 1.0.0
* node_modules/jake/node_modules/brace-expansion                                           1.1.11 -> 1.1.12
* node_modules/jest-cli/node_modules/brace-expansion                                       1.1.11 -> 1.1.12
* node_modules/jest-runtime/node_modules/brace-expansion                                   1.1.11 -> 1.1.12
* node_modules/ky                                                                          1.7.2 -> 1.8.1
* node_modules/nanoid                                                                      3.3.7 -> 3.3.11
* node_modules/next                                                                        14.2.25 -> 14.2.30
* node_modules/node-dir/node_modules/brace-expansion                                       1.1.11 -> 1.1.12
* node_modules/nodemon-webpack-plugin/node_modules/brace-expansion                         1.1.11 -> 1.1.12
* node_modules/nodemon/node_modules/brace-expansion                                        1.1.11 -> 1.1.12
* node_modules/oauth4webapi                                                                2.12.0 -> 2.17.0
* node_modules/oidc-token-hash                                                             5.0.3 -> 5.1.0
* node_modules/openid-client                                                               5.6.5 -> 5.7.1
* node_modules/ora/node_modules/chalk                                                      5.3.0 -> 5.4.1
* node_modules/ora/node_modules/cli-cursor                                                 4.0.0 -> 5.0.0
* node_modules/ora/node_modules/restore-cursor                                             4.0.0 -> 5.1.0
* node_modules/ora                                                                         8.0.1 -> 8.1.1
* node_modules/pac-proxy-agent/node_modules/agent-base                                     7.1.1 -> 7.1.3
* node_modules/pac-proxy-agent/node_modules/https-proxy-agent                              7.0.5 -> 7.0.6
* node_modules/pac-proxy-agent                                                             7.0.2 -> 7.2.0
* node_modules/path-to-regexp                                                              0.1.10 -> 0.1.12
* node_modules/proxy-agent/node_modules/agent-base                                         7.1.1 -> 7.1.3
* node_modules/proxy-agent/node_modules/https-proxy-agent                                  7.0.5 -> 7.0.6
* node_modules/proxy-agent                                                                 6.4.0 -> 6.5.0
* node_modules/registry-auth-token                                                         5.0.2 -> 5.1.0
* node_modules/release-it/node_modules/@octokit/endpoint                                   9.0.5 -> 9.0.6
* node_modules/release-it/node_modules/@octokit/request-error                              5.1.0 -> 5.1.1
* node_modules/release-it/node_modules/@octokit/request                                    8.4.0 -> 8.4.1
* node_modules/release-it/node_modules/chalk                                               5.3.0 -> 5.4.1
* node_modules/release-it/node_modules/ci-info                                             4.0.0 -> 4.2.0
* node_modules/release-it/node_modules/execa                                               8.0.1 -> 8.0.0
* node_modules/release-it                                                                  17.7.0 -> 17.11.0
* node_modules/rimraf/node_modules/brace-expansion                                         1.1.11 -> 1.1.12
* node_modules/rollup                                                                      2.78.0 -> 2.79.2
* node_modules/semver                                                                      7.6.2 -> 7.6.3
* node_modules/sequelize-typescript/node_modules/brace-expansion                           1.1.11 -> 1.1.12
* node_modules/shelljs/node_modules/brace-expansion                                        1.1.11 -> 1.1.12
* node_modules/socks-proxy-agent/node_modules/agent-base                                   7.1.1 -> 7.1.3
* node_modules/socks-proxy-agent                                                           8.0.4 -> 8.0.5
* node_modules/tar-fs                                                                      2.1.1 -> 2.1.3
* node_modules/temp/node_modules/brace-expansion                                           1.1.11 -> 1.1.12
* node_modules/test-exclude/node_modules/brace-expansion                                   1.1.11 -> 1.1.12
* node_modules/ts-node                                                                     8.10.2 -> 10.9.2
* node_modules/uint8arrays                                                                 3.1.0 -> 3.1.1
* node_modules/update-notifier/node_modules/chalk                                          5.3.0 -> 5.4.1
* node_modules/update-notifier                                                             7.1.0 -> 7.3.1
* node_modules/widest-line/node_modules/string-width                                       5.1.2 -> 7.2.0
* node_modules/widest-line                                                                 4.0.1 -> 5.0.0
* node_modules/wildcard-match                                                              5.1.3 -> 5.1.4
* node_modules/workbox-build/node_modules/brace-expansion                                  1.1.11 -> 1.1.12
* node_modules/ws                                                                          8.18.0 -> 8.18.2
+ node_modules/@adraffy/ens-normalize                                                      1.11.0  
+ node_modules/@akashnetwork/akashjs/node_modules/@cosmjs/encoding                         0.32.4  
+ node_modules/@akashnetwork/akashjs/node_modules/@cosmjs/math                             0.32.4  
+ node_modules/@akashnetwork/akashjs/node_modules/@cosmjs/stargate                         0.32.4  
+ node_modules/@msgpack/msgpack                                                            3.1.2   
+ node_modules/@nestjs/common/node_modules/file-type                                       21.0.0  
+ node_modules/@nestjs/common/node_modules/strtok3                                         10.3.1  
+ node_modules/@opentelemetry/instrumentation-pg/node_modules/@opentelemetry/semantic-conventions 1.27.0  
+ node_modules/@paralleldrive/cuid2                                                        2.2.2   
+ node_modules/@rollup/plugin-commonjs/node_modules/fdir                                   6.4.6   
+ node_modules/@rollup/pluginutils/node_modules/picomatch                                  4.0.2   
+ node_modules/@scure/bip32                                                                1.7.0   
+ node_modules/@scure/bip39                                                                1.6.0   
+ node_modules/@scure/starknet/node_modules/@noble/hashes                                  1.6.1   
+ node_modules/@scure/starknet                                                             1.1.0   
+ node_modules/@sentry/nextjs/node_modules/@opentelemetry/instrumentation-knex             0.44.0  
