commits
* fix: disable demo requests with env var
* test: deflake moderationConfigService by using longer random names
faker.random.alphaNumeric() defaults to a single character, producing
only 62 possible values. Many tests in this file share the same
dummyOrgId and insert into item_types / actions, which are unique on
(org_id, name). Collisions are therefore frequent and cause the suite
to fail intermittently (e.g. CI failure on PR #352 hit
duplicate key value violates unique constraint "org_id_name_key" with
name="m").
Pass a length of 16 so the chance of collision is negligible. No
production code is touched.
---------
Co-authored-by: Juan S. Mrad <juansmrad@gmail.com>
Same dev-dep bumps as #306, but pinned to what the project actually
supports:
- @types/node kept on ^24 (Node 24 LTS per .nvmrc / engines), not ^25
- typescript kept on ^5.9 (defer TS 6 major to its own PR)
- husky 9 prepare script updated to the v9 syntax (`husky` vs
deprecated `husky install`)
Co-authored-by: Cursor Agent <agent@cursor.com>
Bumps the db-dev group with 1 update in the /db directory: [dotenv](https://github.com/motdotla/dotenv).
Updates `dotenv` from 16.6.1 to 17.4.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](https://github.com/motdotla/dotenv/compare/v16.6.1...v17.4.2)
---
updated-dependencies:
- dependency-name: dotenv
dependency-version: 17.4.2
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: db-dev
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: narrow top-level icon exports
* refactor: simplify exact icon exports
* feat: add SSL/TLS support for managed AWS services
* fix: add recharts-scale wrapper to prevent division-by-zero errors
* feat: add request body schema validation middleware
* updates to align code review
---------
Co-authored-by: Juan S. Mrad <juansmrad@gmail.com>
Bumps the db-prod group with 3 updates in the /db directory: [@clickhouse/client](https://github.com/ClickHouse/clickhouse-js), [@roostorg/db-migrator](https://github.com/roostorg/coop/tree/HEAD/migrator) and [uuid](https://github.com/uuidjs/uuid).
Updates `@clickhouse/client` from 1.18.2 to 1.18.3
- [Release notes](https://github.com/ClickHouse/clickhouse-js/releases)
- [Changelog](https://github.com/ClickHouse/clickhouse-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ClickHouse/clickhouse-js/commits)
Updates `@roostorg/db-migrator` from 1.0.9 to 1.1.0
- [Release notes](https://github.com/roostorg/coop/releases)
- [Commits](https://github.com/roostorg/coop/commits/HEAD/migrator)
Updates `uuid` from 13.0.0 to 14.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0)
---
updated-dependencies:
- dependency-name: "@clickhouse/client"
dependency-version: 1.18.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: db-prod
- dependency-name: "@roostorg/db-migrator"
dependency-version: 1.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: db-prod
- dependency-name: uuid
dependency-version: 14.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: db-prod
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add AGENTS.md with Coop-specific agent guidance
Inherits from the ROOST community AGENTS.md and CONTRIBUTING.md; adds
Coop-specific guidance for GraphQL codegen, install/lockfile hygiene,
Codespaces quirks, BottleJS DI, the pre-PR gate, and ask-before-doing
items (migrations, schema deletions, iocContainer rewires, auth/middleware).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* simplify description of agents guide
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* add migrator
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* remove nonexistent folders
my bad ><
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* replace bottlejs with proper repo
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* Update AGENTS.md
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* replace claude from example agent signature
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* based on the Osprey agents.md file, reorganized the Coop one to be clearer. Also includes new CI section based on #314
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* move CI checks into docker-compose services
* address PR feedback: reuse Dockerfile in codegen-check, broaden drift check, collapse per-step services
* split lint/build. backend targets server_base and client client base
* fix create-org and update readme
* more readme changes
* [Kysely] Migrate Org murations off sequelize
* fix lint
* fix test ordering
* test fixes
* fix(routes/tests): drop restricted graphql/datasources import
Replace direct kyselyOrgDeleteById imports in 5 route tests with the
cleanup() function returned by createOrg, satisfying the
import/no-restricted-paths rule that forbids routes/* from importing
graphql/*.
