chore(deps): Upgrade some dependencies #37508
Conversation
|
Looks like this PR is ready to merge! 🎉 |
|
WalkthroughRepository-wide dependency and toolchain version bumps across many package.json files and Yarn config. Yarn upgraded from 4.10.3 → 4.11.0; numerous devDependencies (Babel, Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes
Possibly related PRs
Suggested labels
Suggested reviewers
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
tassoevan
force-pushed
the
chore/bump-build-deps
branch
from
1d0524b to
6148431
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## develop #37508 +/- ##
===========================================
- Coverage 68.98% 68.97% -0.01%
===========================================
Files 3358 3358
Lines 114228 114228
Branches 20537 20537
===========================================
- Hits 78796 78787 -9
- Misses 33343 33353 +10
+ Partials 2089 2088 -1
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Jira integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (2)
.yarn/releases/yarn-4.11.0.cjsis excluded by!**/.yarn/**yarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (39)
.yarnrc.yml(1 hunks)apps/meteor/ee/server/services/package.json(1 hunks)apps/meteor/package.json(12 hunks)apps/uikit-playground/package.json(2 hunks)ee/apps/account-service/package.json(1 hunks)ee/apps/authorization-service/package.json(1 hunks)ee/apps/ddp-streamer/package.json(1 hunks)ee/apps/omnichannel-transcript/package.json(1 hunks)ee/apps/presence-service/package.json(1 hunks)ee/apps/queue-worker/package.json(1 hunks)ee/apps/stream-hub-service/package.json(1 hunks)ee/packages/federation-matrix/package.json(1 hunks)ee/packages/pdf-worker/package.json(1 hunks)ee/packages/presence/package.json(1 hunks)ee/packages/ui-theming/package.json(1 hunks)package.json(4 hunks)packages/apps-engine/package.json(1 hunks)packages/base64/package.json(1 hunks)packages/core-services/package.json(1 hunks)packages/core-typings/package.json(1 hunks)packages/eslint-config/package.json(1 hunks)packages/fuselage-ui-kit/package.json(2 hunks)packages/gazzodown/package.json(2 hunks)packages/http-router/package.json(1 hunks)packages/livechat/package.json(3 hunks)packages/message-parser/package.json(2 hunks)packages/mock-providers/package.json(1 hunks)packages/random/package.json(1 hunks)packages/release-action/package.json(1 hunks)packages/sha256/package.json(1 hunks)packages/tracing/package.json(1 hunks)packages/ui-avatar/package.json(2 hunks)packages/ui-client/package.json(2 hunks)packages/ui-composer/package.json(2 hunks)packages/ui-contexts/package.json(1 hunks)packages/ui-kit/package.json(2 hunks)packages/ui-video-conf/package.json(2 hunks)packages/ui-voip/package.json(2 hunks)packages/web-ui-registration/package.json(2 hunks)
🔇 Additional comments (50)
packages/apps-engine/package.json (2)
92-92: Safe patch upgrade for documentation tooling.The typedoc bump from ~0.28.13 to ~0.28.14 is a conservative patch increment for the documentation generation tool. No compatibility concerns expected.
100-100: Esbuild upgrade from 0.25.10→0.25.12 is safe.Based on the release notes, 0.25.11 added bytes import support and CSS media-range lowering, while 0.25.12 fixed a minification regression from the media-query change, updated JavaScript global identifiers, and added @view-transition CSS support. These are backward-compatible features and bug fixes with no reported breaking changes—the upgrade path is stable.
ee/apps/stream-hub-service/package.json (1)
44-44: Type definitions update is safe.The @types/polka patch bump (0.5.7→0.5.8) is a type-definition-only update with no runtime impact. Core polka dependency remains at 0.5.2.
packages/web-ui-registration/package.json (2)
50-50: Verify React types align with runtime.The @types/react bump spans two patch versions (18.3.24→18.3.26). Confirm type definitions are compatible with the runtime React version (~18.3.1) in this package. Check that the tilde ranges don't cause version misalignment during installation.
