Upgrade Medusa to 2.13.1 and stabilize workspace

[dwene]

Summary

• upgrade Medusa packages to 2.13.1 across apps/medusa, apps/storefront, and workspace resolutions
• restore @lambdacurry/medusa-product-reviews@1.3.1 and re-enable the plugin in Medusa config
• regenerate lockfile and align Yarn to 4.9.1 to resolve duplicate Medusa package resolution issues
• apply storefront type updates needed after dependency resolution changes

Verification

• yarn lint
• yarn typecheck
• yarn build
• Medusa dev startup reaches server init; health endpoint returns 200 OK on http://localhost:9000/health

Notes

• previous startup crash "Cannot read properties of undefined (reading 'collection')" no longer reproduces after lockfile regeneration + reinstall
• yarn.lock.bak.* and .cursor/* were intentionally left uncommitted

Summary by CodeRabbit

• Bug Fixes

  • Improved handling of undefined regions in footer component
  • Enhanced fallback values for site configuration data
  • Fixed currency code handling with proper fallback support in product pricing

• Chores

  • Upgraded Medusa framework to v2.13.1 with enhanced features
  • Updated React to v18.3.1 for improved performance and stability
  • Updated Yarn package manager to v4.9.1
  • Modernized build infrastructure and core dependencies

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

Walkthrough

The PR updates the project's build infrastructure from WarpBuilds to GitHub Actions, upgrades Yarn from 4.5.0 to 4.9.1, and modernizes the Medusa framework ecosystem from 2.7.0 to 2.13.1 across all package.json files. It removes Mikro-ORM dependencies and adds type safety guards to storefront components.

Changes

Cohort / File(s)	Summary
CI/CD and Workflow Configuration .github/workflows/pr-checks.yaml	Migrated from WarpBuilds to GitHub Actions (cache@v4, setup-node@v4); switched runner from warp-ubuntu-2404-x64-2x to ubuntu-latest; removed conditional on typecheck step to run unconditionally.
Package Manager and Root Configuration .yarnrc.yml, package.json	Updated Yarn version from 4.5.0 to 4.9.1; expanded resolutions block to comprehensively pin all Medusa packages to 2.13.1.
Medusa Ecosystem Upgrade apps/medusa/package.json, apps/storefront/package.json	Updated Medusa suite (@medusajs/*) from 2.7.0 to 2.13.1; removed Mikro-ORM packages (@mikro-orm/*); upgraded React to 18.3.1; added @medusajs/icons, @medusajs/ui, and posthog-node; updated @swc/core to ^1.7.28.
Storefront Type Safety and Logic Fixes apps/storefront/app/components/layout/footer/Footer.tsx, apps/storefront/app/hooks/useSiteDetails.ts, apps/storefront/libs/util/products.ts, apps/storefront/libs/util/server/data/cart.server.ts, apps/storefront/libs/util/server/data/product-reviews.server.ts, apps/storefront/libs/util/server/page.server.ts	Added null/undefined guards (regions ?? [], optional chaining with nullish coalescing); introduced type imports and type casts for stricter typing; derived currencyCode with fallback to 'usd'; widened type annotation for productsQuery; added empty options parameter to SDK call.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Upgrade Medusa to 2.13.1 and stabilize workspace' accurately captures the two main objectives of the PR: upgrading Medusa packages to version 2.13.1 and addressing workspace stability issues.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/medusa-2-13-1-upgrade

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/storefront/app/hooks/useSiteDetails.ts`:
- Line 7: Replace the unsafe empty-object cast in useSiteDetails by returning
data?.siteDetails directly: remove the fallback "({} as SiteDetailsRootData)" in
the return of the useSiteDetails hook so the function returns data?.siteDetails
(possibly undefined) instead of a lie-typed empty object; update the return
statement in the useSiteDetails function to reference data?.siteDetails and let
callers handle the optional value.

In `@package.json`:
- Around line 82-83: The root package.json currently forces "react" and
"react-dom" to ^19.2.3 via the top-level resolutions which overrides workspace
packages (including apps/medusa which declares "react": "18.3.1"); update the
root package.json resolutions to either remove the "react" and "react-dom"
entries or change them to match apps/medusa's declared version (18.3.1) or, if
you intend to move medusa to React 19, update apps/medusa/package.json to
"react" and "react-dom": "^19.2.3" and run yarn install to regenerate yarn.lock
so the installed versions match the declarations and avoid runtime mismatch.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled
• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 924654d and ba352aa.

⛔ Files ignored due to path filters (3)

• .yarn/releases/yarn-4.5.0.cjs is excluded by !**/.yarn/**
• .yarn/releases/yarn-4.9.1.cjs is excluded by !**/.yarn/**
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (11)

• .github/workflows/pr-checks.yaml
• .yarnrc.yml
• apps/medusa/package.json
• apps/storefront/app/components/layout/footer/Footer.tsx
• apps/storefront/app/hooks/useSiteDetails.ts
• apps/storefront/libs/util/products.ts
• apps/storefront/libs/util/server/data/cart.server.ts
• apps/storefront/libs/util/server/data/product-reviews.server.ts
• apps/storefront/libs/util/server/page.server.ts
• apps/storefront/package.json
• package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, locate and examine the useSiteDetails hook definition
find . -name "useSiteDetails.ts" -o -name "useSiteDetails.tsx"

Repository: lambda-curry/medusa2-starter

Length of output: 117

---

🏁 Script executed:

#!/bin/bash
# Search for SiteDetailsRootData type definition
rg -nP "type SiteDetailsRootData|interface SiteDetailsRootData" --type=ts --type=tsx -A 10