* validation of org using validator package to match sequelize
Bumps the root-prod group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@graphql-codegen/cli](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/graphql-codegen-cli) | `6.3.0` | `6.3.1` |
| [@graphql-codegen/named-operations-object](https://github.com/dotansimha/graphql-code-generator-community/tree/HEAD/packages/plugins/typescript/named-operations-object) | `4.0.0` | `4.0.1` |
| [@graphql-codegen/typescript-react-apollo](https://github.com/dotansimha/graphql-code-generator-community/tree/HEAD/packages/plugins/typescript/react-apollo) | `4.4.1` | `4.4.2` |
| [@graphql-codegen/typescript-resolvers](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/plugins/typescript/resolvers) | `5.1.7` | `5.1.8` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `15.5.2` | `16.4.0` |
| [sequelize-cli](https://github.com/sequelize/cli) | `6.6.0` | `6.6.5` |
Updates `@graphql-codegen/cli` from 6.3.0 to 6.3.1
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/graphql-codegen-cli/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/cli@6.3.1/packages/graphql-codegen-cli)
Updates `@graphql-codegen/named-operations-object` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/dotansimha/graphql-code-generator-community/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator-community/blob/main/packages/plugins/typescript/named-operations-object/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator-community/commits/@graphql-codegen/named-operations-object@4.0.1/packages/plugins/typescript/named-operations-object)
Updates `@graphql-codegen/typescript-react-apollo` from 4.4.1 to 4.4.2
- [Release notes](https://github.com/dotansimha/graphql-code-generator-community/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator-community/blob/main/packages/plugins/typescript/react-apollo/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator-community/commits/@graphql-codegen/typescript-react-apollo@4.4.2/packages/plugins/typescript/react-apollo)
Updates `@graphql-codegen/typescript-resolvers` from 5.1.7 to 5.1.8
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/plugins/typescript/resolvers/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/typescript-resolvers@5.1.8/packages/plugins/typescript/resolvers)
Updates `lint-staged` from 15.5.2 to 16.4.0
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lint-staged/lint-staged/compare/v15.5.2...v16.4.0)
Updates `sequelize-cli` from 6.6.0 to 6.6.5
- [Release notes](https://github.com/sequelize/cli/releases)
- [Changelog](https://github.com/sequelize/cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sequelize/cli/compare/v6.6.0...v6.6.5)
---
updated-dependencies:
- dependency-name: "@graphql-codegen/cli"
dependency-version: 6.3.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/named-operations-object"
dependency-version: 4.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/typescript-react-apollo"
dependency-version: 4.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/typescript-resolvers"
dependency-version: 5.1.8
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: lint-staged
dependency-version: 16.4.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: root-prod
- dependency-name: sequelize-cli
dependency-version: 6.6.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the nodejs-instrumentation-dev group with 1 update in the /nodejs-instrumentation directory: [typescript](https://github.com/microsoft/TypeScript).
Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: nodejs-instrumentation-dev
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Pinned version is what "latest" tag currently points to.
Applying updates to indirect (transitive) dependencies is not supported by
Dependabot for NPM ecosystem [0].
[0] https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#dependency-type-allow
* dependabot: Rename security updates groups
Grouping only security updates isn't enough anymore. Prod and dev
dependency types also need to be covered by grouped updates.
Goal of this change is to highlight which component is affected by
generated PR right in the PR title.
* dependabot: Add prod/dev dependency groups
* [Kysely] Migrate Action mutations and lookups to Kysely
* add org match for rules and tests to cover missing bugs
* attempt to make lint happy
* code review fixes
* fix tests using bad org as we create a new org now.
* [Kysely] Migrate backtests and retroaction out of sequelize
* disable again
* build(deps): bump pg from 8.9.0 to 8.20.0
Bumps [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) from 8.9.0 to 8.20.0.
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.20.0/packages/pg)
---
updated-dependencies:
- dependency-name: pg
dependency-version: 8.20.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump concurrently from 6.5.1 to 9.2.1
Bumps [concurrently](https://github.com/open-cli-tools/concurrently) from 6.5.1 to 9.2.1.
- [Release notes](https://github.com/open-cli-tools/concurrently/releases)
- [Commits](https://github.com/open-cli-tools/concurrently/compare/v6.5.1...v9.2.1)
---
updated-dependencies:
- dependency-name: concurrently
dependency-version: 9.2.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump @types/validator from 13.11.9 to 13.15.10
Bumps [@types/validator](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/validator) from 13.11.9 to 13.15.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/validator)
---
updated-dependencies:
- dependency-name: "@types/validator"
dependency-version: 13.15.10
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump @types/express from 4.17.16 to 5.0.6
Bumps [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) from 4.17.16 to 5.0.6.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express)
---
updated-dependencies:
- dependency-name: "@types/express"
dependency-version: 5.0.6
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @graphql-codegen/cli from 6.2.1 to 6.3.0
Bumps [@graphql-codegen/cli](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/graphql-codegen-cli) from 6.2.1 to 6.3.0.
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/graphql-codegen-cli/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/cli@6.3.0/packages/graphql-codegen-cli)
---
updated-dependencies:
- dependency-name: "@graphql-codegen/cli"
dependency-version: 6.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Paweł Wieczorek <pawiecz@collabora.com>
* [fix] Surface Thread-kind items in user submission history
Thread items submitted with a schema field role were
silently being dropped from creator-keyed surfaces
* [test] Add unit tests for getCreator across item kinds
Pins the behavior change from the previous commit so the THREAD case
can't silently regress to `undefined` again. Covers:
- CONTENT: returns the creator from the creatorId field role; returns
undefined when the role is unconfigured or the field is missing.
- THREAD: same as CONTENT (this is the regression case the bug fix
targets).
- USER: always returns undefined.
Exports `getCreator` from `makeItemSubmission.ts` for testability;
nothing else in the codebase imports it.
* client: Add dummy package.json for ESLint custom rules
NPM requires "package.json" file to include "name" and "version" fields
for packages published to the registry [0]. ESLint custom rules will
stay within this repo for the time being. Dependabot doesn't impose any
requirements on this file so an empty one would suffice but let's provide
some details anyway.
File "index.js" now filters out all non-JS files so there's no attempt
made to pick up additional rules from the dummy "package.json".
[0] https://docs.npmjs.com/creating-a-package-json-file
Fixes: #279
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* [Express] Upgrade to express 5
* fix ci
* fix
* build(deps): bump fast-check from 3.12.0 to 4.6.0 in /server
Bumps [fast-check](https://github.com/dubzzz/fast-check/tree/HEAD/packages/fast-check) from 3.12.0 to 4.6.0.
- [Release notes](https://github.com/dubzzz/fast-check/releases)
- [Changelog](https://github.com/dubzzz/fast-check/blob/main/packages/fast-check/CHANGELOG.md)
- [Commits](https://github.com/dubzzz/fast-check/commits/v4.6.0/packages/fast-check)
---
updated-dependencies:
- dependency-name: fast-check
dependency-version: 4.6.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/semantic-conventions in /server
Bumps [@opentelemetry/semantic-conventions](https://github.com/open-telemetry/opentelemetry-js) from 1.22.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.22.0...semconv/v1.40.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/semantic-conventions"
dependency-version: 1.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @clickhouse/client from 1.13.0 to 1.18.2 in /server
Bumps [@clickhouse/client](https://github.com/ClickHouse/clickhouse-js) from 1.13.0 to 1.18.2.
- [Release notes](https://github.com/ClickHouse/clickhouse-js/releases)
- [Changelog](https://github.com/ClickHouse/clickhouse-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ClickHouse/clickhouse-js/compare/1.13.0...1.18.2)
---
updated-dependencies:
- dependency-name: "@clickhouse/client"
dependency-version: 1.18.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @types/jsonwebtoken from 8.5.9 to 9.0.10 in /server
Bumps [@types/jsonwebtoken](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsonwebtoken) from 8.5.9 to 9.0.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jsonwebtoken)
---
updated-dependencies:
- dependency-name: "@types/jsonwebtoken"
dependency-version: 9.0.10
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump ioredis from 5.9.2 to 5.10.1 in /server
Bumps [ioredis](https://github.com/luin/ioredis) from 5.9.2 to 5.10.1.
- [Release notes](https://github.com/luin/ioredis/releases)
- [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md)
- [Commits](https://github.com/luin/ioredis/compare/v5.9.2...v5.10.1)
---
updated-dependencies:
- dependency-name: ioredis
dependency-version: 5.10.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update bullmq to 5.75.2 to dedupe ioredis with the bumped version
The ioredis 5.9.2 -> 5.10.1 bump in this batch caused bullmq@5.67.3 to
keep its own nested copy of ioredis@5.9.2 (it pins the version exactly).