20-21: Babel and React type dependencies are properly aligned.Verification confirms @babel/core and @babel/preset-env are both at ~7.28.5, maintaining consistency. @types/react 18.3.26 is compatible with React runtime 18.3.1. All updates are devDependencies and pose no runtime risk.
apps/meteor/ee/server/services/package.json (1)
53-53: Type definition updates are compatible.Both @types/cookie-parser (1.4.9→1.4.10) and @types/express (4.17.23→4.17.25) are patch-level updates to type definitions. Core library versions (express, cookie-parser) remain unchanged, so no runtime incompatibilities are expected.
Also applies to: 55-55
ee/apps/queue-worker/package.json (1)
45-45: Type definition patch is safe.The @types/polka update (0.5.7→0.5.8) is a type-definition-only patch. Core polka dependency remains unchanged.
ee/apps/account-service/package.json (1)
47-47: Type definition patch is safe.The @types/polka update (0.5.7→0.5.8) is a type-definition-only patch. Core polka dependency remains at 0.5.2.
ee/apps/presence-service/package.json (1)
43-43: Type definition patch is safe.The @types/polka update (0.5.7→0.5.8) is a type-definition-only patch. Core polka dependency remains at 0.5.2.
packages/ui-video-conf/package.json (1)
24-24: Dependency patch updates look good.The @babel/core and @types/react patch-level updates are routine maintenance within the tilde range constraints and align with project-wide upgrades across multiple packages.
Also applies to: 47-47
ee/apps/omnichannel-transcript/package.json (1)
52-52: Patch-level type definition updates are compatible.The @types/polka and @types/react patches are safely within the declared version ranges and maintain compatibility with their corresponding runtime packages.
Also applies to: 54-54
ee/packages/pdf-worker/package.json (1)
42-42: Type definition patch update is consistent with other packages.The @types/react bump to ~18.3.26 aligns with the coordinated upgrade across the monorepo and remains compatible with react ~18.3.1.
packages/ui-avatar/package.json (1)
6-6: Dependency patches are safely within version constraints.The @babel/core and @types/react patch updates follow the project-wide upgrade pattern and maintain compatibility with pinned runtime dependencies.
Also applies to: 15-15
packages/core-typings/package.json (1)
9-9: Express type definitions patch is within version constraints.The @types/express update to ^4.17.25 is a safe patch-level bump within the declared caret range and does not affect the core-typings package's public API.
packages/ui-contexts/package.json (1)
16-16: Type definition patch maintains compatibility.The @types/react patch to ~18.3.26 aligns with the monorepo-wide upgrade and remains compatible with the react 18.3.1 runtime dependency.
packages/base64/package.json (1)
17-18: Babel package patches are routine maintenance.The @babel/core and @babel/preset-env patch updates are safe tilde-range bumps and consistent with broader toolchain upgrades across the codebase.
.yarnrc.yml (1)
15-15: No action required—yarn 4.11.0 upgrade is safe.Yarn v4.11.0 contains no breaking changes, with only backward-compatible improvements and bug fixes. The version bump is safe to proceed.
packages/random/package.json (1)
19-20: Consistent with Babel 7.28.5 upgrades across the monorepo.These patch-level bumps mirror the updates in other packages. No additional concerns for this package.
packages/tracing/package.json (1)
9-9: Consistent ts-jest patch bump.This aligns with other packages in the monorepo also upgrading to ts-jest 29.4.5.
packages/mock-providers/package.json (1)
22-22: @types/react patch bump aligns with React 18.3.1.Consistent with other packages in the monorepo. No concerns detected.
packages/gazzodown/package.json (2)
31-31: Babel and React types updates consistent with monorepo.These align with coordinated upgrades across other packages. No additional concerns.
Also applies to: 60-60
66-66: KaTeX 0.16.25 and eslint-plugin-anti-trojan-source 1.1.2 are compatible with no regressions identified.KaTeX 0.16.25's sole feature addition is a katex-swap.css variant with font-display: swap, introducing no breaking changes. Intermediate patch versions (0.16.24, 0.16.23) made incremental improvements (hex color alpha support) with no API disruptions. The patch bump from 0.16.22→0.16.25 is safe.
eslint-plugin-anti-trojan-source 1.1.2 is a static analysis linting tool that does not interact with KaTeX at runtime—it detects Unicode bidirectional characters in source code. No compatibility concerns exist between these dependencies.
packages/ui-composer/package.json (1)
23-23: ---@types/react 18.3.26 is compatible with React 18.3.1 — approved.