+ node_modules/@sentry/nextjs/node_modules/@opentelemetry/instrumentation-tedious          0.18.0  
+ node_modules/@sentry/nextjs/node_modules/@opentelemetry/semantic-conventions             1.28.0  
+ node_modules/@sentry/opentelemetry/node_modules/@sentry/core                             8.55.0  
+ node_modules/@sentry/opentelemetry                                                       8.55.0  
+ node_modules/@tokenizer/inflate                                                          0.2.7   
+ node_modules/@walletconnect/relay-auth/node_modules/@noble/curves                        1.8.0   
+ node_modules/@walletconnect/relay-auth/node_modules/@noble/hashes                        1.7.0   
+ node_modules/@walletconnect/utils/node_modules/@noble/curves                             1.9.2   
+ node_modules/@walletconnect/utils/node_modules/@scure/base                               1.2.6   
+ node_modules/@walletconnect/utils/node_modules/base-x                                    5.0.1   
+ node_modules/@walletconnect/utils/node_modules/bs58                                      6.0.0   
+ node_modules/abi-wan-kanabi/node_modules/fs-extra                                        10.1.0  
+ node_modules/abi-wan-kanabi                                                              2.2.4   
+ node_modules/abitype                                                                     1.0.8   
+ node_modules/ansicolors                                                                  0.3.2   
+ node_modules/atomically                                                                  2.0.3   
+ node_modules/blakejs                                                                     1.2.1   
+ node_modules/cardinal                                                                    2.1.1   
+ node_modules/es-toolkit                                                                  1.39.3  
+ node_modules/fetch-cookie                                                                3.0.1   
+ node_modules/fflate                                                                      0.8.2   
+ node_modules/isomorphic-fetch                                                            3.0.0   
+ node_modules/isows                                                                       1.0.7   
+ node_modules/load-esm                                                                    1.0.2   
+ node_modules/lossless-json                                                               4.1.0   
+ node_modules/ora/node_modules/onetime                                                    7.0.0   
+ node_modules/ora/node_modules/signal-exit                                                4.1.0   
+ node_modules/ox/node_modules/@noble/ciphers                                              1.3.0   
+ node_modules/ox/node_modules/eventemitter3                                               5.0.1   
+ node_modules/ox                                                                          0.7.1   
+ node_modules/redeyed                                                                     2.1.1   
+ node_modules/set-cookie-parser                                                           2.7.1   
+ node_modules/starknet-types-07                                                           0.7.10  
+ node_modules/starknet/node_modules/@noble/curves                                         1.7.0   
+ node_modules/starknet/node_modules/@noble/hashes                                         1.6.0   
+ node_modules/starknet/node_modules/@scure/base                                           1.2.1   
+ node_modules/starknet                                                                    6.24.1  
+ node_modules/stubborn-fs                                                                 1.2.5   
+ node_modules/ts-mixer                                                                    6.0.4   
+ node_modules/viem                                                                        2.31.0  
+ node_modules/when-exit                                                                   2.1.4   
+ node_modules/widest-line/node_modules/emoji-regex                                        10.4.0  
- apps/notifications/node_modules/arg                                                      4.1.3   
- apps/notifications/node_modules/hexoid                                                   2.0.0   
- apps/notifications/node_modules/ts-node                                                  10.9.2  
- apps/provider-proxy/node_modules/@hono/zod-openapi                                       0.18.4  
- node_modules/@cosmjs/cli/node_modules/cliui                                              6.0.0   
- node_modules/@cosmjs/cli/node_modules/find-up                                            4.1.0   
- node_modules/@cosmjs/cli/node_modules/locate-path                                        5.0.0   
- node_modules/@cosmjs/cli/node_modules/p-limit                                            2.3.0   
- node_modules/@cosmjs/cli/node_modules/p-locate                                           4.1.0   
- node_modules/@cosmjs/cli/node_modules/typescript                                         4.4.4   
- node_modules/@cosmjs/cli/node_modules/wrap-ansi                                          6.2.0   
- node_modules/@cosmjs/cli/node_modules/y18n                                               4.0.3   
- node_modules/@cosmjs/cli/node_modules/yargs-parser                                       18.1.3  
- node_modules/@cosmjs/cli/node_modules/yargs                                              15.4.1  
- node_modules/@cosmjs/cli                                                                 0.28.13 
- node_modules/@cosmjs/faucet-client                                                       0.28.13 
- node_modules/@cosmjs/ledger-amino                                                        0.28.13 
- node_modules/@ethersproject/abstract-provider                                            5.7.0   
- node_modules/@ethersproject/abstract-signer                                              5.7.0   
- node_modules/@ethersproject/base64                                                       5.7.0   
- node_modules/@ethersproject/constants                                                    5.7.0   
- node_modules/@ethersproject/hash                                                         5.7.0   
- node_modules/@ethersproject/networks                                                     5.7.1   
- node_modules/@ethersproject/properties                                                   5.7.0   
- node_modules/@ethersproject/signing-key/node_modules/elliptic/node_modules/bn.js         4.12.1  
- node_modules/@ethersproject/signing-key/node_modules/elliptic                            6.5.4   
- node_modules/@ethersproject/signing-key                                                  5.7.0   
