Skip to content

chore: update dependencies #1884

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mfts merged 5 commits into from
Oct 1, 2025
Merged

chore: update dependencies #1884

mfts merged 5 commits into from
Oct 1, 2025

Conversation

@mfts
Copy link
Owner

@mfts mfts commented Sep 24, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Upgraded core dependencies (Next.js ecosystem, AWS SDKs, TipTap, React Email, Tailwind typography, PostHog, Upstash/Redis and other UI/runtime libraries) for stability, compatibility, and security.
  • Refactor
    • Simplified Notion integration and signed-URL handling to streamline external requests while preserving public behavior.
  • Style
    • Fixed a minor user-facing wording typo in the add-document modal.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 24, 2025
edited
Loading

Walkthrough

Upgrades many dependencies in package.json. Removes a custom kyOptions beforeRequest hook when instantiating NotionAPI and updates addSignedUrls to drop the kyOptions parameter and no longer forward it to notion.getSignedFileUrls.

Changes

Cohort / File(s) Summary
Dependency version updates
package.json		 Bumped many dependencies: AWS SDKs (@aws-sdk/*), Next.js (next, @next/third-parties, eslint-config-next), React Email (@react-email/*), TipTap (@tiptap/*), @tailwindcss/typography, Notion stack (notion-client, notion-utils, react-notion-x), Upstash (@upstash/qstash, @upstash/redis), UI/core libs (lucide-react, motion, nanoid, react-hook-form, resend, shiki), posthog-js, chrono-node, dub, nuqs, and others.
Notion API instantiation change
lib/notion/index.ts		 Removed custom kyOptions with a beforeRequest hook from the NotionAPI constructor; now uses new NotionAPI() with default options (no URL-rewriting hook).
Signed URL helper signature
lib/notion/utils.ts		 Removed kyOptions parameter from addSignedUrls and stopped passing it to notion.getSignedFileUrls; signature now accepts only recordMap and contentBlockIds.
Text correction (UI)
components/documents/add-document-modal.tsx		 Minor copyfix: "the existing links will remain the unchanged." → "the existing links will remain unchanged."

Sequence Diagram(s)

sequenceDiagram
  participant App
  participant NotionAPI
  participant Network

  rect rgb(230,245,255)
  Note over App,NotionAPI: OLD FLOW (with beforeRequest hook)
  App->>NotionAPI: new NotionAPI({ kyOptions: { beforeRequest } })
  App->>NotionAPI: request /api/v3/syncRecordValues
  NotionAPI->>NotionAPI: beforeRequest rewrites URL -> /api/v3/syncRecordValuesMain
  NotionAPI->>Network: request /api/v3/syncRecordValuesMain
  end

  rect rgb(245,255,230)
  Note over App,NotionAPI: NEW FLOW (hook removed)
  App->>NotionAPI: new NotionAPI()
  App->>NotionAPI: request /api/v3/syncRecordValues
  NotionAPI->>Network: request /api/v3/syncRecordValues
  end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The pull request’s title “chore: update dependencies” succinctly and accurately reflects the primary effort of upgrading various package versions across the project, providing clear context without extraneous details.
✨ Finishing touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch chore/update-deps
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2672de7 and cb9c1cc.

📒 Files selected for processing (1)
  • components/documents/add-document-modal.tsx (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • components/documents/add-document-modal.tsx
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Vercel Agent Review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@vercel
Copy link

vercel bot commented Sep 24, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
papermark Ready Ready Preview Comment Oct 1, 2025 8:11am

