commits
* Add AGENTS.md with Coop-specific agent guidance
Inherits from the ROOST community AGENTS.md and CONTRIBUTING.md; adds
Coop-specific guidance for GraphQL codegen, install/lockfile hygiene,
Codespaces quirks, BottleJS DI, the pre-PR gate, and ask-before-doing
items (migrations, schema deletions, iocContainer rewires, auth/middleware).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* simplify description of agents guide
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* add migrator
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* remove nonexistent folders
my bad ><
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* replace bottlejs with proper repo
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* Update AGENTS.md
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* replace claude from example agent signature
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* based on the Osprey agents.md file, reorganized the Coop one to be clearer. Also includes new CI section based on #314
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* move CI checks into docker-compose services
* address PR feedback: reuse Dockerfile in codegen-check, broaden drift check, collapse per-step services
* split lint/build. backend targets server_base and client client base
* fix create-org and update readme
* more readme changes
* [Kysely] Migrate Org murations off sequelize
* fix lint
* fix test ordering
* test fixes
* fix(routes/tests): drop restricted graphql/datasources import
Replace direct kyselyOrgDeleteById imports in 5 route tests with the
cleanup() function returned by createOrg, satisfying the
import/no-restricted-paths rule that forbids routes/* from importing
graphql/*.
* validation of org using validator package to match sequelize
Bumps the root-prod group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@graphql-codegen/cli](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/graphql-codegen-cli) | `6.3.0` | `6.3.1` |
| [@graphql-codegen/named-operations-object](https://github.com/dotansimha/graphql-code-generator-community/tree/HEAD/packages/plugins/typescript/named-operations-object) | `4.0.0` | `4.0.1` |
| [@graphql-codegen/typescript-react-apollo](https://github.com/dotansimha/graphql-code-generator-community/tree/HEAD/packages/plugins/typescript/react-apollo) | `4.4.1` | `4.4.2` |
| [@graphql-codegen/typescript-resolvers](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/plugins/typescript/resolvers) | `5.1.7` | `5.1.8` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `15.5.2` | `16.4.0` |
| [sequelize-cli](https://github.com/sequelize/cli) | `6.6.0` | `6.6.5` |
Updates `@graphql-codegen/cli` from 6.3.0 to 6.3.1
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/graphql-codegen-cli/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/cli@6.3.1/packages/graphql-codegen-cli)
Updates `@graphql-codegen/named-operations-object` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/dotansimha/graphql-code-generator-community/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator-community/blob/main/packages/plugins/typescript/named-operations-object/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator-community/commits/@graphql-codegen/named-operations-object@4.0.1/packages/plugins/typescript/named-operations-object)
Updates `@graphql-codegen/typescript-react-apollo` from 4.4.1 to 4.4.2
- [Release notes](https://github.com/dotansimha/graphql-code-generator-community/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator-community/blob/main/packages/plugins/typescript/react-apollo/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator-community/commits/@graphql-codegen/typescript-react-apollo@4.4.2/packages/plugins/typescript/react-apollo)
Updates `@graphql-codegen/typescript-resolvers` from 5.1.7 to 5.1.8
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/plugins/typescript/resolvers/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/typescript-resolvers@5.1.8/packages/plugins/typescript/resolvers)
Updates `lint-staged` from 15.5.2 to 16.4.0
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lint-staged/lint-staged/compare/v15.5.2...v16.4.0)
Updates `sequelize-cli` from 6.6.0 to 6.6.5
- [Release notes](https://github.com/sequelize/cli/releases)
- [Changelog](https://github.com/sequelize/cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sequelize/cli/compare/v6.6.0...v6.6.5)
---
updated-dependencies:
- dependency-name: "@graphql-codegen/cli"
dependency-version: 6.3.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/named-operations-object"
dependency-version: 4.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/typescript-react-apollo"
dependency-version: 4.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/typescript-resolvers"
dependency-version: 5.1.8
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: lint-staged
dependency-version: 16.4.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: root-prod
- dependency-name: sequelize-cli
dependency-version: 6.6.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the nodejs-instrumentation-dev group with 1 update in the /nodejs-instrumentation directory: [typescript](https://github.com/microsoft/TypeScript).
Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: nodejs-instrumentation-dev
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Pinned version is what "latest" tag currently points to.
Applying updates to indirect (transitive) dependencies is not supported by
Dependabot for NPM ecosystem [0].
[0] https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#dependency-type-allow
* dependabot: Rename security updates groups
Grouping only security updates isn't enough anymore. Prod and dev
dependency types also need to be covered by grouped updates.
Goal of this change is to highlight which component is affected by
generated PR right in the PR title.
* dependabot: Add prod/dev dependency groups
* [Kysely] Migrate Action mutations and lookups to Kysely
* add org match for rules and tests to cover missing bugs
* attempt to make lint happy
* code review fixes
* fix tests using bad org as we create a new org now.
