Skip to content

Upgrade dependencies across the workspace#1818

Merged
kmcginnes merged 2 commits into
mainfrom
deps/upgrade-all
Jun 11, 2026
Merged

Upgrade dependencies across the workspace#1818
kmcginnes merged 2 commits into
mainfrom
deps/upgrade-all

Conversation

@kmcginnes

@kmcginnes kmcginnes commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator

Description

Routine dependency maintenance bringing the workspace up to latest mature versions. Dependency-only change — only package.json (root + 3 packages) and pnpm-lock.yaml are touched; no source code changes.

Two logical parts (one commit each):

  1. Minor/patch bumps (~35 across all packages) — React 19.2.5→19.2.7, Vite 8.0.9→8.0.16, Vitest 4.1.5→4.1.8 (lockstep across all packages), Tailwind 4.2.4→4.3.0, Zod 4.3.6→4.4.3, jotai 2.19.1→2.20.0, radix-ui 1.4.3→1.5.0, react-router 7.16→7.17, react-hook-form 7.73→7.78, @aws-sdk/credential-providers →3.1065.0, oxfmt 0.47→0.54, and others.

  2. Two major bumps, neither requiring source changes:

    • cytoscape-dagre 2.5.0 → 4.0.0 — swaps the abandoned dagre@0.8.5 engine for the maintained @dagrejs/dagre fork (bundled into dist/ in v4) and ships a proper ESM entry. The cytoscape peer dep is unchanged (^3.2.22; we're on 3.34) and all layout option names we use are unchanged, so Graph.tsx, layoutConfig.ts, and the module shim are untouched.
    • lint-staged 16 → 17.0.7 — v17's breaking changes don't affect us (min Node 22.22.1 vs our 24.16; the now-optional yaml dep, while our config is JSON in package.json). The pre-commit hook needs no changes.

Decisions worth noting for review

  • oxlint held at 1.62.0 (not bumped to 1.69.0): 1.69 enables new default rules that flag 26 pre-existing files. Isolated to a future change to keep this upgrade free of unrelated source edits. oxfmt still bumped to 0.54.0 (zero reformatting drift).
  • @types/node held on the 24.x line (24.13.1) to stay aligned with the Node 24 runtime, rather than moving to 25.
  • A few versions are pulled back from npm-latest to satisfy the repo's minimumReleaseAge (24h) gate: @types/node 24.13.1, jotai 2.20.0, aws-sdk 3.1065.0.

Validation

  • pnpm checks passes (lint, format, types) across all 4 projects.
  • pnpm test passes — 160 files / 1778 tests on Vitest 4.1.8.
  • pnpm build produces a clean production build.
  • The minor/patch and cytoscape-dagre branches were manually tested against a live graph; all Hierarchy (TB/BT/LR/RL) and Subway layouts render correctly with the v4 dagre engine.

Related Issues

  • N/A

Check List

  • I confirm that my contribution is made under the terms of the Apache 2.0 license.
  • I have verified pnpm checks passes with no errors.
  • I have verified pnpm test passes with no failures.
  • I have covered new added functionality with unit tests if necessary.
  • I have updated documentation if necessary.

kmcginnes added 2 commits June 11, 2026 11:53
@kmcginnes
Upgrade minor and patch dependencies across workspace
7a36f74 
Bring all non-major dependencies up to their latest mature versions
(respecting the 24h minimumReleaseAge in pnpm-workspace.yaml) across the
root, graph-explorer, graph-explorer-proxy-server, and shared packages.

Notable bumps:
- react/react-dom 19.2.5 -> 19.2.7, @types/react -> 19.2.17
- @tanstack/react-query(+devtools, eslint-plugin) -> 5.101.0
- vite 8.0.9 -> 8.0.16, @vitejs/plugin-react -> 6.0.2
- vitest + @vitest/coverage-v8 4.1.5 -> 4.1.8 (lockstep across all packages)
- tailwindcss + @tailwindcss/vite 4.2.4 -> 4.3.0
- zod 4.3.6 -> 4.4.3, jotai 2.19.1 -> 2.20.0, radix-ui 1.4.3 -> 1.5.0
- cytoscape 3.33.2 -> 3.34.0, motion -> 12.40.0, react-router -> 7.17.0
- react-hook-form -> 7.78.0, lucide-react -> 1.17.0, date-fns -> 4.4.0
- @aws-sdk/credential-providers -> 3.1065.0, @types/node -> 24.13.1
- oxfmt 0.47.0 -> 0.54.0

oxlint held at 1.62.0: bumping to 1.69.0 enables new default rules
(vitest/require-to-throw-message, two jsx-a11y rules) that flag 26
pre-existing files. Isolating that to its own change to keep this bulk
upgrade free of unrelated source edits. @types/node held on the 24.x line
to stay aligned with the Node 24 runtime.

All checks (lint, format, types), 1778 tests, and production build pass.
@kmcginnes
Upgrade cytoscape-dagre to v4 and lint-staged to v17
0e04c81 
Two major-version bumps that require no source changes, both manually
verified, combined here with the minor/patch upgrades into a single
review.

cytoscape-dagre 2.5.0 -> 4.0.0:
- Swaps abandoned dagre@0.8.5 for the maintained @dagrejs/dagre@3 fork
  (bundled into dist in v4) and ships a proper ESM entry, suiting this
  "type": "module" package.
- cytoscape peer dep unchanged (^3.2.22; we are on 3.34) and all layout
  option names used by our dagre/subway variants are unchanged, so
  Graph.tsx, layoutConfig.ts, and the cytoscape-dagre.d.ts shim are
  untouched. All layouts verified visually against a live graph.

lint-staged 16.4.0 -> 17.0.7:
- v17 breaking changes do not affect us: min Node 22.22.1 (we require
  >=24.16), min Git 2.32.0, and the now-optional yaml dependency (our
  config is JSON in root package.json). The .husky/pre-commit hook needs
  no changes.

Checks, 1778 tests, and production build pass.
@kmcginnes kmcginnes marked this pull request as ready for review June 11, 2026 18:19
@kmcginnes kmcginnes merged commit fa213ec into main Jun 11, 2026
6 checks passed
@kmcginnes kmcginnes deleted the deps/upgrade-all branch June 11, 2026 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@arseny-kostenko arseny-kostenko arseny-kostenko approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kmcginnes @arseny-kostenko