Skip to content

#6304 - Release 3.7: Upgrade packages#6312

Open
sh16011993 wants to merge 1 commit into
mainfrom
feature/#6304-release-3.7-upgrade-packages
Open

#6304 - Release 3.7: Upgrade packages#6312
sh16011993 wants to merge 1 commit into
mainfrom
feature/#6304-release-3.7-upgrade-packages

Conversation

@sh16011993

@sh16011993 sh16011993 commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator

As a part of this PR, the following packages were upgraded:

Routine dependency upgrades for the web and backend packages. Applied via npm-check-updates, holding back high-risk majors as noted below. Includes one source fix required by the @types/node v26 bump.

Web package — 8 upgraded

Package From To
@types/node ^25.9.3 ^26.0.1
@vue/eslint-config-typescript ^14.8.0 ^14.9.0
axios ^1.18.0 ^1.18.1
eslint ^10.5.0 ^10.6.0
prettier ^3.8.4 ^3.8.5
uuid ^14.0.0 ^14.0.1
vite ^8.0.16 ^8.1.0
vue ^3.5.38 ^3.5.39

Excluded (web-formio group): @formio/*, bootstrap*, @fortawesome/fontawesome-free.

Backend package — 22 upgraded

Package From To
@aws-sdk/client-s3 ^3.1069.0 ^3.1075.0
@bull-board/api 8.0.0 8.0.1
@bull-board/express 8.0.0 8.0.1
@bull-board/nestjs 8.0.0 8.0.1
@bull-board/ui 8.0.0 8.0.1
@faker-js/faker ^10.4.0 ^10.5.0
@nestjs/typeorm ^11.0.1 ^11.0.3
@types/node ^25.9.3 ^26.0.1
axios ^1.18.0 ^1.18.1
cron-parser ^5.5.0 ^5.6.1
eslint ^10.5.0 ^10.6.0
globals ^17.6.0 ^17.7.0
ioredis ^5.10.1 ^5.11.1
papaparse ^5.5.3 ^5.5.4
pg ^8.21.0 ^8.22.0
prettier ^3.8.4 ^3.8.5
qs ^6.15.2 ^6.15.3
ts-loader ^9.6.0 ^9.6.2
typescript-eslint ^8.61.1 ^8.62.0
unzipper ^0.12.3 ^0.12.5
uuid ^14.0.0 ^14.0.1
webpack ^5.107.2 ^5.108.1

Excluded (held back intentionally): typeorm (0.3.30 → 1.0.0) and redis (5.12.1 → 6.0.1) majors.

Source change required by @types/node v26

@types/node v26 widened the BinaryLike type to include ArrayBuffer, which crypto's Hash.update() does not accept — breaking the build in libs/utilities/src/hash-utils.ts. Fixed by narrowing the hashObjectToHex parameter to string | NodeJS.ArrayBufferView (what update() accepts, and what BinaryLike resolved to before v26). All callers pass string or Buffer, so no caller is affected. Also switched the import to node:crypto to match the codebase convention.

Verification

  • Web: npm run lint (0 errors), npm run build
  • Backend: npm run build ✅; npm run lint shows only pre-existing issues (verified identical error count on pre-upgrade deps)
  • Backend: ran npm audit fix (non-breaking) — resolved 2 advisories via lockfile-only transitive bumps; no package.json changes

Notes

  • Remaining backend npm audit advisories require --force (would churn the NestJS stack across majors) or have no upstream fix; left for a deliberate follow-up.
  • typeorm 1.0.0 and redis 6.0.1 majors deferred to dedicated PRs given their breakage risk.

@sonarqubecloud

Copy link
Copy Markdown

@github-actions

Copy link
Copy Markdown

Backend Unit Tests Coverage Report

Totals Coverage
Statements: 20.08% ( 4760 / 23707 )
Methods: 9.8% ( 282 / 2878 )
Lines: 24.42% ( 4068 / 16661 )
Branches: 9.84% ( 410 / 4168 )

@github-actions

Copy link
Copy Markdown

E2E Workflow Workers Coverage Report

Totals Coverage
Statements: 47.7% ( 2751 / 5767 )
Methods: 37.47% ( 287 / 766 )
Lines: 54.55% ( 2080 / 3813 )
Branches: 32.32% ( 384 / 1188 )

@github-actions

Copy link
Copy Markdown

E2E Queue Consumers Coverage Report

Totals Coverage
Statements: 81.39% ( 9634 / 11837 )
Methods: 81.01% ( 1250 / 1543 )
Lines: 84.68% ( 7211 / 8516 )
Branches: 65.97% ( 1173 / 1778 )

@github-actions

Copy link
Copy Markdown

E2E SIMS API Coverage Report

Totals Coverage
Statements: 69.01% ( 14251 / 20651 )
Methods: 66.51% ( 1694 / 2547 )
Lines: 72.16% ( 10203 / 14140 )
Branches: 59.38% ( 2354 / 3964 )

</body-header>
</template>
<content-group>
<form-submission-items

@weskubo-cgi weskubo-cgi Jun 29, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this change isn't wrong this appears to be an entirely unrelated commit.

@dheepak-aot dheepak-aot left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving the PR, considering that packages were updated to latest version during PR request.

Many of the packages have received recent versions. I am happy to re-review the same PR or a new PR for recently updated versions.

Image Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants