Upgrades / Nest 11

[CarsonF]

No description provided.

[coderabbitai]

📝 Walkthrough

Walkthrough

This set of changes primarily updates dependency versions and refines type imports and usage throughout the codebase. The package.json file receives a comprehensive dependency refresh, including major upgrades for NestJS, GraphQL Yoga, and various utility libraries. Several files update import styles for libraries such as validator, nanoid, and image-size, aligning with new package versions or best practices. Some modules refactor internal type handling, such as removing generics or simplifying type annotations. Additional logic changes include improved error code handling for GraphQL errors, safer provider processing in resource loading, and streamlined GraphQL HTTP handling. No public API signatures are altered.

Changes

File(s)	Change Summary
package.json	Upgraded multiple dependencies and tooling versions, expanded and updated the resolutions field, and constrained TypeScript version.
src/common/generate-id.ts	Changed import of customAlphabet from async to sync version of nanoid; logic unchanged.
src/common/url.field.ts src/common/validators/email.validator.ts	Changed validator import from default to namespace import.
src/common/temporal/calendar-date.ts	Updated static methods max and min to handle empty arguments and enforce non-empty array typing.
src/components/authentication/crypto.service.ts	Simplified argon2Options getter to conditionally include secret property; removed dependency on pickBy and Except types.
src/components/authorization/policy/policy.module.ts	Added CoreModule to imports array in PolicyModule.
src/components/file/media/media-detector.service.ts	Changed type import path for ISize from image-size/dist/types/interface to image-size/types/interface.
src/core/config/version.service.ts	Refactored imports to use $ from execa and readPackageUp from read-package-up; updated shell command execution and package.json reading logic.
src/core/events/event-handler.decorator.ts	Changed type assertion to explicit type annotation for id variable.
src/core/exception/exception.normalizer.ts	Enhanced handling of specific GraphQL error codes and HTTP 413 batching errors; added exclusion for Nest.IntrinsicException in code mapping.
src/core/graphql/graphql.options.ts	Removed the fetchAPI property and custom URL override from GraphQL options.
src/core/graphql/driver.ts	Simplified httpHandler method to directly return the result of handleNodeRequestAndResponse without manual response manipulation.
src/core/http/http.adapter.ts	Simplified type imports from Fastify, removed custom type alias, and refactored PatchedFastifyAdapter to remove generics, now extending FastifyAdapter directly.
src/core/resources/loader.registry.ts	Added guard clause in onModuleInit to skip providers without a metatype property.

Possibly related PRs

• SeedCompany/cord-api-v3#3330: Refactors GraphQL driver implementation and related types, closely connected to the GraphQL driver code changes referenced in this PR.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8f14069 and 60f1751.

📒 Files selected for processing (1)

• src/core/graphql/driver.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/core/graphql/driver.ts

⏰ Context from checks skipped due to timeout of 90000ms (12)

• GitHub Check: E2E Tests (neo4j 6/6)
• GitHub Check: E2E Tests (neo4j 5/6)
• GitHub Check: E2E Tests (neo4j 4/6)
• GitHub Check: E2E Tests (neo4j 3/6)
• GitHub Check: E2E Tests (neo4j 2/6)
• GitHub Check: Unit
• GitHub Check: Clean
• GitHub Check: Generate (head)
• GitHub Check: E2E Tests (neo4j 1/6)
• GitHub Check: Analyze (javascript)
• GitHub Check: lint
• GitHub Check: Generate (base)

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (4)

src/core/config/version.service.ts (2)

43-44: Trim explicit .stdout on $ results

$ already returns ExecaReturnValue with stripFinalNewline: true by default, so res.stdout is a trimmed string.
If you expect to run these commands in an environment where that option might be changed globally, defensively call trim() once more to guarantee no stray \n enters the Version string.

-      const res = await $`git symbolic-ref -q --short HEAD`;
-      return res.stdout;
+      const res = await $`git symbolic-ref -q --short HEAD`;
+      return res.stdout.trim();

(do the same for git rev-parse …)

Also applies to: 56-57

---

64-70: Handle packageJson.version absence explicitly

readPackageUp() can succeed yet still return a packageJson without a version (e.g. workspaces / templates).
Returning undefined is fine, but we can skip the try/catch and make intent clearer:

-try {
-  return res.packageJson.version;
-} catch (e) {
-  return undefined;
-}
+return res.packageJson?.version ?? undefined;

Reduces one layer of silent failure.

src/core/http/http.adapter.ts (1)

38-46: Relying on private FastifyAdapter internals is brittle

injectRouteOptions is still private upstream. If its signature changes in a future Fastify/Nest release, TypeScript won’t warn because of the @ts-expect-error.
Safer alternative: copy the original implementation (it's tiny) or open an upstream issue to make it protected.

No action required now, but keep this in mind when upgrading.

package.json (1)

42-42: Review version range for @graphql-hive/yoga
Using a loose ">=0.41.0" range may pull in future incompatible releases. Consider pinning with a caret (e.g., ^0.41.0) for more predictable behavior.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 964a46f and 3ed2476.

⛔ Files ignored due to path filters (2)

• .yarn/patches/@whatwg-node-fetch-npm-0.10.6-bca79028fb.patch is excluded by !**/.yarn/**
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (14)

• package.json (5 hunks)
• src/common/generate-id.ts (1 hunks)
• src/common/temporal/calendar-date.ts (2 hunks)
• src/common/url.field.ts (1 hunks)
• src/common/validators/email.validator.ts (1 hunks)
• src/components/authentication/crypto.service.ts (1 hunks)
• src/components/authorization/policy/policy.module.ts (2 hunks)
• src/components/file/media/media-detector.service.ts (1 hunks)
• src/core/config/version.service.ts (3 hunks)
• src/core/events/event-handler.decorator.ts (1 hunks)
• src/core/exception/exception.normalizer.ts (2 hunks)
• src/core/graphql/graphql.options.ts (0 hunks)
• src/core/http/http.adapter.ts (2 hunks)
• src/core/resources/loader.registry.ts (1 hunks)

💤 Files with no reviewable changes (1)

• src/core/graphql/graphql.options.ts

🧰 Additional context used

🧬 Code Graph Analysis (1)

src/core/events/event-handler.decorator.ts (2)

src/components/authorization/policy/conditions/condition.interface.ts (1)

• id (35-43)

src/common/id-field.ts (1)

• ID (24-25)

🪛 Biome (1.9.4)

src/common/temporal/calendar-date.ts

[error] 169-169: Using super in a static context can be confusing.

super refers to a parent class.

(lint/complexity/noThisInStatic)

---

[error] 178-178: Using super in a static context can be confusing.

super refers to a parent class.

(lint/complexity/noThisInStatic)

🔇 Additional comments (32)

src/common/validators/email.validator.ts (1)

2-2: Import style updated to match new validator package requirements

The change from default import to namespace import aligns with the validator library's updated module structure, ensuring type compatibility while maintaining the same functionality.

src/common/url.field.ts (1)

6-6: Import style updated consistently with other validator usage

The change to namespace import style is consistent with the same change in email.validator.ts, ensuring uniform usage of the validator library across the codebase after the dependency upgrade.

src/components/authorization/policy/policy.module.ts (1)

2-2: Added CoreModule dependency to PolicyModule

The PolicyModule now properly imports CoreModule, ensuring it has access to core functionality. This change likely addresses dependencies that became necessary after the NestJS 11 upgrade.

Also applies to: 15-15

src/components/file/media/media-detector.service.ts (1)

7-7: Updated type import path for image-size package

The import for ISize has been updated to use the new type definition path and includes the explicit type keyword, making it a type-only import. This change adapts to the updated structure of the image-size package while improving type handling.

src/core/events/event-handler.decorator.ts (1)

58-58: Improved typing style

Great improvement switching from type assertion (as ID) to explicit type annotation (: ID). This is considered better TypeScript practice as it's more declarative and allows the compiler to verify type compatibility rather than forcing a type.

src/components/authentication/crypto.service.ts (1)

17-23: Well-simplified code with reduced dependencies

Great simplification of the argon2Options getter. The new implementation:

• Eliminates the need for lodash's pickBy and type-fest's Except
• Uses modern TypeScript features with the satisfies operator for type checking
• Achieves the same functionality with cleaner, more concise code

src/core/resources/loader.registry.ts (1)

75-77: Good defensive programming to handle falsy metatypes

The added guard clause is a great defensive programming practice. It prevents potential runtime errors by checking for the existence of provider.metatype before attempting to use it, returning an empty array when it's falsy.