* [Kysely] Migrate backtests and retroaction out of sequelize
* disable again
* build(deps): bump pg from 8.9.0 to 8.20.0
Bumps [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) from 8.9.0 to 8.20.0.
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.20.0/packages/pg)
---
updated-dependencies:
- dependency-name: pg
dependency-version: 8.20.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump concurrently from 6.5.1 to 9.2.1
Bumps [concurrently](https://github.com/open-cli-tools/concurrently) from 6.5.1 to 9.2.1.
- [Release notes](https://github.com/open-cli-tools/concurrently/releases)
- [Commits](https://github.com/open-cli-tools/concurrently/compare/v6.5.1...v9.2.1)
---
updated-dependencies:
- dependency-name: concurrently
dependency-version: 9.2.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump @types/validator from 13.11.9 to 13.15.10
Bumps [@types/validator](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/validator) from 13.11.9 to 13.15.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/validator)
---
updated-dependencies:
- dependency-name: "@types/validator"
dependency-version: 13.15.10
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump @types/express from 4.17.16 to 5.0.6
Bumps [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) from 4.17.16 to 5.0.6.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express)
---
updated-dependencies:
- dependency-name: "@types/express"
dependency-version: 5.0.6
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @graphql-codegen/cli from 6.2.1 to 6.3.0
Bumps [@graphql-codegen/cli](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/graphql-codegen-cli) from 6.2.1 to 6.3.0.
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/graphql-codegen-cli/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/cli@6.3.0/packages/graphql-codegen-cli)
---
updated-dependencies:
- dependency-name: "@graphql-codegen/cli"
dependency-version: 6.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pawe艂 Wieczorek <pawiecz@collabora.com>
* [fix] Surface Thread-kind items in user submission history
Thread items submitted with a schema field role were
silently being dropped from creator-keyed surfaces
* [test] Add unit tests for getCreator across item kinds
Pins the behavior change from the previous commit so the THREAD case
can't silently regress to `undefined` again. Covers:
- CONTENT: returns the creator from the creatorId field role; returns
undefined when the role is unconfigured or the field is missing.
- THREAD: same as CONTENT (this is the regression case the bug fix
targets).
- USER: always returns undefined.
Exports `getCreator` from `makeItemSubmission.ts` for testability;
nothing else in the codebase imports it.
* client: Add dummy package.json for ESLint custom rules
NPM requires "package.json" file to include "name" and "version" fields
for packages published to the registry [0]. ESLint custom rules will
stay within this repo for the time being. Dependabot doesn't impose any
requirements on this file so an empty one would suffice but let's provide
some details anyway.
File "index.js" now filters out all non-JS files so there's no attempt
made to pick up additional rules from the dummy "package.json".
[0] https://docs.npmjs.com/creating-a-package-json-file
Fixes: #279
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* [Express] Upgrade to express 5
* fix ci
* fix
* build(deps): bump fast-check from 3.12.0 to 4.6.0 in /server
Bumps [fast-check](https://github.com/dubzzz/fast-check/tree/HEAD/packages/fast-check) from 3.12.0 to 4.6.0.
- [Release notes](https://github.com/dubzzz/fast-check/releases)
- [Changelog](https://github.com/dubzzz/fast-check/blob/main/packages/fast-check/CHANGELOG.md)
- [Commits](https://github.com/dubzzz/fast-check/commits/v4.6.0/packages/fast-check)
---
updated-dependencies:
- dependency-name: fast-check
dependency-version: 4.6.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/semantic-conventions in /server
Bumps [@opentelemetry/semantic-conventions](https://github.com/open-telemetry/opentelemetry-js) from 1.22.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.22.0...semconv/v1.40.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/semantic-conventions"
dependency-version: 1.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @clickhouse/client from 1.13.0 to 1.18.2 in /server
Bumps [@clickhouse/client](https://github.com/ClickHouse/clickhouse-js) from 1.13.0 to 1.18.2.
- [Release notes](https://github.com/ClickHouse/clickhouse-js/releases)
- [Changelog](https://github.com/ClickHouse/clickhouse-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ClickHouse/clickhouse-js/compare/1.13.0...1.18.2)
---
updated-dependencies:
- dependency-name: "@clickhouse/client"
dependency-version: 1.18.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @types/jsonwebtoken from 8.5.9 to 9.0.10 in /server
Bumps [@types/jsonwebtoken](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsonwebtoken) from 8.5.9 to 9.0.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jsonwebtoken)
---
updated-dependencies:
- dependency-name: "@types/jsonwebtoken"
dependency-version: 9.0.10
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump ioredis from 5.9.2 to 5.10.1 in /server
Bumps [ioredis](https://github.com/luin/ioredis) from 5.9.2 to 5.10.1.