@types/react 18.3.26 is compatible with React 18.3.1 as they share the same major/minor (18.3.x). Using a later patch of @types in the same minor series is standard and safe.
packages/release-action/package.json (1)
11-11: Yarn 4.11.0 update is safe; no breaking changes.Yarn 4.11.0 (released 2025-11-07) contains no breaking changes. The minor version bump from 4.10.3 to 4.11.0 includes only incremental improvements to workspaces and PnP functionality. The update is verified as stable.
packages/sha256/package.json (1)
18-19: Babel 7.28.5 is stable and safe to use.The v7.28.5 release (October 23, 2025) includes parser/spec compliance updates and bug fixes across plugins with no known security vulnerabilities. The patch-level version bumps are safe within the tilde range and represent standard dependency maintenance.
packages/http-router/package.json (1)
9-9: Type and test tooling updates are compatible.@types/express 4.17.25 is compatible with Express 4.21.2, and ts-jest 29.4.5 is a patch release published Oct 10, 2025 with a bug fix for filtering diagnostic messages. Both are safe devDependency updates.
ee/apps/ddp-streamer/package.json (1)
52-52: Patch update to TypeScript definitions is safe and consistent.The @types/polka bump from 0.5.7 to 0.5.8 is a low-risk patch-level TypeScript definition update. This aligns with the same update pattern across other packages in the monorepo.
Verify that all packages depending on polka have been updated consistently (especially other microservices in ee/apps/*).
packages/livechat/package.json (3)
47-47: React type definitions updated within patch range.The @types/react update from ~18.3.24 to ~18.3.26 is a patch-level bump and should be fully backward compatible. Aligns with updates in other UI packages.
81-81: sass-loader patch update for CSS preprocessing.The sass-loader bump from ~16.0.5 to ~16.0.6 is a patch-level update. Verify compatibility with your current webpack and Sass setup.
Confirm that sass-loader 16.0.6 is compatible with webpack ~5.99.9 and sass ~1.80.7 listed in the same file.
28-30: Babel version bump verified as safe — no breaking changes.Babel 7.28.5 contains spec-compliance updates and bug fixes but does not introduce breaking changes relative to 7.28.3 and 7.28.4. The consistent updates to @babel/core, @babel/eslint-parser, and @babel/preset-env across the monorepo are safe to proceed.
packages/message-parser/package.json (2)
51-53: Babel versions synchronized across build toolchain.Babel packages updated to ~7.28.5 in alignment with the monorepo-wide upgrade pattern observed in other packages.
70-70: TypeDoc documentation tool minor patch update.The typedoc bump from ~0.28.13 to ~0.28.14 is a patch-level update. Verify that documentation generation still works as expected.
If documentation is generated in CI, run the docs build to confirm no regressions in generated output.
packages/ui-kit/package.json (2)
38-41: Babel toolchain consistently updated.Babel packages updated to ~7.28.5, aligning with the monorepo-wide pattern.
52-52: Jest type integration updated to patch level.The ts-jest bump from ~29.4.4 to ~29.4.5 is a patch-level update for TypeScript–Jest integration. Verify compatibility with jest ~30.2.0 in the same file.
Confirm ts-jest 29.4.5 compatibility with Jest 30.2.0. Run unit tests to ensure TypeScript compilation during testing still works as expected.
ee/apps/authorization-service/package.json (1)
43-43: TypeScript polka types consistently bumped across services.The @types/polka update to ^0.5.8 matches the same upgrade in ee/apps/ddp-streamer/package.json, indicating coordinated updates across microservices. This patch-level update is low-risk.
packages/core-services/package.json (1)
6-7: Core services Babel toolchain updated to monorepo version.The @babel/core and @babel/preset-env updates to ~7.28.5 align with the coordinated upgrade across the monorepo.
ee/packages/presence/package.json (1)
6-7: Presence package Babel dependencies synchronized with monorepo.The @babel/core and @babel/preset-env updates to ~7.28.5 maintain consistency with the coordinated monorepo-wide upgrade.
ee/packages/ui-theming/package.json (2)
14-14: React type definitions updated consistently with other UI packages.The @types/react bump from ~18.3.24 to ~18.3.26 aligns with updates in packages/livechat and other UI packages in this PR.