Repository: lambda-curry/medusa2-starter

Length of output: 99

---

🏁 Script executed:

#!/bin/bash
# Find all useSiteDetails() calls to understand consumer patterns
rg -nP "useSiteDetails\s*\(" --type=ts --type=tsx -B 2 -A 3

Repository: lambda-curry/medusa2-starter

Length of output: 99

---

🏁 Script executed:

#!/bin/bash
# Check what properties are accessed from useSiteDetails result
rg -nP "useSiteDetails\(\)[?.]|const\s+\w+\s*=\s*useSiteDetails\(\)" --type=ts --type=tsx -A 5

Repository: lambda-curry/medusa2-starter

Length of output: 99

---

🏁 Script executed:

#!/bin/bash
# Read the useSiteDetails.ts file to understand the hook and its return type
cat -n ./apps/storefront/app/hooks/useSiteDetails.ts

Repository: lambda-curry/medusa2-starter

Length of output: 378

---

🏁 Script executed:

#!/bin/bash
# Find SiteDetailsRootData type definition (ts files only)
rg -nP "type SiteDetailsRootData|interface SiteDetailsRootData" --type=ts -A 10

Repository: lambda-curry/medusa2-starter

Length of output: 711

---

🏁 Script executed:

#!/bin/bash
# Find all useSiteDetails calls using simple pattern (without tsx file type)
rg "useSiteDetails" --type=ts -B 2 -A 3

Repository: lambda-curry/medusa2-starter

Length of output: 5497

---

🏁 Script executed:

#!/bin/bash
# Find property accesses on useSiteDetails result
rg "useSiteDetails\(\)" --type=ts -A 5

Repository: lambda-curry/medusa2-starter

Length of output: 2372

---

🏁 Script executed:

#!/bin/bash
# Find useRootLoaderData hook definition
cat -n ./apps/storefront/app/hooks/useRootLoaderData.ts

Repository: lambda-curry/medusa2-starter

Length of output: 152

---

🏁 Script executed:

#!/bin/bash
# Search for root loader or where data.siteDetails is set
rg "siteDetails" --type=ts -B 2 -A 2

Repository: lambda-curry/medusa2-starter

Length of output: 2275

---

Remove unsafe empty-object cast and return data?.siteDetails directly.

The cast ({} as SiteDetailsRootData) suppresses type checks. An empty object doesn't provide the required fields (store, settings, headerNavigationItems, footerNavigationItems), yet three of four consumers destructure these fields without null guards:

• HeaderSideNav.tsx: destructures headerNavigationItems directly
• Header.tsx: destructures headerNavigationItems directly
• Footer.tsx: destructures footerNavigationItems and settings directly
• LogoStoreName.tsx: includes defensive if (!store || !settings) return null;

If the fallback is triggered, these consumers will attempt to use undefined values, causing runtime crashes. The root loader already guarantees siteDetails is populated, so the fallback is unnecessary. Return data?.siteDetails to fail fast if absent and let callers handle optional chaining where needed.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/storefront/app/hooks/useSiteDetails.ts` at line 7, Replace the unsafe
empty-object cast in useSiteDetails by returning data?.siteDetails directly:
remove the fallback "({} as SiteDetailsRootData)" in the return of the
useSiteDetails hook so the function returns data?.siteDetails (possibly
undefined) instead of a lie-typed empty object; update the return statement in
the useSiteDetails function to reference data?.siteDetails and let callers
handle the optional value.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Declared React versions in manifests ==="
for file in package.json apps/medusa/package.json apps/storefront/package.json; do
  if [ -f "$file" ]; then
    name=$(jq -r '.name' "$file" 2>/dev/null || echo "unknown")
    react=$(jq -r '.dependencies.react // "n/a"' "$file" 2>/dev/null || echo "error")
    react_dom=$(jq -r '.dependencies["react-dom"] // "n/a"' "$file" 2>/dev/null || echo "error")
    echo "$file ($name): react=$react, react-dom=$react_dom"
  fi
done

echo
echo "=== Root resolutions for React ==="
if [ -f package.json ]; then
  jq -r '.resolutions | keys[] as $k | "\($k)=\(.[$k])"' package.json 2>/dev/null | grep -E "react"
fi

echo
echo "=== Resolved React entries in yarn.lock (first 20 matches) ==="
if [ -f yarn.lock ]; then
  rg -n '^"(react|react-dom)@' yarn.lock -A 1 | head -40
fi

Repository: lambda-curry/medusa2-starter

Length of output: 543

---

Root React resolutions override workspace package declarations, forcing React 19.2.3+ on apps/medusa which explicitly requires React 18.3.1.

The root-level resolutions field forces React and react-dom to ^19.2.3 globally, overriding the declared 18.3.1 versions in apps/medusa/package.json. The yarn.lock confirms only React 19.2.3+ is installed; the declared React 18.3.1 is never resolved. This creates a major version incompatibility between declared intent and actual runtime, risking hidden compatibility issues and unexpected behavior.

Either align resolutions with workspace requirements, remove the global override, or upgrade apps/medusa to React 19 if compatible.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 82 - 83, The root package.json currently forces
"react" and "react-dom" to ^19.2.3 via the top-level resolutions which overrides
workspace packages (including apps/medusa which declares "react": "18.3.1");
update the root package.json resolutions to either remove the "react" and
"react-dom" entries or change them to match apps/medusa's declared version
(18.3.1) or, if you intend to move medusa to React 19, update
apps/medusa/package.json to "react" and "react-dom": "^19.2.3" and run yarn
install to regenerate yarn.lock so the installed versions match the declarations
and avoid runtime mismatch.