- [Release notes](https://github.com/luin/ioredis/releases)
- [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md)
- [Commits](https://github.com/luin/ioredis/compare/v5.9.2...v5.10.1)
---
updated-dependencies:
- dependency-name: ioredis
dependency-version: 5.10.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update bullmq to 5.75.2 to dedupe ioredis with the bumped version
The ioredis 5.9.2 -> 5.10.1 bump in this batch caused bullmq@5.67.3 to
keep its own nested copy of ioredis@5.9.2 (it pins the version exactly).
The two copies produced incompatible Redis types in our consumers of
bullmq Queue. bullmq@5.75.2 (still ^5.0.0, no API change for us) pins
ioredis@5.10.1, which lets npm dedupe the tree.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [Kysely] Migrate location banks API out of sequelize
* add guard for org id.
* lint fix
* build(deps): bump @opentelemetry/semantic-conventions
Bumps [@opentelemetry/semantic-conventions](https://github.com/open-telemetry/opentelemetry-js) from 1.27.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.27.0...semconv/v1.40.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/semantic-conventions"
dependency-version: 1.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/resource-detector-container
Bumps [@opentelemetry/resource-detector-container](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/resource-detector-container) from 0.4.1 to 0.8.5.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/resource-detector-container/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/resource-detector-container-v0.8.5/packages/resource-detector-container)
---
updated-dependencies:
- dependency-name: "@opentelemetry/resource-detector-container"
dependency-version: 0.8.5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/exporter-trace-otlp-grpc
Bumps [@opentelemetry/exporter-trace-otlp-grpc](https://github.com/open-telemetry/opentelemetry-js) from 0.53.0 to 0.214.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.53.0...experimental/v0.214.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/exporter-trace-otlp-grpc"
dependency-version: 0.214.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/propagator-aws-xray
Bumps [@opentelemetry/propagator-aws-xray](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/propagator-aws-xray) from 1.26.0 to 2.2.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/propagator-aws-xray/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/propagator-aws-xray-v2.2.0/packages/propagator-aws-xray)
---
updated-dependencies:
- dependency-name: "@opentelemetry/propagator-aws-xray"
dependency-version: 2.2.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/resources in /nodejs-instrumentation
Bumps [@opentelemetry/resources](https://github.com/open-telemetry/opentelemetry-js) from 1.26.0 to 2.6.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.26.0...v2.6.1)
---
updated-dependencies:
- dependency-name: "@opentelemetry/resources"
dependency-version: 2.6.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Regenerate nodejs-instrumentation/package-lock.json after batching dependency updates
* Migrate /nodejs-instrumentation to OpenTelemetry 2.x
Bumps the OpenTelemetry stack to a coherent set of versions (stable 2.x,
experimental 0.215.x) so the previously-batched bumps don't leave the
workspace with an inconsistent SDK that fails to compile.
Coordinated bumps beyond the original Dependabot scope:
- @opentelemetry/auto-instrumentations-node ^0.50.0 -> ^0.73.0
- @opentelemetry/exporter-metrics-otlp-grpc ^0.53.0 -> ^0.215.0
- @opentelemetry/resource-detector-aws ^1.6.1 -> ^2.15.0
- @opentelemetry/sdk-metrics ^1.26.0 -> ^2.7.0
- @opentelemetry/sdk-node ^0.53.0 -> ^0.215.0
- @opentelemetry/sdk-trace-base ^1.26.0 -> ^2.7.0
- @opentelemetry/winston-transport ^0.6.0 -> ^0.25.0
Source change in src/autoinstrumentation.ts to match the 2.x Resource
API: the Resource class is gone, replaced by the resourceFromAttributes
and defaultResource factory functions.
Workspace version bumped 1.0.6 -> 1.1.0.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [Kysely] Migrate rule mutations and backtest list/cancel to Kysely
* code review feedback
* build(deps): bump @total-typescript/ts-reset in /migrator
Bumps [@total-typescript/ts-reset](https://github.com/total-typescript/ts-reset) from 0.5.1 to 0.6.1.
- [Release notes](https://github.com/total-typescript/ts-reset/releases)
- [Changelog](https://github.com/mattpocock/ts-reset/blob/main/CHANGELOG.md)
- [Commits](https://github.com/total-typescript/ts-reset/commits)
---
updated-dependencies:
- dependency-name: "@total-typescript/ts-reset"
dependency-version: 0.6.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump umzug from 3.0.0 to 3.8.2 in /migrator
Bumps [umzug](https://github.com/sequelize/umzug) from 3.0.0 to 3.8.2.