This is particularly important as part of the NestJS upgrade from v10.x to v11.x, where framework changes might affect how providers and their metatypes are handled.

src/core/config/version.service.ts (1)

2-5: Leaner dependency imports look good

Switching to the $ tagged-template from execa and readPackageUp() simplifies the file and removes some manual promise handling – nice cleanup.

src/common/temporal/calendar-date.ts (1)

1-5: Good use of NonEmptyArray import

Importing NonEmptyArray makes the intent of the later cast explicit. 👍

src/core/exception/exception.normalizer.ts (1)

192-204: Solid granular mapping of GraphQL-specific error codes

Adding dedicated buckets for validation / parse / operation-resolution failures and batch-limit 413s will help the client handle these cases. Nice!

src/core/http/http.adapter.ts (1)

15-16: Import pruning is fine

Reducing the fastify type surface to only what’s used keeps compile times down.

package.json (21)

5-5: Ensure consistent packageManager upgrade
Specifying "yarn@4.9.1" locks the dev workflow to Yarn 4.9.1. Confirm that all contributors update their Yarn version accordingly and that CI runners use this version.

---

36-36: Validate @faker-js/faker major bump
Upgrading to v9 may include breaking changes in APIs. Verify all test fixtures and mocks by running rg "faker" and updating any renamed methods.

---

39-39: Confirm @fastify/cors compatibility
Fastify v5 requires CORS plugin v11. Ensure configuration options (e.g., origin, methods) still align with the new major version.

---

46-49: Synchronize NestJS v11 dependencies
All core Nest packages (common, core, graphql, platform-fastify) are bumped to 11.x—good consistency. Ensure any third-party modules or plugins also support Nest v11.

---

57-57: Check argon2 upgrade implications
argon2 v0.43 may adjust default hashing parameters or option shapes. Review your crypto.service.ts changes and rerun related unit tests to ensure hash/verify still function as expected.

---

67-68: Approve dotenv-expand & execa upgrades
Both packages have been bumped, and code already uses dotenv-expand the same way and the $ tagged template from execa@9. No breaking changes noted.

---

74-76: Review file utilities bumps
file-type v20 and glob v11 migrated to ESM-only. Confirm all imports (e.g., import { fileTypeFromFile }) and glob calls have been updated to work with ESM entrypoints.

---

81-83: Approve GraphQL Yoga & image-size updates
Upgrading to graphql-yoga@^5.13.4 and image-size@^2.0.2 aligns with synchronous import changes. No regressions detected.

---

93-94: Verify MIME and Nano ID usage
mime@^4.0.7 and nanoid@^5.1.5 may change default exports vs named exports. Search for import mime and import { nanoid } to ensure nothing is broken.

---

101-103: Approve read-package-up, reflect-metadata & rimraf bumps
These are tooling/runtime support dependencies; the semver bumps appear non-breaking.

---

107-107: Approve ts-essentials patch version
This is a purely type-level library; the minor upgrade should have no runtime impact.

---

109-110: Validate uuid & validator bumps
Moving to uuid@^11.1.0 and validator@^13.15.0—check imports (import { v4 as uuidv4 }) and any custom validation code to ensure APIs remain unchanged.

---

112-112: Confirm external tarball for xlsx
Pinning via a CDN URL can break offline installs or caching. Ensure your CI/Yarn offline mirror configuration accommodates this pattern.

---

118-121: Approve devtools NestJS & GraphQL CLI updates
Bumping @nestjs/cli, @nestjs/schematics, @nestjs/testing to 11.x and @graphql-hive/cli to >=0.44 aligns with the runtime upgrades.

---

129-133: Validate type definitions for Luxon & stack-trace
Ensure the updated @types/luxon@^3.6.2 and @types/stack-trace@^0.0.33 still match the runtime versions and don't introduce new type errors.

---

143-144: Approve lint-staged & npm-check-updates bumps
Minor updates for developer tooling; no changes needed in configuration.

---

146-151: Review ts-morph & TypeScript upgrade
Locking TS to ~5.2.2 and moving ts-morph to v25.0.1 may impact custom AST transforms. Run yarn type-check and verify any codegen scripts still work.

---

156-157: Approve Angular DevKit resolutions
Pinning @angular-devkit/core and @angular-devkit/schematics to ^19.2 satisfies Nest CLI peer dependencies.

---

159-161: Approve Nest CLI resolution overrides
Stubbing out unsupported fork-ts-checker-webpack-plugin & webpack plus aligning glob & typescript for the CLI is correct.

---

162-165: Approve patches for @whatwg-node/fetch
Consistent patch across v0.10.x versions is good. Ensure the patch file path remains valid in your Yarn patch directory.

---

166-169: Approve miscellaneous resolutions
Locking transitive deps for logform, process-warning, rxjs, and secure-json-parse helps eliminate known vulnerabilities.