Skip to content

Refresh workspace dependencies#170

Open
niemyjski wants to merge 1 commit into
mainfrom
feature/dependency-refresh-2026-07
Open

Refresh workspace dependencies#170
niemyjski wants to merge 1 commit into
mainfrom
feature/dependency-refresh-2026-07

Conversation

@niemyjski

Copy link
Copy Markdown
Member

Summary

  • refresh SDK build tooling and every example workspace to current compatible releases
  • upgrade the Expo example to SDK 57 / React Native 0.86 and add the React testing peer that was previously missing
  • pin AsyncStorage 2.2 for SDK/Expo compatibility and override vulnerable transitive cookie, PostCSS, and UUID versions

Compatibility decisions

  • retain Babel 7 and TypeScript 6 because the current Expo/Metro and Svelte toolchains do not support their next majors
  • retain Expo-pinned React, AsyncStorage, safe-area, and screens versions; expo install --check passes

Security

  • npm audit before: 21 vulnerabilities (including 1 critical and 2 high)
  • npm audit after: 0 vulnerabilities

Validation

  • npx -y npm@11 ci
  • npm run build
  • npm test (346 tests)
  • npm run lint
  • npm run check --workspace=example/svelte-kit
  • npm ls --depth=0
  • npx expo install --check
  • npx expo export --platform ios
  • node --check example/express/app.js

Copilot AI review requested due to automatic review settings July 12, 2026 18:48

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Refreshes dependency versions across the Exceptionless.JavaScript monorepo (core SDK packages plus example apps) to align on current compatible tooling, reduce known vulnerabilities via overrides, and keep the build/test toolchain consistent across workspaces.

Changes:

  • Bumps esbuild across all SDK packages and updates root allowScripts accordingly.
  • Updates framework/example dependencies (React, Vue, Vite, SvelteKit, Next.js, Expo/RN) and adds the missing @testing-library/dom dependency for the React example.
  • Adds root overrides to pin @react-native-async-storage/async-storage and patch vulnerable transitive dependencies (cookie, postcss, uuid).

Reviewed changes

Copilot reviewed 14 out of 15 changed files in this pull request and generated no comments.

Show a summary per file
File Description
package.json Updates shared dev deps (React/Vitest), updates allowScripts, and adds dependency overrides for security/compatibility pins.
packages/core/package.json Bumps esbuild used for bundling core package outputs.
packages/browser/package.json Bumps esbuild used for bundling browser package outputs.
packages/angularjs/package.json Bumps esbuild used for bundling AngularJS wrapper outputs.
packages/node/package.json Bumps esbuild and updates @types/node for Node package development/build.
packages/react/package.json Updates React type dependencies and bumps esbuild for the React wrapper bundle.
packages/react-native/package.json Pins AsyncStorage dev dependency for Expo/RN compatibility and updates React types.
packages/vue/package.json Bumps esbuild used for bundling Vue wrapper outputs.
example/browser/package.json Updates Vite for the browser sample app.
example/react/package.json Updates React/Vite tooling and adds @testing-library/dom to satisfy testing-library peer requirements.
example/vue/package.json Updates Vue/compiler and Vite for the Vue sample app.
example/svelte-kit/package.json Updates SvelteKit/Svelte/Vite/Vitest versions for the SvelteKit sample app.
example/nextjs/package.json Updates Next.js and aligns React versions for the Next.js sample app.
example/expo/package.json Upgrades Expo SDK and React Native version while keeping Expo-pinned React and AsyncStorage versions.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 19e8d457aa

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread package.json
Comment on lines +39 to +40
"react": "19.2.7",
"react-dom": "19.2.7",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep Expo on the same React version

When running the Expo workspace after npm ci, this root bump creates two React installs: package-lock.json now has root node_modules/react@19.2.7 while example/expo still pins react/react-dom to 19.2.3, so npm nests example/expo/node_modules/react@19.2.3. Because react-native@0.86.0 is hoisted at the root and resolves its React peer from the root, the Expo app code imports a different React copy than the renderer, which can trigger the standard duplicate-React/invalid-hook-call failures. Please update the Expo example's React pins in the same change or avoid changing the root React version independently.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants