mintbase-js icon indicating copy to clipboard operation
mintbase-js copied to clipboard
verified publisher icon Mintbase

graphql as Direct Dependency of data Package

Open bh2smith opened this issue 1 year ago • 3 comments

User description

Ideally this resolve the missing peer dependency issue experienced in https://github.com/bh2smith/neareth-tunnel/pull/10

Closes #549

PR Type

enhancement, dependencies

Description

  • Added graphql as a direct dependency to resolve missing peer dependency issues.
  • Updated @mintbase-js/sdk from version 0.6.2 to 0.6.5 to ensure compatibility and access to new features.
  • Introduced several new modules and updated existing ones in package-lock.json.
  • Modified some dependencies from dev to devOptional to optimize the development environment.

Changes walkthrough 📝

Relevant files
Dependencies
package-lock.json
Update dependencies and add `graphql` as a direct dependency

package-lock.json

  • Added graphql as a direct dependency.
  • Updated @mintbase-js/sdk from version 0.6.2 to 0.6.5.
  • Added several new modules and updated existing ones.
  • Changed some dependencies from dev to devOptional.
    		• +353/-15
    package.json
    Add `graphql` as a direct dependency and update SDK           

    packages/data/package.json

  • Added graphql as a direct dependency.
  • Updated @mintbase-js/sdk from version 0.6.2 to 0.6.5.
    		• +2/-1     

    💡 PR-Agent usage: Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

    bh2smith avatar Oct 21 '24 07:10 bh2smith

    PR Reviewer Guide 🔍

    ⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
    🧪 No relevant tests
    🔒 No security concerns identified
    ⚡ Key issues to review

    Deprecated Packages
    Several packages such as @lerna/package, @lerna/project, and @lerna/validation-error are marked as deprecated. Using deprecated packages can lead to future compatibility issues and lack of support. Consider finding alternatives or updating to supported versions.

    Engine Restrictions
    Some packages like @testing-library/dom and its dependencies specify engine versions that could restrict compatibility with certain Node.js versions. Ensure that these engine versions align with your project's Node.js environment to avoid runtime issues.

    Peer Dependencies
    Multiple packages such as write-json-file and its dependencies have been added with peer: true. This could potentially lead to unmet peer dependency issues if the peer packages are not properly managed in the project.

    mintbase-codium-pr-agent[bot] avatar Oct 21 '24 07:10 mintbase-codium-pr-agent[bot]

    PR Code Suggestions ✨

    CategorySuggestion                                                                                                                                    Score
    Security
    Remove deprecated package to avoid potential security risks and lack of support

    Consider removing the dependency on @lerna/package as it is marked as deprecated.
    Using deprecated packages can lead to security vulnerabilities and lack of support
    in the future.

    package-lock.json [4037-4052]

    -"node_modules/@lerna/package": {
-  "version": "6.4.1",
-  "resolved": "https://registry.npmjs.org/@lerna/package/-/package-6.4.1.tgz",
-  "integrity": "sha512-TrOah58RnwS9R8d3+WgFFTu5lqgZs7M+e1dvcRga7oSJeKscqpEK57G0xspvF3ycjfXQwRMmEtwPmpkeEVLMzA==",
-  "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.org/support for more info.",
-  "dev": true,
-  "license": "MIT",
-  "peer": true,
-  "dependencies": {
-    "load-json-file": "^6.2.0",
-    "npm-package-arg": "8.1.1",
-    "write-pkg": "^4.0.0"
-  },
-  "engines": {
-    "node": "^14.15.0 || >=16.0.0"
-  }
-}
+(Remove the entire block related to `@lerna/package`)
    Suggestion importance[1-10]: 9

    Why: Removing a deprecated package like @lerna/package is crucial to avoid potential security vulnerabilities and ensure future support, making this suggestion highly relevant and important.

    		9
    Maintainability
    Remove or replace deprecated package to avoid future compatibility issues

    Consider removing or replacing the @lerna/project package as it is marked as
    deprecated. Continuing to use a deprecated package can lead to future compatibility
    issues.

    package-lock.json [4054-4077]

    -"node_modules/@lerna/project": {
-  "version": "6.4.1",
-  "resolved": "https://registry.npmjs.org/@lerna/project/-/project-6.4.1.tgz",
-  "integrity": "sha512-BPFYr4A0mNZ2jZymlcwwh7PfIC+I6r52xgGtJ4KIrIOB6mVKo9u30dgYJbUQxmSuMRTOnX7PJZttQQzSda4gEg==",
-  "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
-  "dev": true,
-  "license": "MIT",
-  "peer": true,
-  "dependencies": {
-    "@lerna/package": "6.4.1",
-    "@lerna/validation-error": "6.4.1",
-    "cosmiconfig": "^7.0.0",
-    "dedent": "^0.7.0",
-    "dot-prop": "^6.0.1",
-    "glob-parent": "^5.1.1",
-    "globby": "^11.0.2",
-    "js-yaml": "^4.1.0",
-    "load-json-file": "^6.2.0",
-    "npmlog": "^6.0.2",
-    "p-map": "^4.0.0",
-    "resolve-from": "^5.0.0",
-    "write-json-file": "^4.3.0"
-  },
-  "engines": {
-    "node": "^14.15.0 || >=16.0.0"
-  }
-}
+(Remove the entire block related to `@lerna/project`)
    Suggestion importance[1-10]: 9

    Why: Removing or replacing deprecated packages like @lerna/project is essential for maintaining codebase health and avoiding future compatibility issues, making this suggestion highly relevant.

    		9
    Best practice
    Pin the version of graphql to avoid potential inconsistencies due to unexpected updates

    Pin the version of graphql to a specific version rather than using a version range.
    This can help ensure consistent behavior and compatibility in your application.

    packages/data/package.json [26]

    -"graphql": "^16.9.0"
+"graphql": "16.9.0"
    Suggestion importance[1-10]: 8

    Why: Pinning the version of graphql helps prevent unexpected issues due to automatic updates, which is important for maintaining consistent application behavior.

    		8
    Update the Node.js engine version to ensure compatibility with supported versions

    Update the node engine version for @testing-library/dom/node_modules/ansi-styles to
    align with the latest stable Node.js releases, as the current version range may be
    too broad and include unsupported versions.

    package-lock.json [7804-7816]

     "node_modules/@testing-library/dom/node_modules/ansi-styles": {
   "version": "4.3.0",
   "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
   "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
   "dev": true,
   "license": "MIT",
   "peer": true,
   "dependencies": {
     "color-convert": "^2.0.1"
   },
   "engines": {
-    "node": ">=8"
+    "node": ">=12"
   },
   "funding": {
     "url": "https://github.com/chalk/ansi-styles?sponsor=1"
   }
 }
    Suggestion importance[1-10]: 7

    Why: Updating the Node.js engine version to a more recent and stable version range is a good practice to ensure compatibility and support, although it is not critical.

    		7

    mintbase-codium-pr-agent[bot] avatar Oct 21 '24 07:10 mintbase-codium-pr-agent[bot]

    did this solved the issue?

    Unfortunately it did not... 😢

    bh2smith avatar Oct 21 '24 09:10 bh2smith