- node_modules/@ethersproject/strings                                                      5.7.0   
- node_modules/@ethersproject/transactions                                                 5.7.0   
- node_modules/@ethersproject/web                                                          5.7.1   
- node_modules/@ledgerhq/devices/node_modules/rxjs                                         6.6.7   
- node_modules/@ledgerhq/devices                                                           5.51.1  
- node_modules/@ledgerhq/errors                                                            5.50.0  
- node_modules/@ledgerhq/hw-transport                                                      5.51.1  
- node_modules/@ledgerhq/logs                                                              5.50.0  
- node_modules/@opentelemetry/sdk-metrics                                                  1.27.0  
- node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/semantic-conventions    1.34.0  
- node_modules/@opentelemetry/sdk-trace-node/node_modules/@opentelemetry/semantic-conventions 1.30.0  
- node_modules/@sentry/nextjs/node_modules/@opentelemetry/core                             1.26.0  
- node_modules/@sentry/nextjs/node_modules/@sentry/opentelemetry                           8.34.0  
- node_modules/@sentry/vercel-edge/node_modules/@sentry/types                              8.34.0  
- node_modules/@sentry/vercel-edge/node_modules/@sentry/utils                              8.34.0  
- node_modules/@stablelib/aead                                                             1.0.1   
- node_modules/@stablelib/binary                                                           1.0.1   
- node_modules/@stablelib/bytes                                                            1.0.1   
- node_modules/@stablelib/chacha20poly1305                                                 1.0.1   
- node_modules/@stablelib/chacha                                                           1.0.1   
- node_modules/@stablelib/constant-time                                                    1.0.1   
- node_modules/@stablelib/ed25519                                                          1.0.3   
- node_modules/@stablelib/hash                                                             1.0.1   
- node_modules/@stablelib/hkdf                                                             1.0.1   
- node_modules/@stablelib/hmac                                                             1.0.1   
- node_modules/@stablelib/int                                                              1.0.1   
- node_modules/@stablelib/keyagreement                                                     1.0.1   
- node_modules/@stablelib/poly1305                                                         1.0.1   
- node_modules/@stablelib/random                                                           1.0.2   
- node_modules/@stablelib/sha256                                                           1.0.1   
- node_modules/@stablelib/sha512                                                           1.0.1   
- node_modules/@stablelib/wipe                                                             1.0.1   
- node_modules/@stablelib/x25519                                                           1.0.3   
- node_modules/@walletconnect/relay-auth/node_modules/tslib                                1.14.1  
- node_modules/babylon                                                                     6.18.0  
- node_modules/configstore/node_modules/crypto-random-string                               4.0.0   
- node_modules/configstore/node_modules/is-obj                                             2.0.0   
- node_modules/configstore/node_modules/unique-string                                      3.0.0   
- node_modules/configstore/node_modules/write-file-atomic                                  3.0.3   
- node_modules/cosmwasm/node_modules/@cosmjs/amino                                         0.28.13 
- node_modules/cosmwasm/node_modules/@cosmjs/cosmwasm-stargate                             0.28.13 
- node_modules/cosmwasm/node_modules/@cosmjs/json-rpc                                      0.28.13 
- node_modules/cosmwasm/node_modules/@cosmjs/proto-signing                                 0.28.13 
- node_modules/cosmwasm/node_modules/@cosmjs/socket                                        0.28.13 
- node_modules/cosmwasm/node_modules/@cosmjs/stream                                        0.28.13 
- node_modules/cosmwasm/node_modules/@cosmjs/tendermint-rpc                                0.28.13 
- node_modules/cosmwasm/node_modules/@cosmjs/utils                                         0.28.13 
- node_modules/cosmwasm/node_modules/axios                                                 0.21.4  
- node_modules/cosmwasm/node_modules/cosmjs-types                                          0.4.1   
- node_modules/cosmwasm/node_modules/long                                                  4.0.0   
- node_modules/cosmwasm/node_modules/ws                                                    7.5.10  
- node_modules/cosmwasm                                                                    1.1.1   
- node_modules/degenerator/node_modules/ast-types                                          0.13.4  
- node_modules/did-jwt/node_modules/uint8arrays                                            3.1.1   
- node_modules/get-uri/node_modules/fs-extra                                               11.2.0  
- node_modules/hexoid                                                                      1.0.0   
- node_modules/import-lazy                                                                 4.0.0   
- node_modules/is-typedarray                                                               1.0.0   
- node_modules/ledger-cosmos-js                                                            2.1.8   
- node_modules/lodash.isequal                                                              4.5.0   
- node_modules/recast                                                                      0.20.5  
- node_modules/regenerator-runtime                                                         0.14.1  
- node_modules/semver-diff                                                                 4.0.0   
- node_modules/ts-jest/node_modules/semver                                                 7.6.3   
- node_modules/ts-node/node_modules/buffer-from                                            1.1.2   
- node_modules/ts-node/node_modules/source-map-support                                     0.5.21  
- node_modules/ts-node/node_modules/source-map                                             0.6.1   
- node_modules/typedarray-to-buffer                                                        3.1.5   
- packages/jwt/node_modules/elliptic/node_modules/bn.js                                    4.12.2  
- packages/jwt/node_modules/elliptic                                                       6.6.1

@stalniy stalniy force-pushed the chore/npm-audit-fix branch 7 times, most recently from b04556c to 67e8ced Compare June 23, 2025 15:43
coderabbitai[bot]
coderabbitai bot reviewed Jun 23, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
.github/workflows/diff-package-lock.yml (1)

30-41: Preserve diff order and simplify quoting
Sorting the diff (| sort) breaks hunk context. To maintain readability and avoid complex nested quotes, use a here-doc and skip sorting, for example:

+ body=$(cat <<EOF
+ ### Diff on package-lock
+
+ \`\`\`diff
+ $(echo "$diff" | sed -E 's/\x1b\[[0-9;]*m//g/')
+ \`\`\`
+ EOF
+ )

Then pass --body "$body" (or --body-file).

🧹 Nitpick comments (9)
.github/workflows/diff-package-lock.yml (3)

3-9: Ensure workflow runs in PR context with correct permissions
Currently the pull_request trigger may not expose write access for GITHUB_TOKEN on PRs from forks, leading gh pr comment to fail silently. Consider switching to pull_request_target (keeping the same paths filter) if you need to reliably comment on forked PRs.

21-23: Pin diff-package-lock to a known version
Running npx --yes diff-package-lock installs the latest release each time, which may introduce breaking changes. Consider specifying a version, e.g. npx --yes diff-package-lock@1.2.3, to ensure consistency.