- [Release notes](https://github.com/sequelize/umzug/releases)
- [Changelog](https://github.com/sequelize/umzug/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sequelize/umzug/compare/v3.0.0...v3.8.2)
---
updated-dependencies:
- dependency-name: umzug
dependency-version: 3.8.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump yargs from 16.2.0 to 18.0.0 in /migrator
Bumps [yargs](https://github.com/yargs/yargs) from 16.2.0 to 18.0.0.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/compare/v16.2.0...v18.0.0)
---
updated-dependencies:
- dependency-name: yargs
dependency-version: 18.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump typescript from 5.2.2 to 6.0.3 in /migrator
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.2.2 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.2.2...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Regenerate migrator/package-lock.json after batching dependency updates
* Bump @roostorg/db-migrator to 1.1.0 for batched dependency release
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump uuid from 8.3.2 to 13.0.0 in /db
Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.2 to 13.0.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.2...v13.0.0)
---
updated-dependencies:
- dependency-name: uuid
dependency-version: 13.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump latlon-geohash from 1.1.0 to 2.0.0 in /db
Bumps [latlon-geohash](https://github.com/chrisveness/latlon-geohash) from 1.1.0 to 2.0.0.
- [Commits](https://github.com/chrisveness/latlon-geohash/compare/v1.1.0...v2.0.0)
---
updated-dependencies:
- dependency-name: latlon-geohash
dependency-version: 2.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump csv-parse from 5.6.0 to 6.2.1 in /db
Bumps [csv-parse](https://github.com/adaltas/node-csv/tree/HEAD/packages/csv-parse) from 5.6.0 to 6.2.1.
- [Changelog](https://github.com/adaltas/node-csv/blob/master/packages/csv-parse/CHANGELOG.md)
- [Commits](https://github.com/adaltas/node-csv/commits/csv-parse@6.2.1/packages/csv-parse)
---
updated-dependencies:
- dependency-name: csv-parse
dependency-version: 6.2.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /db
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [Kysely] Migrate MRT action/policy id lookups off Sequelize
* code review changes
Bumps protobufjs in the /client directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.4.0 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.5)
Bumps the prod-security group with 1 update in the /nodejs-instrumentation directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.4.0 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.5)
---
updated-dependencies:
- dependency-name: protobufjs
dependency-version: 7.5.5
dependency-type: indirect
dependency-group: prod-security
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the prod-security group with 1 update in the /server directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.5.4 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5)
---
updated-dependencies:
- dependency-name: protobufjs
dependency-version: 7.5.5
dependency-type: indirect
dependency-group: prod-security
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps facebook/threatexchange/hma from 1.1.3 to 1.1.4.
---
updated-dependencies:
- dependency-name: facebook/threatexchange/hma
dependency-version: 1.1.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This patch breaks the DRY principle and doesn't use YAML aliases because
they are not supported by Dependabot [0].
[0] https://github.com/dependabot/dependabot-core/issues/1582
* [Vulnerabilities] Upgrade Kysely to latest
* fix lint
* code review
* [Kysely] migrate rule-engine queries and related jobs to Kysely (phase 1)
* fixes
* fix lint by organizing errors to a file for simplifications
* lint fix again
* fix test
* [Kysely] Remove knex migrate backtest pagination and takeLast to Kysely (#226)
* [Kysely] Remove knex migrate backtest pagination and takeLast to Kysely
* code revie fix
* simplify enum uses
* [Vulnerabilities] Upgrade Kysely to latest
* fix lint
* code review
Bumps node from 24.14.0 to 24.14.1.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [Vulnerabilities] Remove lodash by migrating from better mutation to plugin-functional and fix minor lint wwarnings
* remove bad merge main
* server: Replace error classes no longer provided by Apollo
* server: Remove no longer available DataSource base class
* server: Remove no longer necessary gql tag
* server: Upgrade Apollo packages
* server: Refactor API server bootstrap
* server: Remove Apollo packages that reached end-of-life
* server/client: Bump graphql package version
* fixup! server: Refactor API server bootstrap
* fixup! server: Remove Apollo packages that reached end-of-life
* fixup! server: Refactor API server bootstrap
* fixup! server: Replace error classes no longer provided by Apollo
* fix merge main and final code review changes
* lint fixes
---------
Co-authored-by: Juan S. Mrad <juansmrad@gmail.com>
* Fix unbounded queries causing dashboard crashes under high queue depth
* add load test script for testing
* code review comments
* change comment to 5000
Bumps facebook/threatexchange/hma from 1.1.2 to 1.1.3.
---
updated-dependencies:
- dependency-name: facebook/threatexchange/hma
dependency-version: 1.1.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* clean up integrations in enum definition to remove unused ones
* add model card details to zentropi manifest
* revert model card learn more URL to general MC educational resource
* Regenerate GraphQL files
* merge main and reinstall npm
* actually add regenerated graphql files
* revert package-lock.json to main
* include package-lock.json changes for consistent codegen
* [Vulnerability][Patches] Apply patch to vulnerable dependencies
* [Vulnerabilities] Upgrade @graphql-codegen packages and @apollo/client to fix vulnerabilities (#178)
* [Simplification] Remove Content Proxy as not needed reference
* add comment on env.example
* [dependabot] Configure to prevent major bump of node
* code review changes
This was using an absolute path which didn't work for the mdbook version. Switch to relative, and make the link name consistent with the target page title.