17-17: Security linting plugin patched for anti-trojan-source detection.The eslint-plugin-anti-trojan-source patch update from ~1.1.1 to ~1.1.2 is a low-risk enhancement to security linting.
packages/ui-client/package.json (1)
21-21: Coordinated dependency patch updates look good.The patch-level bumps to @babel/core, @types/react, and eslint-plugin-anti-trojan-source are consistent with ecosystem-wide updates and carry minimal breaking-change risk when tilde-locked.
Please confirm these package versions have been tested and are free of known security advisories.
Also applies to: 43-43, 46-46
packages/ui-voip/package.json (1)
29-29: Consistent with coordinated ecosystem updates.Also applies to: 62-62
packages/eslint-config/package.json (1)
6-7: Appropriate dependency placement for shared config package.As a shared ESLint configuration, having @babel/core and @babel/eslint-parser in
dependencies(rather than devDependencies) is correct for consumers that rely on this config. Patch updates are safe.Also applies to: 15-15
packages/fuselage-ui-kit/package.json (1)
48-49: Babel package alignment update approved.Aligning @babel/preset-env with @babel/core to ~7.28.5 is a good practice for maintaining consistency across the Babel toolchain.
Also applies to: 80-80
apps/uikit-playground/package.json (1)
18-18: Mixed patch and minor dependency updates with appropriate version constraints.All updates use caret or tilde locking to manage minor/patch changes safely. Internal Rocket.Chat packages (@rocket.chat/fuselage-toastbar) use consistent patch/minor versioning.
Also applies to: 24-24, 49-49, 57-57
package.json (3)
46-46: Coordinated yarn version enforcement across engines, packageManager, and volta.Updating yarn consistently across lines 46, 49, and 59 ensures all tooling aligns on 4.11.0. This coordinated approach prevents version mismatches in the monorepo.
Verify that yarn 4.11.0 is stable and compatible with Node 22.16.0, and confirm it has been tested with the monorepo workflow.
Also applies to: 49-49, 59-59
25-25: Turbo minor version bump.The patch-to-minor bump (2.5.8 → 2.6.1) is typical for build tool updates. Ensure the monorepo build scripts have been tested with this version.
85-85: Transitive type dependency update in resolutions.The @types/stream-buffers patch bump in resolutions ensures consistent types across the workspace. Low-risk update.
apps/meteor/package.json (3)
65-67: Consistent Babel toolchain alignment.@babel/core, @babel/eslint-parser, and @babel/preset-env updates to ~7.28.5 maintain the coordinated Babel version across the entire project.
89-107: TypeScript definitions updated consistently.Patch/minor bumps to @types/archiver, @types/codemirror, @types/express, @types/nodemailer, @types/react (~18.3.26), and @types/meteor are consistent with ecosystem-wide updates. These changes maintain type accuracy without breaking changes.
Also applies to: 142-142
175-175: Runtime and tooling dependency updates across diverse packages.Updates to eslint-plugin-anti-trojan-source, tsx, @datastructures-js/priority-queue, @rocket.chat/fuselage-toastbar, @types/meteor, hono, json-2-csv, katex, and mailparser span devDependencies and runtime dependencies with appropriate version constraints (caret/tilde).
Please verify compatibility of runtime dependencies—particularly hono, json-2-csv, mailparser, and katex—have been tested with the existing codebase for any breaking changes or behavioral differences in these minor/patch updates.
Also applies to: 217-217, 225-225, 261-261, 315-315, 369-369, 382-382, 385-385, 394-394
tassoevan
force-pushed
the
chore/bump-build-deps
branch
from
bec8ffc to
5a7355c
Compare
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
ee/packages/presence/package.json (1)
8-8: Consider aligning @babel/preset-typescript to match @babel/core and @babel/preset-env versions.Currently, @babel/preset-typescript remains at ~7.27.1 while its peer packages are bumped to ~7.28.5. Depending on your compatibility requirements, you may want to update @babel/preset-typescript to a matching 7.28.x version for consistency.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Jira integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (2)
.yarn/releases/yarn-4.11.0.cjsis excluded by!**/.yarn/**yarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (39)
.yarnrc.yml(1 hunks)apps/meteor/ee/server/services/package.json(1 hunks)apps/meteor/package.json(12 hunks)apps/uikit-playground/package.json(2 hunks)ee/apps/account-service/package.json(1 hunks)ee/apps/authorization-service/package.json(1 hunks)ee/apps/ddp-streamer/package.json(1 hunks)ee/apps/omnichannel-transcript/package.json(1 hunks)ee/apps/presence-service/package.json(1 hunks)ee/apps/queue-worker/package.json(1 hunks)ee/apps/stream-hub-service/package.json(1 hunks)ee/packages/federation-matrix/package.json(1 hunks)ee/packages/pdf-worker/package.json(1 hunks)ee/packages/presence/package.json(1 hunks)ee/packages/ui-theming/package.json(1 hunks)package.json(4 hunks)packages/apps-engine/package.json(1 hunks)packages/base64/package.json(1 hunks)packages/core-services/package.json(1 hunks)packages/core-typings/package.json(1 hunks)packages/eslint-config/package.json(1 hunks)packages/fuselage-ui-kit/package.json(2 hunks)packages/gazzodown/package.json(2 hunks)packages/http-router/package.json(1 hunks)packages/livechat/package.json(3 hunks)packages/message-parser/package.json(2 hunks)packages/mock-providers/package.json(1 hunks)packages/random/package.json(1 hunks)packages/release-action/package.json(1 hunks)packages/sha256/package.json(1 hunks)packages/tracing/package.json(1 hunks)packages/ui-avatar/package.json(2 hunks)packages/ui-client/package.json(2 hunks)packages/ui-composer/package.json(2 hunks)packages/ui-contexts/package.json(1 hunks)packages/ui-kit/package.json(2 hunks)packages/ui-video-conf/package.json(2 hunks)packages/ui-voip/package.json(2 hunks)packages/web-ui-registration/package.json(2 hunks)
✅ Files skipped from review due to trivial changes (1)
- ee/apps/ddp-streamer/package.json
🚧 Files skipped from review as they are similar to previous changes (23)
- packages/fuselage-ui-kit/package.json
- packages/http-router/package.json
- .yarnrc.yml
- packages/ui-voip/package.json
- packages/web-ui-registration/package.json
- packages/ui-avatar/package.json
- packages/sha256/package.json
- ee/packages/federation-matrix/package.json
- packages/core-typings/package.json
- packages/ui-kit/package.json
- packages/message-parser/package.json
- packages/core-services/package.json
- ee/apps/queue-worker/package.json
- packages/ui-video-conf/package.json
- packages/random/package.json
- packages/tracing/package.json
- packages/eslint-config/package.json
- apps/uikit-playground/package.json
- packages/ui-client/package.json
- ee/apps/omnichannel-transcript/package.json
- ee/apps/presence-service/package.json
- ee/apps/authorization-service/package.json
- package.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: 📦 Build Packages
- GitHub Check: CodeQL-Build
- GitHub Check: CodeQL-Build
🔇 Additional comments (22)
packages/base64/package.json (1)
17-18: Dependency updates look good.These are straightforward patch and minor version bumps for dev dependencies, aligned with the broader repo-wide Babel tooling updates. Tilde ranges allow safe incremental updates within the same major version.
ee/packages/presence/package.json (1)
6-7: Babel version bumps look appropriate.The target versions (@babel/core 7.28.5 and @babel/preset-env 7.28.5) are recent and valid. CVE-2025-27789 affects Babel versions prior to 7.26.10, so these updates are well above that threshold and safe from that known vulnerability. The coordinated bump to the same patch level (7.28.5) across both packages is good practice.
ee/packages/pdf-worker/package.json (1)
42-42: Approve the @types/react patch version bump; flag inadequate PR documentation.The version bump from ~18.3.24 to ~18.3.26 is safe—it's a patch-level change within the tilde range that should not introduce breaking changes. Patch releases for type definitions typically include only type-definition fixes, not breaking API changes.
However, the PR description is empty (contains only the template), which makes it difficult to track the rationale, scope, and testing of this dependency upgrade. Dependency bumps—especially across multiple packages—should include clear documentation of what changed, why, and how it was validated.