24-28: Enable strict error handling
Rather than manually checking $?, add set -euo pipefail (or at least set -e) at the top of the run script to fail fast on any command error, including diff-package-lock failures.

apps/api/test/functional/api-key.spec.ts (1)

149-149: Consider using more specific types instead of any for better type safety.

While these type assertions were likely necessary due to dependency updates from the npm audit fix, consider defining proper interfaces for the expected JSON response structures instead of using as any. This would maintain type safety while still addressing the compilation issues.

For example, you could define interfaces like:

interface ApiKeyListResponse {
  data: ApiKeyData[];
}

interface ApiKeyResponse {
  data: ApiKeyData;
}

Then use (await response.json()) as ApiKeyListResponse instead of as any.

Also applies to: 196-196, 243-243, 356-356

apps/api/test/functional/providers.spec.ts (1)

106-106: Apply consistent typing strategy for JSON responses.

The type assertions to any are consistent with the broader refactoring pattern, but consider defining a Provider[] or ProviderResponse interface to maintain type safety while addressing the compilation requirements from the dependency updates.

Example:

interface ProviderResponse extends Provider {
  // additional response fields if any
}

const data = (await response.json()) as ProviderResponse[];

Also applies to: 115-115, 124-124, 135-135

apps/api/test/functional/transactions.spec.ts (1)

42-42: Leverage existing Transaction type for better type safety.

Since the Transaction type is already imported from @akashnetwork/database/dbSchemas/base, consider using it instead of any:

-const transactionsFound = (await response.json()) as any;
+const transactionsFound = (await response.json()) as Transaction[];

-const transactionFound = (await response.json()) as any;
+const transactionFound = (await response.json()) as Transaction;

This maintains type safety while addressing the dependency update requirements.

Also applies to: 64-64

apps/api/test/services/wallet-testing.service.ts (1)

15-15: Define proper interfaces for the wallet testing service responses.

Since this service is used across multiple tests, consider defining proper response interfaces to improve type safety throughout the test suite:

interface UserResponse {
  data: { id: string };
  token: string;
}

interface WalletResponse {
  data: { id: number; address: string; creditAmount: number };
}

interface StartTrialResponse {
  data: { id: number; address: string; creditAmount: number };
}

Then use these specific types instead of as any:

-const { data: wallet } = (await walletResponse.json()) as any;
+const { data: wallet } = (await walletResponse.json()) as StartTrialResponse;

-const { data: user, token } = (await userResponse.json()) as any;
+const { data: user, token } = (await userResponse.json()) as UserResponse;

-const { data } = (await walletResponse.json()) as any;
+const { data } = (await walletResponse.json()) as WalletResponse;

Also applies to: 25-25, 34-34

apps/api/test/functional/balances.spec.ts (1)

47-47: Define interface for balance response structure.

Since the tests verify specific properties of the balance response, consider defining a proper interface that matches the expected structure:

interface BalanceResponse {
  data: {
    balance: number;
    deployments: number;
    total: number;
  };
}

Then use:

-const result = (await response.json()) as any;
+const result = (await response.json()) as BalanceResponse;

This provides better type safety and makes the expected response structure explicit in the code.

Also applies to: 76-76

apps/api/test/functional/lease-flow.spec.ts (1)

141-141: Consider using more specific types instead of any.

While the explicit type assertions improve clarity, using any reduces TypeScript's type checking benefits. Consider defining specific interfaces for these response types to maintain better type safety.

For example, instead of:

const { certPem, encryptedKey } = ((await certResponse.json()) as any).data;

Consider:

const { certPem, encryptedKey } = ((await certResponse.json()) as { data: { certPem: string; encryptedKey: string } }).data;