* Setting GraphQL depth limit to 10
* Set env var for GraphQL depth
Used safe var helper to ensure proper integer is being used for GraphQL depth
Using Node 24.14.0, as directed to make CI happy
* Cleared merge conflict
* Logging error instead of throwing error
* Use jsonStringify for logging invalid env var
This change addresses ESLint warning about type safety of JSON.stringify.
Co-authored-by: Pawe艂 Wieczorek <pawiecz@collabora.com>
* [Code Simplification][Vulnerabilities] Remove Betterer and upgrade ESLint to v9
* [Vulnerabilities] Upgrade AWS SDK to fix fast-xml-parser vulnerabilities
* remove unused package
* [Code Simplification][Vulnerabilities] Remove Betterer and upgrade ESLint to v9
* code review fixes
* fix ci
* fix for realz now
* Add AGENTS.md with Coop-specific agent guidance
Inherits from the ROOST community AGENTS.md and CONTRIBUTING.md; adds
Coop-specific guidance for GraphQL codegen, install/lockfile hygiene,
Codespaces quirks, BottleJS DI, the pre-PR gate, and ask-before-doing
items (migrations, schema deletions, iocContainer rewires, auth/middleware).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* simplify description of agents guide
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* add migrator
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* remove nonexistent folders
my bad ><
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* replace bottlejs with proper repo
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* Update AGENTS.md
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* replace claude from example agent signature
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* based on the Osprey agents.md file, reorganized the Coop one to be clearer. Also includes new CI section based on #314
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* [Kysely] Migrate Org murations off sequelize
* fix lint
* fix test ordering
* test fixes
* fix(routes/tests): drop restricted graphql/datasources import
Replace direct kyselyOrgDeleteById imports in 5 route tests with the
cleanup() function returned by createOrg, satisfying the
import/no-restricted-paths rule that forbids routes/* from importing
graphql/*.
* validation of org using validator package to match sequelize
Bumps the root-prod group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@graphql-codegen/cli](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/graphql-codegen-cli) | `6.3.0` | `6.3.1` |
| [@graphql-codegen/named-operations-object](https://github.com/dotansimha/graphql-code-generator-community/tree/HEAD/packages/plugins/typescript/named-operations-object) | `4.0.0` | `4.0.1` |
| [@graphql-codegen/typescript-react-apollo](https://github.com/dotansimha/graphql-code-generator-community/tree/HEAD/packages/plugins/typescript/react-apollo) | `4.4.1` | `4.4.2` |
| [@graphql-codegen/typescript-resolvers](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/plugins/typescript/resolvers) | `5.1.7` | `5.1.8` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `15.5.2` | `16.4.0` |
| [sequelize-cli](https://github.com/sequelize/cli) | `6.6.0` | `6.6.5` |
Updates `@graphql-codegen/cli` from 6.3.0 to 6.3.1
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/graphql-codegen-cli/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/cli@6.3.1/packages/graphql-codegen-cli)
Updates `@graphql-codegen/named-operations-object` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/dotansimha/graphql-code-generator-community/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator-community/blob/main/packages/plugins/typescript/named-operations-object/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator-community/commits/@graphql-codegen/named-operations-object@4.0.1/packages/plugins/typescript/named-operations-object)
Updates `@graphql-codegen/typescript-react-apollo` from 4.4.1 to 4.4.2
- [Release notes](https://github.com/dotansimha/graphql-code-generator-community/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator-community/blob/main/packages/plugins/typescript/react-apollo/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator-community/commits/@graphql-codegen/typescript-react-apollo@4.4.2/packages/plugins/typescript/react-apollo)
Updates `@graphql-codegen/typescript-resolvers` from 5.1.7 to 5.1.8
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/plugins/typescript/resolvers/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/typescript-resolvers@5.1.8/packages/plugins/typescript/resolvers)
Updates `lint-staged` from 15.5.2 to 16.4.0
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lint-staged/lint-staged/compare/v15.5.2...v16.4.0)
Updates `sequelize-cli` from 6.6.0 to 6.6.5
- [Release notes](https://github.com/sequelize/cli/releases)
- [Changelog](https://github.com/sequelize/cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sequelize/cli/compare/v6.6.0...v6.6.5)
---
updated-dependencies:
- dependency-name: "@graphql-codegen/cli"
dependency-version: 6.3.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/named-operations-object"
dependency-version: 4.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/typescript-react-apollo"
dependency-version: 4.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/typescript-resolvers"
dependency-version: 5.1.8
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: lint-staged
dependency-version: 16.4.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: root-prod
- dependency-name: sequelize-cli
dependency-version: 6.6.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the nodejs-instrumentation-dev group with 1 update in the /nodejs-instrumentation directory: [typescript](https://github.com/microsoft/TypeScript).
Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: nodejs-instrumentation-dev
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* dependabot: Rename security updates groups
Grouping only security updates isn't enough anymore. Prod and dev
dependency types also need to be covered by grouped updates.
Goal of this change is to highlight which component is affected by
generated PR right in the PR title.
* dependabot: Add prod/dev dependency groups
* build(deps): bump pg from 8.9.0 to 8.20.0
Bumps [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) from 8.9.0 to 8.20.0.
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.20.0/packages/pg)
---
updated-dependencies:
- dependency-name: pg
dependency-version: 8.20.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump concurrently from 6.5.1 to 9.2.1
Bumps [concurrently](https://github.com/open-cli-tools/concurrently) from 6.5.1 to 9.2.1.
- [Release notes](https://github.com/open-cli-tools/concurrently/releases)
- [Commits](https://github.com/open-cli-tools/concurrently/compare/v6.5.1...v9.2.1)
---
updated-dependencies:
- dependency-name: concurrently
dependency-version: 9.2.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump @types/validator from 13.11.9 to 13.15.10
Bumps [@types/validator](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/validator) from 13.11.9 to 13.15.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/validator)
---
updated-dependencies:
- dependency-name: "@types/validator"
dependency-version: 13.15.10
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump @types/express from 4.17.16 to 5.0.6
Bumps [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) from 4.17.16 to 5.0.6.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express)
---
updated-dependencies:
- dependency-name: "@types/express"
dependency-version: 5.0.6
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @graphql-codegen/cli from 6.2.1 to 6.3.0
Bumps [@graphql-codegen/cli](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/graphql-codegen-cli) from 6.2.1 to 6.3.0.
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/graphql-codegen-cli/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/cli@6.3.0/packages/graphql-codegen-cli)
---
updated-dependencies:
- dependency-name: "@graphql-codegen/cli"
dependency-version: 6.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pawe艂 Wieczorek <pawiecz@collabora.com>
* [fix] Surface Thread-kind items in user submission history
Thread items submitted with a schema field role were
silently being dropped from creator-keyed surfaces
* [test] Add unit tests for getCreator across item kinds
Pins the behavior change from the previous commit so the THREAD case
can't silently regress to `undefined` again. Covers:
- CONTENT: returns the creator from the creatorId field role; returns
undefined when the role is unconfigured or the field is missing.
- THREAD: same as CONTENT (this is the regression case the bug fix
targets).
- USER: always returns undefined.
Exports `getCreator` from `makeItemSubmission.ts` for testability;
nothing else in the codebase imports it.
* client: Add dummy package.json for ESLint custom rules
NPM requires "package.json" file to include "name" and "version" fields
for packages published to the registry [0]. ESLint custom rules will
stay within this repo for the time being. Dependabot doesn't impose any
requirements on this file so an empty one would suffice but let's provide
some details anyway.
File "index.js" now filters out all non-JS files so there's no attempt
made to pick up additional rules from the dummy "package.json".
[0] https://docs.npmjs.com/creating-a-package-json-file
Fixes: #279
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* build(deps): bump fast-check from 3.12.0 to 4.6.0 in /server
Bumps [fast-check](https://github.com/dubzzz/fast-check/tree/HEAD/packages/fast-check) from 3.12.0 to 4.6.0.
- [Release notes](https://github.com/dubzzz/fast-check/releases)
- [Changelog](https://github.com/dubzzz/fast-check/blob/main/packages/fast-check/CHANGELOG.md)
- [Commits](https://github.com/dubzzz/fast-check/commits/v4.6.0/packages/fast-check)
---
updated-dependencies:
- dependency-name: fast-check
dependency-version: 4.6.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/semantic-conventions in /server
Bumps [@opentelemetry/semantic-conventions](https://github.com/open-telemetry/opentelemetry-js) from 1.22.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.22.0...semconv/v1.40.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/semantic-conventions"
dependency-version: 1.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @clickhouse/client from 1.13.0 to 1.18.2 in /server
Bumps [@clickhouse/client](https://github.com/ClickHouse/clickhouse-js) from 1.13.0 to 1.18.2.
