Skip to content

Dependencies update + ESLint v9 #1064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rhamzeh merged 9 commits into from
Oct 11, 2025
Merged

Dependencies update + ESLint v9 #1064

rhamzeh merged 9 commits into from
Oct 11, 2025

Conversation

@Siddhant-K-code
Copy link
Member

@Siddhant-K-code Siddhant-K-code commented Jul 12, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated multiple dependencies to their latest versions for improved stability and compatibility.
    • Added a new development dependency to enhance environment variable management.
    • Migrated ESLint configuration to a new format for better maintainability and compatibility with modern tooling.

@Siddhant-K-code
docs: update OpenFGA configuration for v1.8.15
eb01fe0 
- Update configuration documentation to reference v1.8.15
- Update resolveNodeBreadthLimit default value from 100 to 10
- Update dependencies to latest versions
@Siddhant-K-code
chore: update dependencies and migrate to ESLint v9
d7b90f3 
- Update all dependencies to latest versions
- Migrate from .eslintrc.json to eslint.config.js for ESLint v9 compatibility
- Add globals dependency for proper ESLint configuration
- Fix CI lint step failures

This addresses reviewer feedback about ESLint v9 migration requirements.
@Siddhant-K-code Siddhant-K-code requested review from a team as code owners July 12, 2025 07:04
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jul 12, 2025
edited
Loading

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The changes replace the existing .eslintrc.json ESLint configuration with a new, modular eslint.config.js that provides multiple scoped configurations and disables stylistic rules to align with Prettier. Dependency versions in package.json are updated, and a new globals dev dependency is added. No application code or exports are modified.

Changes

File(s) Change Summary
.eslintrc.json Removed legacy ESLint configuration JSON file.
eslint.config.js Added modular ESLint config with multiple scoped overrides, Prettier compatibility, and plugins.
package.json Updated Docusaurus, OpenFGA, sanitize-html, swagger-ui-react, ESLint, and TypeScript plugin versions; added globals dev dependency.

Sequence Diagram(s)

sequenceDiagram
    participant Developer
    participant ESLint
    participant eslint.config.js

    Developer->>ESLint: Run lint command
    ESLint->>eslint.config.js: Load configuration
    eslint.config.js-->>ESLint: Provide scoped and merged rules
    ESLint->>Developer: Report lint results based on new config
Loading
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@Siddhant-K-code
fix: revert configuration.mdx to match main branch
3b21fc9 
This branch should only contain dependency updates and ESLint changes,
not documentation changes.
@Siddhant-K-code Siddhant-K-code mentioned this pull request Jul 12, 2025
Closed
2 tasks
@rhamzeh
Copy link
Member

rhamzeh commented Jul 14, 2025

The type check here is no longer passing

@socket-security
Copy link

socket-security bot commented Jul 15, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​types/​react@​18.3.5 ⏵ 18.3.9100 +110079 +196100
Updatedglobals@​13.24.0 ⏵ 16.3.010010085 +189100
Updatedeslint@​8.57.0 ⏵ 9.29.097 +110010096 +2100

View full report

@socket-security
Copy link

socket-security bot commented Jul 15, 2025
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
[email protected] has a License Policy Violation.

License: CC-BY-4.0 (npm metadata)

License: CC-BY-4.0 (package/LICENSE)

License: CC-BY-4.0 (package/package.json)

From: package-lock.jsonnpm/@docusaurus/[email protected]npm/@docusaurus/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

coderabbitai[bot]
coderabbitai bot reviewed Jul 15, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
eslint.config.js (1)

67-134: Consider using eslint-config-prettier instead of manually disabling rules.

The extensive manual disabling of Prettier-conflicting rules could be simplified by using the eslint-config-prettier package, which is already in your dependencies.

-  {
-    rules: {
-      // Prettier config to disable conflicting rules
-      'array-bracket-newline': 'off',
-      'array-bracket-spacing': 'off',
-      // ... (many more rules)
-    }
-  }
+  require('eslint-config-prettier')

This would make the configuration more maintainable and ensure all Prettier conflicts are properly handled.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 60a9ac3 and 78d9fe3.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (3)
  • .eslintrc.json (0 hunks)
  • eslint.config.js (1 hunks)
  • package.json (2 hunks)
💤 Files with no reviewable changes (1)
  • .eslintrc.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: deploy-preview
  • GitHub Check: Test deployment
🔇 Additional comments (3)
package.json (2)

28-31: LGTM: Dependency updates look reasonable.

The Docusaurus, TypeScript ESLint, and other dependency updates appear to be standard patch/minor version updates that should maintain compatibility.

Also applies to: 47-47, 53-57

34-34: No breaking changes in @openfga/sdk v0.9.0

The official changelog for v0.9.0 only adds a new “client assertion for client credentials authentication” feature (#228) and does not list any BREAKING CHANGES. The last breaking changes occurred in v0.8.0. You can safely keep the "@openfga/sdk": "^0.9.0" update.

✅ OpenFGA SDK update approved.

eslint.config.js (1)

1-6: LGTM: Import structure follows ESLint v9 flat config pattern.

The imports are correctly structured for the new ESLint v9 flat configuration format.

@Siddhant-K-code
Copy link
Member Author

Siddhant-K-code commented Jul 15, 2025

@rhamzeh, it's working now. One lint check is failing, which is similar to #1063 (comment)

@rhamzeh
Copy link
Member

rhamzeh commented Sep 4, 2025

@Siddhant-K-code would you mind running npm i to resolve the issues? We can merge then

@Siddhant-K-code
Copy link
Member Author

Siddhant-K-code commented Oct 11, 2025

@rhamzeh, sorry i've missed the notification. We are good to go now

@rhamzeh rhamzeh merged commit 01f88a8 into openfga:main Oct 11, 2025
11 of 14 checks passed
@Siddhant-K-code Siddhant-K-code deleted the chore/update-dependencies-eslint-v9 branch October 12, 2025 04:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@rhamzeh rhamzeh rhamzeh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Siddhant-K-code @rhamzeh