Also applies to: 155-155, 166-166, 202-202, 222-222, 242-242, 251-251, 263-263

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b9388a8 and 67e8ced.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (33)
  • .dcignore (1 hunks)
  • .github/actions/setup-app-deps/action.yml (1 hunks)
  • .github/workflows/diff-package-lock.yml (1 hunks)
  • .github/workflows/reusable-should-validate.yml (1 hunks)
  • apps/api/package.json (1 hunks)
  • apps/api/src/auth/routes/send-verification-email/send-verification-email.router.ts (1 hunks)
  • apps/api/test/functional/anonymous-user.spec.ts (2 hunks)
  • apps/api/test/functional/api-key.spec.ts (4 hunks)
  • apps/api/test/functional/auditors.spec.ts (1 hunks)
  • apps/api/test/functional/balances.spec.ts (2 hunks)
  • apps/api/test/functional/bids.spec.ts (3 hunks)
  • apps/api/test/functional/blocks.spec.ts (2 hunks)
  • apps/api/test/functional/dashboard-data.spec.ts (1 hunks)
  • apps/api/test/functional/deployment-setting.spec.ts (3 hunks)
  • apps/api/test/functional/deployments.spec.ts (10 hunks)
  • apps/api/test/functional/graph-data.spec.ts (1 hunks)
  • apps/api/test/functional/lease-flow.spec.ts (10 hunks)
  • apps/api/test/functional/leases-duration.spec.ts (1 hunks)
  • apps/api/test/functional/market-data.spec.ts (2 hunks)
  • apps/api/test/functional/provider-attributes-schema.spec.ts (1 hunks)
  • apps/api/test/functional/provider-dashboard.spec.ts (2 hunks)
  • apps/api/test/functional/provider-deployments.spec.ts (3 hunks)
  • apps/api/test/functional/provider-graph-data.spec.ts (2 hunks)
  • apps/api/test/functional/provider-regions.spec.ts (1 hunks)
  • apps/api/test/functional/providers.spec.ts (4 hunks)
  • apps/api/test/functional/sign-and-broadcast-tx.spec.ts (1 hunks)
  • apps/api/test/functional/start-trial.spec.ts (1 hunks)
  • apps/api/test/functional/transactions.spec.ts (2 hunks)
  • apps/api/test/functional/usage.spec.ts (3 hunks)
  • apps/api/test/services/wallet-testing.service.ts (3 hunks)
  • apps/indexer/package.json (1 hunks)
  • apps/indexer/src/providers/statusEndpointHandlers/fake-insecure-credentials.ts (1 hunks)
  • apps/indexer/src/providers/statusEndpointHandlers/grpc.ts (1 hunks)
✅ Files skipped from review due to trivial changes (15)
  • apps/api/src/auth/routes/send-verification-email/send-verification-email.router.ts
  • apps/api/test/functional/graph-data.spec.ts
  • apps/api/test/functional/anonymous-user.spec.ts
  • apps/api/test/functional/provider-attributes-schema.spec.ts
  • .dcignore
  • apps/indexer/src/providers/statusEndpointHandlers/grpc.ts
  • apps/api/test/functional/provider-dashboard.spec.ts
  • apps/api/test/functional/leases-duration.spec.ts
  • apps/api/test/functional/provider-deployments.spec.ts
  • apps/api/test/functional/blocks.spec.ts
  • apps/api/test/functional/auditors.spec.ts
  • apps/api/test/functional/sign-and-broadcast-tx.spec.ts
  • apps/api/test/functional/provider-graph-data.spec.ts
  • apps/api/test/functional/deployments.spec.ts
  • apps/api/test/functional/usage.spec.ts
🚧 Files skipped from review as they are similar to previous changes (5)
  • apps/api/package.json
  • apps/indexer/src/providers/statusEndpointHandlers/fake-insecure-credentials.ts
  • apps/indexer/package.json
  • .github/workflows/reusable-should-validate.yml
  • .github/actions/setup-app-deps/action.yml
⏰ Context from checks skipped due to timeout of 90000ms (9)
  • GitHub Check: validate-deploy-web
  • GitHub Check: test-deploy-web-build
  • GitHub Check: test-provider-proxy-build
  • GitHub Check: test-provider-console-build
  • GitHub Check: test-indexer-build
  • GitHub Check: test-api-build
  • GitHub Check: validate-api
  • GitHub Check: test-stats-web-build
  • GitHub Check: validate-notifications
🔇 Additional comments (13)
apps/api/test/functional/bids.spec.ts (3)

128-128: LGTM! Explicit type casting improves type safety.

The addition of explicit TypeScript type assertion for JSON response parsing is a good practice that addresses potential type strictness issues.

147-147: LGTM! Consistent type casting pattern.

The explicit type assertion maintains consistency with the codebase-wide pattern for handling JSON responses in tests.

167-167: LGTM! Type safety improvement.

The type assertion properly handles the JSON response parsing with explicit typing.

apps/api/test/functional/dashboard-data.spec.ts (1)

208-208: LGTM! Type safety improvement for JSON response handling.