@socket-security
Copy link

socket-security bot commented Sep 24, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedeslint-config-next@​14.2.32 ⏵ 14.2.33991006598100
Updated@​next/​third-parties@​15.5.2 ⏵ 15.5.4100 +110082 +299 +1100
Updated@​react-email/​components@​0.5.3 ⏵ 0.5.599 +110083 +298 +1100
Updated@​react-email/​render@​1.2.3 ⏵ 1.3.1100 +11008397 +2100
Updated@​aws-sdk/​lib-storage@​3.886.0 ⏵ 3.900.099 +110085 +297 +1100
Updatedchrono-node@​2.8.4 ⏵ 2.9.0100 +110010090 -1100
Updated@​aws-sdk/​cloudfront-signer@​3.873.0 ⏵ 3.893.0100 +110010094 +2100
Updated@​aws-sdk/​client-lambda@​3.886.0 ⏵ 3.899.098 +110010097 +1100
Updated@​aws-sdk/​client-s3@​3.886.0 ⏵ 3.899.098 +110010097 +1100
Updated@​aws-sdk/​s3-request-presigner@​3.886.0 ⏵ 3.899.0100 +110010097 +1100
Updated@​tailwindcss/​typography@​0.5.16 ⏵ 0.5.19100 +1100100 +198100
Updated@​upstash/​qstash@​2.8.2 ⏵ 2.8.399 +110010098 +2100
Updated@​upstash/​redis@​1.35.3 ⏵ 1.35.499 +110010098 -1100
Updated@​react-email/​preview-server@​4.2.11 ⏵ 4.2.12100 +3100100 +16100 +4100
Updated@​tiptap/​extension-placeholder@​3.4.2 ⏵ 3.6.2100 +1100100 +34100 +2100
Updated@​tiptap/​extension-image@​3.4.2 ⏵ 3.6.2100 +1100100 +28100 +2100
Updated@​tiptap/​react@​3.4.2 ⏵ 3.6.2100 +2100100 +24100 +2100
Updated@​tiptap/​starter-kit@​3.4.2 ⏵ 3.6.2100 +3100100 +27100 +2100
Updateddub@​0.66.3 ⏵ 0.66.5100 +2100100 +1100 +5100

View full report

coderabbitai[bot]
coderabbitai bot reviewed Sep 24, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
package.json (2)

23-27: Align AWS SDK minor versions to reduce duplication

All AWS SDK v3 deps are on 3.895.0 except cloudfront-signer (3.893.0). Align to the same minor to help dedupe and avoid subtle transitive mismatches.

Apply this diff:

-    "@aws-sdk/cloudfront-signer": "^3.893.0",
+    "@aws-sdk/cloudfront-signer": "^3.895.0",

166-166: Align @types/node with engines for fewer type/runtime mismatches

Engines target Node >=18.18, but @types/node is 22.x. Using Node 22 types can expose APIs not available in Node 18 environments.

Recommend pinning to Node 18 LTS types:

-    "@types/node": "^22.13.5",
+    "@types/node": "^18.19.0",

Also applies to: 5-7

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4da25b3 and b7efd7e.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json (4 hunks)
🔇 Additional comments (4)
package.json (4)

117-117: No change required — keep postcss as ^8.5.6 npm shows 8.5.6 is published and is the latest 8.x, which satisfies Tailwind 3.4's PostCSS 8.x requirement.

37-37: Resolved — @next/[email protected] is compatible with Next 14; no change required

PeerDependencies for @next/third-parties allow next: ^13 || ^14 || ^15 (published package metadata), so using @next/third-parties ^15.5.4 with [email protected] is supported.

22-153: Regenerate lockfile and run dependency dedupe

package-lock.json exists; after these dependency bumps regenerate the lockfile (npm install / npm ci) and run your package manager's dedupe (npm dedupe, pnpm dedupe, or yarn-deduplicate) to remove duplicate minor copies (esp. AWS SDK). Commit the updated lockfile.

107-107: Verified — no CommonJS requires or default imports of nanoid found

All direct imports use named ESM imports (import { nanoid } / { customAlphabet }) — found in: components/chat/chat.tsx, lib/year-in-review/send-emails.ts, lib/utils.ts, lib/integrations/slack/install.ts.

coderabbitai[bot]
coderabbitai bot reviewed Sep 25, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
lib/notion/utils.ts (2)

57-66: Make signed URL assignment resilient to count mismatches

Avoid dropping all mappings when the API returns fewer items; map what you have and warn on mismatch.

-      if (signedUrls.length === allFileInstances.length) {
-        for (const [i, file] of allFileInstances.entries()) {
-          const signedUrl = signedUrls[i];
-          if (!signedUrl) continue;
-
-          const blockId = file.permissionRecord.id;
-          if (!blockId) continue;
-
-          recordMap.signed_urls[blockId] = signedUrl;
-        }
-      }
+      if (signedUrls.length !== allFileInstances.length) {
+        console.warn("NotionAPI getSignedFileUrls count mismatch", {
+          requested: allFileInstances.length,
+          received: signedUrls.length,
+        });
+      }
+      for (let i = 0; i < Math.min(signedUrls.length, allFileInstances.length); i++) {
+        const file = allFileInstances[i];
+        const signedUrl = signedUrls[i];
+        if (!signedUrl) continue;
+        const blockId = file.permissionRecord.id;
+        if (!blockId) continue;
+        recordMap.signed_urls[blockId] = signedUrl;
+      }

69-69: Typo in log message

Capitalize “File” to match method name for easier grepping.

