Fix pnpm audit vulnerabilities: upgrade uuid and parity checks

[leynos]

Summary

• Fix vulnerabilities identified by pnpm audit by upgrading uuid to 14.0.0
• Ensure dependency overrides parity checks include uuid
• Improve test resilience and error messages to reflect updated dependencies

Changes

Dependency management

• package.json: add uuid override to 14.0.0
• pnpm-lock.yaml: upgrade uuid to 14.0.0
• scripts/check-overrides-parity.mjs: include 'uuid' in OVERRIDES_TO_CHECK

Tests & test infrastructure

• backend/src/tests.rs: improve error handling in test setup and server lifecycle
• crates/example-data/src/generator.rs: adjust seed handling and error messaging in tests
• crates/example-data/src/seed_registry_cli/tests.rs: strengthen error reporting and file handling in tests

Other

• Align test utilities and error messaging with updated dependency versions

Verification plan

• Run pnpm install to refresh lockfile and ensure uuid 14.0.0 is used
• Run cargo test (workspace) to validate backend and related tests
• Run the overrides parity check script to ensure uuid is included in parity checks (e.g., node scripts/check-overrides-parity.mjs or the project's npm script)

Risk assessment

• Upgrading uuid is non-breaking for user-facing APIs; tests and internal helpers updated to reflect new versions and potential minor changes in error handling. No public API changes expected.

◳ Generated by DevBoxer ◰

---

ℹ️ Tag @devboxerhub to ask questions and address PR feedback

📎 Task: https://www.devboxer.com/task/7a2fa7be-27ca-4bc3-8855-6dbde9c4f45f

Summary by Sourcery

Update dependency overrides for uuid and improve error reporting and robustness in test utilities.

Bug Fixes:

• Override uuid to a secure 14.0.0 release to address audit-reported vulnerabilities.

Enhancements:

• Improve backend server and metrics tests with explicit error context instead of generic expects.
• Tighten example data generator tests by surfacing detailed errors when seeds or user generation fail.
• Strengthen seed registry CLI tests with clearer failure messages and safer temp file handling.

Build:

• Ensure overrides parity checking script validates uuid is consistently overridden across tooling.

[coderabbitai]

Warning

Rate limit exceeded

@leynos has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 48 seconds before requesting another review.

Your PR has hit rate limit. Contact your admin to purchase credits for running PR reviews or try again in 3 minutes and 48 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 49bcae68-cd9d-44f0-a6e5-4822a7902592

📥 Commits

Reviewing files that changed from the base of the PR and between 70def9b and b3b612c.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• backend/src/tests.rs
• crates/example-data/src/generator.rs
• crates/example-data/src/seed_registry_cli/tests.rs
• package.json
• scripts/check-overrides-parity.mjs

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/fix-audit-uuid-override

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Reviewer's Guide

Updates dependency overrides to force uuid 14.0.0 across the project and strengthens Rust test code to provide clearer, more resilient error reporting around server startup, metrics, and seed registry/example data generation.

Sequence diagram for Rust test execution with detailed error reporting

sequenceDiagram
    actor Dev
    participant TestRunner
    participant TestsModule as tests
    participant SeedRegistry
    participant Generator as generate_example_users

    Dev->>TestRunner: run cargo test
    TestRunner->>TestsModule: execute test using test_registry fixture
    TestsModule->>SeedRegistry: from_json(TEST_REGISTRY_JSON)
    alt from_json returns Ok
        SeedRegistry-->>TestsModule: registry
    else from_json returns Err(error)
        TestsModule-->>TestRunner: panic valid test registry: {error}
        TestRunner-->>Dev: report panic
    end

    TestsModule->>TestsModule: assert_all_users(registry, seed_name, predicate)
    TestsModule->>SeedRegistry: find_seed(seed_name)
    alt find_seed returns Ok
        SeedRegistry-->>TestsModule: seed_def
    else find_seed returns Err(error)
        TestsModule-->>TestRunner: panic seed should be found: {error}
        TestRunner-->>Dev: report panic
    end

    TestsModule->>Generator: generate_example_users(registry, seed_def)
    alt generate_example_users returns Ok
        Generator-->>TestsModule: users
    else generate_example_users returns Err(error)
        TestsModule-->>TestRunner: panic generation should succeed: {error}
        TestRunner-->>Dev: report panic
    end

    loop for each user in users
        TestsModule->>TestsModule: assert predicate(user)
        alt predicate is false
            TestsModule-->>TestRunner: panic Predicate failed for user: {user:?}
            TestRunner-->>Dev: report panic
        end
    end

    TestsModule-->>TestRunner: test success
    TestRunner-->>Dev: all assertions passed

Loading

File-Level Changes

Change	Details	Files
Enforce uuid@14.0.0 via JavaScript/Node dependency overrides and ensure parity checks cover it.	Add uuid 14.0.0 to top-level package.json overrides to ensure vulnerable versions are not installed Add uuid 14.0.0 to pnpm.overrides in package.json for pnpm-specific resolution control Extend the overrides parity check script to include uuid so discrepancies are caught in CI	package.json scripts/check-overrides-parity.mjs
Improve backend server and metrics tests with explicit error propagation and timeout handling.	Wrap PrometheusMetricsBuilder::build in match to panic with the underlying error when metrics construction fails Wrap create_server invocations in match to surface server build errors rather than generic expects Replace chained expects on timeout and join handles with explicit matches that include detailed panic messages for timeouts, panics, and IO errors	backend/src/tests.rs
Harden seed registry CLI tests by making temp file, directory, and registry loading failures explicit and debuggable.	Replace expect-based error handling with matches that panic including the concrete error for opening registry dirs and loading registries Handle missing registry file names explicitly via pattern matching instead of unwrapping Options Ensure cleanup_path errors in the Drop implementation cause panics with detailed messages Make write_registry use match/if-let patterns so temp path creation, directory opening, and file writing failures report their underlying errors	crates/example-data/src/seed_registry_cli/tests.rs
Make example-data generator tests’ seed lookup and user generation failures more diagnosable.	Replace expect calls on SeedRegistry::from_json with matches that include the parse error in panic messages Replace expect-based handling of find_seed and generate_example_users with matches that surface underlying errors Keep regression tests deterministic while improving failure messaging for predicates over generated users	crates/example-data/src/generator.rs
Update pnpm lockfile to resolve uuid to 14.0.0 consistently.	Refresh pnpm-lock.yaml so that all uuid consumers resolve to version 14.0.0 in line with overrides and audit fixes	pnpm-lock.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• The repeated match/if let Err(error) patterns in tests that just panic with a contextual message could be extracted into a small helper (e.g. unwrap_or_panic_with_ctx) to reduce boilerplate and keep the intent clearer.
• In the seed registry CLI tests, consider including the relevant path in panic messages (e.g. when failing to open or clean up a registry directory) so that failures are easier to diagnose when multiple temporary files are involved.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The repeated `match`/`if let Err(error)` patterns in tests that just panic with a contextual message could be extracted into a small helper (e.g. `unwrap_or_panic_with_ctx`) to reduce boilerplate and keep the intent clearer.
- In the seed registry CLI tests, consider including the relevant path in panic messages (e.g. when failing to open or clean up a registry directory) so that failures are easier to diagnose when multiple temporary files are involved.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}