The explicit TypeScript type assertion is consistent with the codebase-wide pattern and properly addresses type strictness requirements.

apps/api/test/functional/provider-regions.spec.ts (1)

43-43: LGTM! Consistent type assertion pattern.

The explicit type casting aligns with the repository-wide standardization of JSON response handling in functional tests.

apps/api/test/functional/market-data.spec.ts (2)

47-47: LGTM! Proper type handling for JSON responses.

The explicit type assertion improves TypeScript type safety and follows the consistent pattern across the test suite.

80-80: LGTM! Consistent type casting implementation.

The type assertion maintains consistency with the codebase pattern for handling JSON responses in parameterized tests.

apps/api/test/functional/start-trial.spec.ts (1)

31-31: LGTM! Type safety improvement with destructuring.

The explicit type assertion before destructuring the JSON response follows the consistent pattern and properly addresses TypeScript type strictness requirements.

apps/api/test/functional/deployment-setting.spec.ts (3)

181-181: Good improvement to type safety!

The explicit type assertion makes the expected response structure clear and improves TypeScript type checking.

234-234: Consistent type assertion pattern applied.

This follows the same pattern as the other changes in the file, maintaining consistency across the test suite.

305-305: Type safety enhancement looks good.

The explicit type assertion aligns with the broader pattern being applied across the functional test suite.

apps/api/test/functional/lease-flow.spec.ts (2)

107-107: Excellent use of specific type assertion.

Using { data: BidResponse[] } provides proper type safety while making the expected response structure explicit.

130-130: Good specific typing for balance response.

The detailed type assertion { data: { balance: number; deployments: number; total: number } } provides excellent type safety and documentation of the expected response structure.

@stalniy stalniy force-pushed the chore/npm-audit-fix branch 2 times, most recently from 8ad4e6f to 3239392 Compare June 23, 2025 16:09
coderabbitai[bot]
coderabbitai bot reviewed Jun 23, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 67e8ced and 3239392.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (33)
  • .dcignore (1 hunks)
  • .github/actions/setup-app-deps/action.yml (1 hunks)
  • .github/workflows/diff-package-lock.yml (1 hunks)
  • .github/workflows/reusable-should-validate.yml (1 hunks)
  • apps/api/package.json (1 hunks)
  • apps/api/src/auth/routes/send-verification-email/send-verification-email.router.ts (1 hunks)
  • apps/api/test/functional/anonymous-user.spec.ts (2 hunks)
  • apps/api/test/functional/api-key.spec.ts (4 hunks)
  • apps/api/test/functional/auditors.spec.ts (1 hunks)
  • apps/api/test/functional/balances.spec.ts (2 hunks)
  • apps/api/test/functional/bids.spec.ts (3 hunks)
  • apps/api/test/functional/blocks.spec.ts (2 hunks)
  • apps/api/test/functional/dashboard-data.spec.ts (1 hunks)
  • apps/api/test/functional/deployment-setting.spec.ts (3 hunks)
  • apps/api/test/functional/deployments.spec.ts (10 hunks)
  • apps/api/test/functional/graph-data.spec.ts (1 hunks)
  • apps/api/test/functional/lease-flow.spec.ts (10 hunks)
  • apps/api/test/functional/leases-duration.spec.ts (1 hunks)
  • apps/api/test/functional/market-data.spec.ts (2 hunks)
  • apps/api/test/functional/provider-attributes-schema.spec.ts (1 hunks)
  • apps/api/test/functional/provider-dashboard.spec.ts (2 hunks)
  • apps/api/test/functional/provider-deployments.spec.ts (3 hunks)
  • apps/api/test/functional/provider-graph-data.spec.ts (2 hunks)
  • apps/api/test/functional/provider-regions.spec.ts (1 hunks)
  • apps/api/test/functional/providers.spec.ts (4 hunks)
  • apps/api/test/functional/sign-and-broadcast-tx.spec.ts (1 hunks)
  • apps/api/test/functional/start-trial.spec.ts (1 hunks)
  • apps/api/test/functional/transactions.spec.ts (2 hunks)
  • apps/api/test/functional/usage.spec.ts (3 hunks)
  • apps/api/test/services/wallet-testing.service.ts (3 hunks)
  • apps/indexer/package.json (1 hunks)
  • apps/indexer/src/providers/statusEndpointHandlers/fake-insecure-credentials.ts (1 hunks)
  • apps/indexer/src/providers/statusEndpointHandlers/grpc.ts (1 hunks)
✅ Files skipped from review due to trivial changes (3)
  • apps/api/test/functional/providers.spec.ts
  • apps/indexer/src/providers/statusEndpointHandlers/grpc.ts
  • apps/api/test/functional/balances.spec.ts
🚧 Files skipped from review as they are similar to previous changes (29)
  • apps/api/test/functional/provider-attributes-schema.spec.ts
  • apps/api/src/auth/routes/send-verification-email/send-verification-email.router.ts
  • apps/api/test/functional/start-trial.spec.ts
  • apps/api/package.json
  • .github/workflows/reusable-should-validate.yml
  • .dcignore
  • .github/actions/setup-app-deps/action.yml
  • apps/api/test/functional/provider-regions.spec.ts
  • apps/api/test/functional/dashboard-data.spec.ts
  • apps/indexer/src/providers/statusEndpointHandlers/fake-insecure-credentials.ts
  • apps/api/test/functional/blocks.spec.ts
  • apps/api/test/functional/leases-duration.spec.ts
  • apps/api/test/functional/auditors.spec.ts
  • apps/api/test/functional/anonymous-user.spec.ts
  • apps/api/test/functional/graph-data.spec.ts
  • apps/api/test/functional/transactions.spec.ts
  • apps/api/test/services/wallet-testing.service.ts
  • apps/api/test/functional/market-data.spec.ts
  • apps/indexer/package.json
  • apps/api/test/functional/provider-graph-data.spec.ts
  • apps/api/test/functional/deployment-setting.spec.ts
  • apps/api/test/functional/provider-dashboard.spec.ts
  • apps/api/test/functional/usage.spec.ts
  • apps/api/test/functional/sign-and-broadcast-tx.spec.ts
  • apps/api/test/functional/deployments.spec.ts
  • apps/api/test/functional/bids.spec.ts
  • apps/api/test/functional/lease-flow.spec.ts
  • apps/api/test/functional/api-key.spec.ts
  • apps/api/test/functional/provider-deployments.spec.ts
🧰 Additional context used
🪛 actionlint (1.7.7)
.github/workflows/diff-package-lock.yml