Guidance:
Update the PR description with a meaningful summary:
- List all packages receiving @types/react updates and their version ranges.
- Explain the upgrade rationale (e.g., bug fixes, type improvements).
- Confirm whether this upgrade was tested locally (linting, typecheck, tests).
Verify integration:
- Ensure all type-checking, linting, and test suites pass across the monorepo before merge.
- Confirm no local conflicts in pdf-worker's use of React types (e.g., no deprecated type patterns).
apps/meteor/ee/server/services/package.json (1)
53-53: Verify type definition versions align with runtime packages.Both @types/express and @types/cookie-parser have been bumped to versions aligned with apps/meteor/package.json. However, ensure these type definition versions match the corresponding runtime packages in the dependencies section:
- express ^4.21.2 (runtime)
- cookie-parser ^1.4.7 (runtime)
Type definitions should be compatible with these versions. Patch/minor bumps in type definitions are generally safe, but verify that no breaking changes were introduced in these specific version ranges.
Also applies to: 55-55
apps/meteor/package.json (6)
65-67: Verify Babel toolchain version consistency.The Babel ecosystem updates (@babel/core, @babel/eslint-parser, @babel/preset-env) are all pinned to ~7.28.5, which restricts to the 7.28.x range. Verify that:
- This version is compatible with @babel/runtime ~7.28.4 (line 222)
- No known breaking changes exist in the 7.28.x release line
- All Babel-related packages work together without conflicts
142-142: Verify @types/react compatibility with runtime React version.@types/react has been updated to ~18.3.26. Confirm this is compatible with the react runtime dependency at line 426 (react ~18.3.1). Type definitions should match the major.minor version of the runtime package.
225-225: Verify @datastructures-js/priority-queue breaking changes.@datastructures-js/priority-queue has been bumped to ^6.3.5. The caret prefix allows updates up to 7.x.x, which may introduce breaking changes. Confirm there are no incompatibilities with this version upgrade, particularly around the priority queue API surface if used internally.
258-258: Verify @rocket.chat/fuselage- internal package compatibility.*Internal packages @rocket.chat/fuselage-forms (~0.1.1) and @rocket.chat/fuselage-toastbar (^0.35.1) have been updated. Ensure these workspace-internal package updates are compatible with their consumers and no API breaking changes affect dependent code in the meteor app.
Also applies to: 261-261
369-369: Verify runtime dependency breaking changes.Several runtime dependencies with looser version constraints have been updated:
- hono ^4.10.6 (caret allows 5.x.x - major version bumps possible)
- json-2-csv ^5.5.10 (caret allows 6.x.x - major version bumps possible)
- katex ~0.16.25 (tilde restricts to 0.16.x)
- mailparser ~3.7.5 (tilde restricts to 3.7.x)
The hono and json-2-csv versions with caret ranges may resolve to major versions with breaking changes. Verify these packages don't introduce breaking API changes that affect the Meteor app's usage.
Also applies to: 382-382, 385-385, 394-394
315-315: Verify @types/meteor version compatibility.@types/meteor has been updated to ^2.9.10. Ensure the Meteor version used in the project is compatible with these type definitions. Type stubs for Meteor are critical for runtime behavior; verify no breaking changes in type definitions affect existing code.
ee/apps/account-service/package.json (1)
47-47: Patch version bump for @types/polka is safe.The update from ^0.5.7 to ^0.5.8 is a patch-level bump of TypeScript type definitions. No compatibility concerns.
packages/mock-providers/package.json (1)
22-22: Patch version bump for @types/react is consistent with monorepo-wide update.The update from ~18.3.24 to ~18.3.26 is a patch-level bump aligned with similar updates across other packages. No compatibility concerns.
packages/gazzodown/package.json (1)
31-31: All dependency patches are within safe ranges.Babel, React types, ESLint plugin, and KaTeX all receive patch-level updates (no breaking changes). These align with monorepo-wide coordination and are safe.