- [Release notes](https://github.com/ClickHouse/clickhouse-js/releases)
- [Changelog](https://github.com/ClickHouse/clickhouse-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ClickHouse/clickhouse-js/compare/1.13.0...1.18.2)
---
updated-dependencies:
- dependency-name: "@clickhouse/client"
dependency-version: 1.18.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @types/jsonwebtoken from 8.5.9 to 9.0.10 in /server
Bumps [@types/jsonwebtoken](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsonwebtoken) from 8.5.9 to 9.0.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jsonwebtoken)
---
updated-dependencies:
- dependency-name: "@types/jsonwebtoken"
dependency-version: 9.0.10
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump ioredis from 5.9.2 to 5.10.1 in /server
Bumps [ioredis](https://github.com/luin/ioredis) from 5.9.2 to 5.10.1.
- [Release notes](https://github.com/luin/ioredis/releases)
- [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md)
- [Commits](https://github.com/luin/ioredis/compare/v5.9.2...v5.10.1)
---
updated-dependencies:
- dependency-name: ioredis
dependency-version: 5.10.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update bullmq to 5.75.2 to dedupe ioredis with the bumped version
The ioredis 5.9.2 -> 5.10.1 bump in this batch caused bullmq@5.67.3 to
keep its own nested copy of ioredis@5.9.2 (it pins the version exactly).
The two copies produced incompatible Redis types in our consumers of
bullmq Queue. bullmq@5.75.2 (still ^5.0.0, no API change for us) pins
ioredis@5.10.1, which lets npm dedupe the tree.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump @opentelemetry/semantic-conventions
Bumps [@opentelemetry/semantic-conventions](https://github.com/open-telemetry/opentelemetry-js) from 1.27.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.27.0...semconv/v1.40.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/semantic-conventions"
dependency-version: 1.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/resource-detector-container
Bumps [@opentelemetry/resource-detector-container](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/resource-detector-container) from 0.4.1 to 0.8.5.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/resource-detector-container/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/resource-detector-container-v0.8.5/packages/resource-detector-container)
---
updated-dependencies:
- dependency-name: "@opentelemetry/resource-detector-container"
dependency-version: 0.8.5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/exporter-trace-otlp-grpc
Bumps [@opentelemetry/exporter-trace-otlp-grpc](https://github.com/open-telemetry/opentelemetry-js) from 0.53.0 to 0.214.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.53.0...experimental/v0.214.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/exporter-trace-otlp-grpc"
dependency-version: 0.214.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/propagator-aws-xray
Bumps [@opentelemetry/propagator-aws-xray](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/propagator-aws-xray) from 1.26.0 to 2.2.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/propagator-aws-xray/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/propagator-aws-xray-v2.2.0/packages/propagator-aws-xray)
---
updated-dependencies:
- dependency-name: "@opentelemetry/propagator-aws-xray"
dependency-version: 2.2.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/resources in /nodejs-instrumentation
Bumps [@opentelemetry/resources](https://github.com/open-telemetry/opentelemetry-js) from 1.26.0 to 2.6.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.26.0...v2.6.1)
---
updated-dependencies:
- dependency-name: "@opentelemetry/resources"
dependency-version: 2.6.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Regenerate nodejs-instrumentation/package-lock.json after batching dependency updates
* Migrate /nodejs-instrumentation to OpenTelemetry 2.x
Bumps the OpenTelemetry stack to a coherent set of versions (stable 2.x,
experimental 0.215.x) so the previously-batched bumps don't leave the
workspace with an inconsistent SDK that fails to compile.
Coordinated bumps beyond the original Dependabot scope:
- @opentelemetry/auto-instrumentations-node ^0.50.0 -> ^0.73.0
- @opentelemetry/exporter-metrics-otlp-grpc ^0.53.0 -> ^0.215.0
- @opentelemetry/resource-detector-aws ^1.6.1 -> ^2.15.0
- @opentelemetry/sdk-metrics ^1.26.0 -> ^2.7.0
- @opentelemetry/sdk-node ^0.53.0 -> ^0.215.0
- @opentelemetry/sdk-trace-base ^1.26.0 -> ^2.7.0
- @opentelemetry/winston-transport ^0.6.0 -> ^0.25.0
Source change in src/autoinstrumentation.ts to match the 2.x Resource
API: the Resource class is gone, replaced by the resourceFromAttributes
and defaultResource factory functions.
Workspace version bumped 1.0.6 -> 1.1.0.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump @total-typescript/ts-reset in /migrator
Bumps [@total-typescript/ts-reset](https://github.com/total-typescript/ts-reset) from 0.5.1 to 0.6.1.
- [Release notes](https://github.com/total-typescript/ts-reset/releases)
- [Changelog](https://github.com/mattpocock/ts-reset/blob/main/CHANGELOG.md)
- [Commits](https://github.com/total-typescript/ts-reset/commits)
---
updated-dependencies:
- dependency-name: "@total-typescript/ts-reset"
dependency-version: 0.6.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump umzug from 3.0.0 to 3.8.2 in /migrator
Bumps [umzug](https://github.com/sequelize/umzug) from 3.0.0 to 3.8.2.