17-17: got unexpected character '+' while lexing expression, expecting 'a'..'z', 'A'..'Z', '_', '0'..'9', ''', '}', '(', ')', '[', ']', '.', '!', '<', '>', '=', '&', '|', '*', ',', ' '

(expression)

🪛 GitHub Actions: GitHub Actions Linting
.github/workflows/diff-package-lock.yml

[error] 17-17: actionlint: got unexpected character '+' while lexing expression at line 17, column 62. Expression 'github.event.pull_request.commits + 10' is invalid.

[error] 21-21: shellcheck: syntax errors in script starting at line 21. Issues include SC1073 (Couldn't parse single quoted string), SC1009 (syntax error in simple command), and SC1072 (Expected end of single quoted string).

⏰ Context from checks skipped due to timeout of 90000ms (9)
  • GitHub Check: codecov/project/provider-proxy
  • GitHub Check: test-provider-proxy-build
  • GitHub Check: validate-notifications
  • GitHub Check: test-provider-console-build
  • GitHub Check: validate-deploy-web
  • GitHub Check: test-deploy-web-build
  • GitHub Check: test-api-build
  • GitHub Check: validate-api
  • GitHub Check: test-indexer-build
🔇 Additional comments (1)
.github/workflows/diff-package-lock.yml (1)

3-9: Correct PR trigger and path filter

The workflow now correctly runs on pull_request against main when package-lock.json changes, ensuring the github.event.pull_request context is available for commenting.

@stalniy stalniy force-pushed the chore/npm-audit-fix branch 4 times, most recently from aa90c69 to 2ef5397 Compare June 24, 2025 03:53
@stalniy stalniy force-pushed the chore/npm-audit-fix branch from 2ef5397 to 951242a Compare June 24, 2025 03:53
@stalniy stalniy mentioned this pull request Jun 24, 2025
Closed
@stalniy stalniy merged commit e00581e into main Jun 24, 2025
34 of 37 checks passed
@stalniy stalniy deleted the chore/npm-audit-fix branch June 24, 2025 12:58
@coderabbitai coderabbitai bot mentioned this pull request Jun 24, 2025
Merged
stalniy added a commit that referenced this pull request Nov 20, 2025
@stalniy
refactor: run npm audit fix to fix security issues (#1529)
545272d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@ygrishajev ygrishajev ygrishajev approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stalniy @ygrishajev

Comments