Also applies to: 60-60, 66-66, 73-73
ee/apps/stream-hub-service/package.json (1)
44-44: Patch version bump for @types/polka is safe and consistent.The update from ^0.5.7 to ^0.5.8 mirrors similar updates across other EE services. No compatibility concerns.
packages/release-action/package.json (1)
11-11: Verify yarn 4.11.0 compatibility.The yarn package manager is being upgraded from 4.10.3 to 4.11.0 (minor version bump). While this is typically safe, please confirm:
- Yarn 4.11.0 has been tested with the codebase
- No known incompatibilities with Node.js version or existing scripts
- All related yarn configuration files (.yarnrc.yml, root package.json) have been updated consistently
ee/packages/ui-theming/package.json (1)
14-14: Patch updates for React types and ESLint plugin are safe and coordinated.Both @types/react (^18.3.24→^18.3.26) and eslint-plugin-anti-trojan-source (
1.1.1→1.1.2) are patch-level bumps that appear consistently across multiple packages in this PR.Also applies to: 17-17
packages/ui-contexts/package.json (1)
16-16: Patch version bump for @types/react is consistent with monorepo alignment.The update from ~18.3.24 to ~18.3.26 continues the coordinated upgrade of React type definitions across packages. No compatibility concerns.
packages/ui-composer/package.json (2)
23-23: Approve @babel/core patch bump.The bump from ~7.28.4 to ~7.28.5 is confirmed safe—Babel 7.28.5 contains only bug fixes and spec-compliance updates with no breaking changes or reported security vulnerabilities.
43-43: Verify TypeScript compatibility before bumping @types/react to 18.3.26; breaking type changes detected.The bump from ~18.3.24 to ~18.3.26 includes breaking type-only changes that can cause TypeScript errors—specifically removal of implicit children on React.FC, removal/renaming of deprecated types, and other type shape changes.
Before merging:
- Verify TypeScript compilation passes with @types/react@18.3.26
- Check that the codebase doesn't rely on removed/deprecated React types
- If this package is consumed by downstream projects, ensure they can handle the type changes
packages/apps-engine/package.json (2)
92-92: No issues found with typedoc 0.28.14 update.Verification confirms typedoc 0.28.14 exists, contains no security advisories, and includes only new features and bug fixes with no breaking changes. This patch update is safe and follows semantic versioning best practices.
100-100: esbuild 0.25.12 is safe to merge.esbuild v0.25.12 contains no breaking changes and includes bug fixes such as CSS media-query minification regression fix and improved support for the @view-transition CSS rule. Version exists and no security advisories detected. The patch update within the tilde range is compatible with build scripts.
packages/livechat/package.json (1)
28-30: All package versions verified as safe and stable.The npm packages exist and have no known security vulnerabilities:
- Babel 7.28.5: Previous CVEs are fixed in this version
- React types 18.3.26: No reported vulnerabilities
- sass-loader 16.0.6: Bug-fix release with no breaking changes (major changes were in v16.0.0)
These are backwards-compatible patch updates with no security concerns.
📦 Docker Image Size Report📈 Changes
📊 Historical Trend---
config:
theme: "dark"
xyChart:
width: 900
height: 400
---
xychart
title "Image Size Evolution by Service (Last 30 Days + This PR)"
x-axis ["11/15 19:34", "11/15 19:47", "11/15 20:39", "11/15 21:23", "11/15 21:37", "11/15 22:04", "11/15 22:28", "11/16 00:55", "11/16 01:28", "11/17 12:35", "11/17 12:48", "11/17 12:54", "11/17 14:13", "11/17 14:45 (PR)"]
y-axis "Size (GB)" 0 --> 0.5
line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12]
line "omnichannel-transcript-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14]
line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
line "queue-worker-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14]
line "rocketchat" [0.36, 0.36, 0.36, 0.36, 0.36, 0.36, 0.36, 0.36, 0.36, 0.35, 0.35, 0.35, 0.35, 0.36]
line "stream-hub-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
Statistics (last 13 days):
ℹ️ About this reportThis report compares Docker image sizes from this build against the
Updated: Mon, 17 Nov 2025 14:45:16 GMT |
ggazzo
added
the
stat: QA assured
dionisio-bot
bot
added
the
stat: ready to merge
3 participants
Proposed changes (including videos or screenshots)
Issue(s)
Steps to test or reproduce
Further comments
Summary by CodeRabbit