-      console.warn("NotionAPI getSignedfileUrls error", err);
+      console.warn("NotionAPI getSignedFileUrls error", err);
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b7efd7e and cb5f516.

📒 Files selected for processing (2)
  • lib/notion/index.ts (1 hunks)
  • lib/notion/utils.ts (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Vercel Agent Review
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (2)
lib/notion/index.ts (1)

3-3: Default NotionAPI() instantiation — LGTM; confirm hook removal doesn’t regress

With the beforeRequest ky hook removed, ensure flows that previously depended on URL rewriting (e.g., syncRecordValuesMain) still work with the upgraded notion-client.

If you haven’t already, run the repository scan from my other comment to ensure no stale references remain, and smoke-test getPage/addSignedUrls against a public page in staging.

lib/notion/utils.ts (1)

53-56: Removal of kyOptions parameter confirmed Verified no two-arg getSignedFileUrls calls or kyOptions/beforeRequest usages remain.

coderabbitai[bot]
coderabbitai bot reviewed Oct 1, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cb5f516 and 2672de7.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json (5 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Vercel Agent Review

package.json
Comment on lines +23 to +27
"@aws-sdk/client-lambda": "^3.899.0",
"@aws-sdk/client-s3": "^3.899.0",
"@aws-sdk/cloudfront-signer": "^3.893.0",
"@aws-sdk/lib-storage": "^3.900.0",
"@aws-sdk/s3-request-presigner": "^3.899.0",
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Align S3 client to lib-storage’s peer requirement

@aws-sdk/[email protected] declares a peer dependency on the same @aws-sdk/client-s3 version, so keeping the client at 3.899.0 will throw peer-dependency warnings and has historically broken type-checking/runtime when the versions drift.(app.unpkg.com)

Please bump the S3 client (and the other tightly-coupled AWS SDK packages you touched in the same stanza) to the matching 3.900.0 release:

-    "@aws-sdk/client-lambda": "^3.899.0",
-    "@aws-sdk/client-s3": "^3.899.0",
-    "@aws-sdk/lib-storage": "^3.900.0",
-    "@aws-sdk/s3-request-presigner": "^3.899.0",
+    "@aws-sdk/client-lambda": "^3.900.0",
+    "@aws-sdk/client-s3": "^3.900.0",
+    "@aws-sdk/lib-storage": "^3.900.0",
+    "@aws-sdk/s3-request-presigner": "^3.900.0",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"@aws-sdk/client-lambda": "^3.899.0",
"@aws-sdk/client-s3": "^3.899.0",
"@aws-sdk/cloudfront-signer": "^3.893.0",
"@aws-sdk/lib-storage": "^3.900.0",
"@aws-sdk/s3-request-presigner": "^3.899.0",
"@aws-sdk/client-lambda": "^3.900.0",
"@aws-sdk/client-s3": "^3.900.0",
"@aws-sdk/cloudfront-signer": "^3.893.0",
"@aws-sdk/lib-storage": "^3.900.0",
"@aws-sdk/s3-request-presigner": "^3.900.0",
🤖 Prompt for AI Agents 
package.json lines 23-27: the @aws-sdk packages are version-mismatched with
lib-storage; update the versions so they align. Change "@aws-sdk/client-s3" to
"^3.900.0" and bump the other related AWS SDK packages in the same block
("@aws-sdk/client-lambda", "@aws-sdk/cloudfront-signer",
"@aws-sdk/s3-request-presigner") to "^3.900.0" to match
"@aws-sdk/[email protected]", then run your package manager (npm/yarn/pnpm) to
reinstall and verify typechecks/tests pass.

@mfts mfts merged commit 94839a3 into main Oct 1, 2025
10 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Oct 1, 2025
@mfts mfts deleted the chore/update-deps branch November 19, 2025 11:46
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mfts