Update client-api dependencies, bump openapi-fetch to 0.17, add CI#22169
Open
dannon wants to merge 5 commits intogalaxyproject:devfrom
Open
Update client-api dependencies, bump openapi-fetch to 0.17, add CI#22169dannon wants to merge 5 commits intogalaxyproject:devfrom
dannon wants to merge 5 commits intogalaxyproject:devfrom
Conversation
Update all client-api package dependencies within semver ranges, resolving security vulnerabilities in transitive deps (undici, glob, vite, rollup, minimatch, brace-expansion).
No breaking API changes from 0.15→0.17, just additive features (custom path serializers, read/write markers). Two type-level fixes needed where openapi-fetch 0.17 widens tuple types like [string, string][] to string[][] in inferred response types.
Runs build and tests on changes to client-api/ or client/src/api/ (the symlinked types). Installs client deps first since client-api's type symlink depends on the client's tsconfig resolution.
Aligns with the main client's recent migration to pnpm. Drops package-lock.json in favor of pnpm-lock.yaml and updates CI workflows (client-api-test, publish_artifacts) accordingly.
dannon
changed the title
This was referenced Mar 18, 2026
Member
Author
|
Re: the type casts -- confirmed it's a genuine bug in openapi-typescript-helpers 0.1.0 (bundled with openapi-fetch 0.17). The new Upstream bug: openapi-ts/openapi-typescript#2632 Added comments referencing the issue at both cast sites so they're easy to find and remove later. |
Reference upstream bug (openapi-ts/openapi-typescript#2632) at both cast sites so they're easy to find and remove once the Readable<T> tuple widening fix lands.
davelopez
approved these changes
Mar 20, 2026
Contributor
davelopez
left a comment
davelopez
left a comment
There was a problem hiding this comment.
Thanks for checking the casts!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
client-apitransitive dependencies, resolving security vulnerabilities in the lockfileopenapi-fetchfrom^0.15.0to^0.17.0in bothclient/andclient-api/, keeping them aligned. No breaking API changes from 0.15→0.17 (just additive features: custom path serializers, read/write markers). Two type-level fixes where 0.17 widens tuple types like[string, string][]tostring[][]in inferred response types.client-api-test.yamlCI workflow that builds and tests the client-api package on changes toclient-api/orclient/src/api/client-apifrom npm to pnpm to match the main client's recent migration. Dropspackage-lock.json, updates CI workflows accordingly.Supersedes #21313, #21121, #22143.
Test plan
cd client-api && pnpm run build— ESM+CJS build succeedscd client-api && pnpm test— 9/9 tests passcd client && pnpm test— 310 files, 1763 tests passcd client && npx vue-tsc --noEmit— clean, 0 type errors