Skip to content

chore: upgrade dependencies#435

Merged
bzp2010 merged 3 commits intomainfrom
bzp/chore-upgrade-deps-260422
Apr 22, 2026
Merged

chore: upgrade dependencies#435
bzp2010 merged 3 commits intomainfrom
bzp/chore-upgrade-deps-260422

Conversation

@bzp2010
Copy link
Copy Markdown
Collaborator

@bzp2010 bzp2010 commented Apr 22, 2026
edited by coderabbitai Bot
Loading

Description

Upgrade dependencies.

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible

Summary by CodeRabbit

  • Chores
    • Introduced a global NODE_VERSION env and replaced hardcoded Node versions in release workflows
    • Pinned/updated dev tooling versions (esbuild, Vitest, @nx/esbuild)
    • Updated workspace dependency versions and changed catalogMode to manual
  • Style
    • Reformatted JSON schema arrays for readability (no semantic changes)

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 22, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Updates to CI and dev-tooling: bump Node.js in the release workflow to 24.15.0, replace several catalog-based devDependency entries with explicit semver versions, adjust pnpm workspace catalog entries and mode, and reformat JSON arrays in schema.json without semantic changes.

Changes

Cohort / File(s) Summary
CI / Release workflow
.github/workflows/release.yaml		 Introduce NODE_VERSION env var set to 24.15.0; replace hardcoded 24.12.0 values with ${{ env.NODE_VERSION }} in setup-node inputs and build-step envs.
Package manifests
package.json, pnpm-workspace.yaml		 Replace catalog refs with explicit versions: @nx/esbuild22.6.3, @vitest/coverage-v8^4.1.2, @vitest/ui^4.1.2, esbuild^0.28.0. Update pnpm catalog: remove some pins, bump axios1.15.1, datum-diff1.0.4, js-yaml^4.1.1, lodash-es^4.18.1, semver^7.7.4, set catalogMode to manual.
Schema formatting
schema.json		 Reformatted array literals (enum, default, required) from single-line to multi-line style only; no value or semantic changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Suggested reviewers

  • juzhiyuan
  • LiteSun
  • guoqqqi
🚥 Pre-merge checks | ✅ 6
✅ Passed checks (6 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'chore: upgrade dependencies' directly matches the PR's main objective of upgrading multiple dependencies across workflow, package configuration, and dependency catalog files.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
E2e Test Quality Review ✅ Passed PR is a dependency upgrade with no functional code, business logic, or test file changes, making E2E test review criteria inapplicable.
Security Check ✅ Passed Security review of dependency upgrade PR found no credential exposure, database secrets, authorization bypass, cross-resource access issues, TLS/cryptographic errors, resource isolation problems, or unresolved secret references in the configuration and workflow file changes.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch bzp/chore-upgrade-deps-260422

Comment @coderabbitai help to get the list of available commands and usage tips.

@bzp2010 bzp2010 added the test/apisix-standalone Trigger the APISIX standalone test on the PR label Apr 22, 2026
coderabbitai[bot]
coderabbitai Bot reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/release.yaml (1)

17-21: Deduplicate Node version to a single workflow-level variable.

This avoids future version skew between setup and build env blocks.

♻️ Suggested refactor 
 name: Release
+env:
+  NODE_VERSION: "24.15.0"
 on:
   push:
@@
       - uses: actions/setup-node@v6
         with:
-          node-version: "24.15.0"
+          node-version: "${{ env.NODE_VERSION }}"
@@
       - name: Build ADC
         env:
-          NODE_VERSION: "24.15.0"
+          NODE_VERSION: "${{ env.NODE_VERSION }}"
@@
       - uses: actions/setup-node@v4
         with:
-          node-version: "24.15.0"
+          node-version: "${{ env.NODE_VERSION }}"
@@
       - name: Build ADC
         env:
-          NODE_VERSION: "24.15.0"
+          NODE_VERSION: "${{ env.NODE_VERSION }}"

Also applies to: 65-69

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yaml around lines 17 - 21, Define a single
workflow-level variable for the Node version and reference it everywhere instead
of hardcoding "24.15.0"; for example add an env entry like NODE_VERSION at the
top-level and replace both occurrences of node-version: "24.15.0" (used with
pnpm/action-setup@v4) and the NODE_VERSION value inside the Build ADC step (and
the other similar block around lines 65-69) with references to that top-level
variable (e.g. use the workflow env variable via ${{ env.NODE_VERSION }}),
ensuring all steps consistently use the same identifier.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/release.yaml:
- Around line 17-21: Define a single workflow-level variable for the Node
version and reference it everywhere instead of hardcoding "24.15.0"; for example
add an env entry like NODE_VERSION at the top-level and replace both occurrences
of node-version: "24.15.0" (used with pnpm/action-setup@v4) and the NODE_VERSION
value inside the Build ADC step (and the other similar block around lines 65-69)
with references to that top-level variable (e.g. use the workflow env variable
via ${{ env.NODE_VERSION }}), ensuring all steps consistently use the same
identifier.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6b5508c1-0e90-4c0b-ba10-e39ee82dcaaa

📥 Commits

Reviewing files that changed from the base of the PR and between 68334ff and ce7cb6c.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (4)
  • .github/workflows/release.yaml
  • package.json
  • pnpm-workspace.yaml
  • schema.json

coderabbitai[bot]
coderabbitai Bot reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/release.yaml (1)

65-71: Align action major versions between jobs to avoid cross-platform release differences.

The adc-macos job uses actions/setup-node@v4 and pnpm/action-setup@v2, while the adc job uses v6 and v4 respectively. These should be kept in sync.

Proposed alignment 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
...
-      - uses: pnpm/action-setup@v2
+      - uses: pnpm/action-setup@v4
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yaml around lines 65 - 71, The workflow uses
mismatched action major versions between jobs (adc-macos uses
actions/setup-node@v4 and pnpm/action-setup@v2 while adc uses
actions/setup-node@v6 and pnpm/action-setup@v4); update the adc-macos job to use
the same major versions as the adc job (or vice versa) so both jobs reference
the same action versions for actions/setup-node and pnpm/action-setup (ensure
you change the uses entries in the adc-macos and adc job steps to the chosen
aligned major version numbers).
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/release.yaml:
- Around line 65-71: The workflow uses mismatched action major versions between
jobs (adc-macos uses actions/setup-node@v4 and pnpm/action-setup@v2 while adc
uses actions/setup-node@v6 and pnpm/action-setup@v4); update the adc-macos job
to use the same major versions as the adc job (or vice versa) so both jobs
reference the same action versions for actions/setup-node and pnpm/action-setup
(ensure you change the uses entries in the adc-macos and adc job steps to the
chosen aligned major version numbers).
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3c849747-3258-46be-bd7c-376d11b53aa8

📥 Commits

Reviewing files that changed from the base of the PR and between ce7cb6c and 38ce4cd.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (2)
  • .github/workflows/release.yaml
  • pnpm-workspace.yaml
✅ Files skipped from review due to trivial changes (1)
  • pnpm-workspace.yaml

@bzp2010 bzp2010 merged commit 871af30 into main Apr 22, 2026
33 checks passed
@bzp2010 bzp2010 deleted the bzp/chore-upgrade-deps-260422 branch April 22, 2026 07:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@guoqqqi guoqqqi guoqqqi approved these changes

@juzhiyuan juzhiyuan Awaiting requested review from juzhiyuan

@LiteSun LiteSun Awaiting requested review from LiteSun

Assignees

No one assigned

Labels

test/apisix-standalone Trigger the APISIX standalone test on the PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bzp2010 @guoqqqi