- [Release notes](https://github.com/sequelize/umzug/releases)
- [Changelog](https://github.com/sequelize/umzug/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sequelize/umzug/compare/v3.0.0...v3.8.2)
---
updated-dependencies:
- dependency-name: umzug
dependency-version: 3.8.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump yargs from 16.2.0 to 18.0.0 in /migrator
Bumps [yargs](https://github.com/yargs/yargs) from 16.2.0 to 18.0.0.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/compare/v16.2.0...v18.0.0)
---
updated-dependencies:
- dependency-name: yargs
dependency-version: 18.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump typescript from 5.2.2 to 6.0.3 in /migrator
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.2.2 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.2.2...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Regenerate migrator/package-lock.json after batching dependency updates
* Bump @roostorg/db-migrator to 1.1.0 for batched dependency release
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump uuid from 8.3.2 to 13.0.0 in /db
Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.2 to 13.0.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.2...v13.0.0)
---
updated-dependencies:
- dependency-name: uuid
dependency-version: 13.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump latlon-geohash from 1.1.0 to 2.0.0 in /db
Bumps [latlon-geohash](https://github.com/chrisveness/latlon-geohash) from 1.1.0 to 2.0.0.
- [Commits](https://github.com/chrisveness/latlon-geohash/compare/v1.1.0...v2.0.0)
---
updated-dependencies:
- dependency-name: latlon-geohash
dependency-version: 2.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump csv-parse from 5.6.0 to 6.2.1 in /db
Bumps [csv-parse](https://github.com/adaltas/node-csv/tree/HEAD/packages/csv-parse) from 5.6.0 to 6.2.1.
- [Changelog](https://github.com/adaltas/node-csv/blob/master/packages/csv-parse/CHANGELOG.md)
- [Commits](https://github.com/adaltas/node-csv/commits/csv-parse@6.2.1/packages/csv-parse)
---
updated-dependencies:
- dependency-name: csv-parse
dependency-version: 6.2.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /db
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps protobufjs in the /client directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.4.0 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.5)
Bumps the prod-security group with 1 update in the /nodejs-instrumentation directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.4.0 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.5)
---
updated-dependencies:
- dependency-name: protobufjs
dependency-version: 7.5.5
dependency-type: indirect
dependency-group: prod-security
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the prod-security group with 1 update in the /server directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.5.4 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5)
---
updated-dependencies:
- dependency-name: protobufjs
dependency-version: 7.5.5
dependency-type: indirect
dependency-group: prod-security
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps facebook/threatexchange/hma from 1.1.3 to 1.1.4.
---
updated-dependencies:
- dependency-name: facebook/threatexchange/hma
dependency-version: 1.1.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [Vulnerabilities] Upgrade Kysely to latest
* fix lint
* code review
* [Kysely] migrate rule-engine queries and related jobs to Kysely (phase 1)
* fixes
* fix lint by organizing errors to a file for simplifications
* lint fix again
* fix test
* [Kysely] Remove knex migrate backtest pagination and takeLast to Kysely (#226)
* [Kysely] Remove knex migrate backtest pagination and takeLast to Kysely
* code revie fix
* simplify enum uses
Bumps node from 24.14.0 to 24.14.1.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* server: Replace error classes no longer provided by Apollo
* server: Remove no longer available DataSource base class
* server: Remove no longer necessary gql tag
* server: Upgrade Apollo packages
* server: Refactor API server bootstrap
* server: Remove Apollo packages that reached end-of-life
* server/client: Bump graphql package version
* fixup! server: Refactor API server bootstrap
* fixup! server: Remove Apollo packages that reached end-of-life
* fixup! server: Refactor API server bootstrap
* fixup! server: Replace error classes no longer provided by Apollo
* fix merge main and final code review changes
* lint fixes
---------
Co-authored-by: Juan S. Mrad <juansmrad@gmail.com>
Bumps facebook/threatexchange/hma from 1.1.2 to 1.1.3.
---
updated-dependencies:
- dependency-name: facebook/threatexchange/hma
dependency-version: 1.1.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* clean up integrations in enum definition to remove unused ones
* add model card details to zentropi manifest
* revert model card learn more URL to general MC educational resource
* Regenerate GraphQL files
* merge main and reinstall npm
* actually add regenerated graphql files
* revert package-lock.json to main
* include package-lock.json changes for consistent codegen
* Setting GraphQL depth limit to 10
* Set env var for GraphQL depth
Used safe var helper to ensure proper integer is being used for GraphQL depth
Using Node 24.14.0, as directed to make CI happy
* Cleared merge conflict
* Logging error instead of throwing error
* Use jsonStringify for logging invalid env var
This change addresses ESLint warning about type safety of JSON.stringify.
Co-authored-by: Pawe艂 Wieczorek <pawiecz@collabora.com>