The two copies produced incompatible Redis types in our consumers of
bullmq Queue. bullmq@5.75.2 (still ^5.0.0, no API change for us) pins
ioredis@5.10.1, which lets npm dedupe the tree.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [Kysely] Migrate location banks API out of sequelize
* add guard for org id.
* lint fix
* build(deps): bump @opentelemetry/semantic-conventions
Bumps [@opentelemetry/semantic-conventions](https://github.com/open-telemetry/opentelemetry-js) from 1.27.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.27.0...semconv/v1.40.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/semantic-conventions"
dependency-version: 1.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/resource-detector-container
Bumps [@opentelemetry/resource-detector-container](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/resource-detector-container) from 0.4.1 to 0.8.5.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/resource-detector-container/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/resource-detector-container-v0.8.5/packages/resource-detector-container)
---
updated-dependencies:
- dependency-name: "@opentelemetry/resource-detector-container"
dependency-version: 0.8.5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/exporter-trace-otlp-grpc
Bumps [@opentelemetry/exporter-trace-otlp-grpc](https://github.com/open-telemetry/opentelemetry-js) from 0.53.0 to 0.214.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.53.0...experimental/v0.214.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/exporter-trace-otlp-grpc"
dependency-version: 0.214.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/propagator-aws-xray
Bumps [@opentelemetry/propagator-aws-xray](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/propagator-aws-xray) from 1.26.0 to 2.2.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/propagator-aws-xray/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/propagator-aws-xray-v2.2.0/packages/propagator-aws-xray)
---
updated-dependencies:
- dependency-name: "@opentelemetry/propagator-aws-xray"
dependency-version: 2.2.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/resources in /nodejs-instrumentation
Bumps [@opentelemetry/resources](https://github.com/open-telemetry/opentelemetry-js) from 1.26.0 to 2.6.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.26.0...v2.6.1)
---
updated-dependencies:
- dependency-name: "@opentelemetry/resources"
dependency-version: 2.6.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Regenerate nodejs-instrumentation/package-lock.json after batching dependency updates
* Migrate /nodejs-instrumentation to OpenTelemetry 2.x
Bumps the OpenTelemetry stack to a coherent set of versions (stable 2.x,
experimental 0.215.x) so the previously-batched bumps don't leave the
workspace with an inconsistent SDK that fails to compile.
Coordinated bumps beyond the original Dependabot scope:
- @opentelemetry/auto-instrumentations-node ^0.50.0 -> ^0.73.0
- @opentelemetry/exporter-metrics-otlp-grpc ^0.53.0 -> ^0.215.0
- @opentelemetry/resource-detector-aws ^1.6.1 -> ^2.15.0
- @opentelemetry/sdk-metrics ^1.26.0 -> ^2.7.0
- @opentelemetry/sdk-node ^0.53.0 -> ^0.215.0
- @opentelemetry/sdk-trace-base ^1.26.0 -> ^2.7.0
- @opentelemetry/winston-transport ^0.6.0 -> ^0.25.0
Source change in src/autoinstrumentation.ts to match the 2.x Resource
API: the Resource class is gone, replaced by the resourceFromAttributes
and defaultResource factory functions.
Workspace version bumped 1.0.6 -> 1.1.0.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [Kysely] Migrate rule mutations and backtest list/cancel to Kysely
* code review feedback
* build(deps): bump @total-typescript/ts-reset in /migrator
Bumps [@total-typescript/ts-reset](https://github.com/total-typescript/ts-reset) from 0.5.1 to 0.6.1.
- [Release notes](https://github.com/total-typescript/ts-reset/releases)
- [Changelog](https://github.com/mattpocock/ts-reset/blob/main/CHANGELOG.md)
- [Commits](https://github.com/total-typescript/ts-reset/commits)
---
updated-dependencies:
- dependency-name: "@total-typescript/ts-reset"
dependency-version: 0.6.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump umzug from 3.0.0 to 3.8.2 in /migrator
Bumps [umzug](https://github.com/sequelize/umzug) from 3.0.0 to 3.8.2.
- [Release notes](https://github.com/sequelize/umzug/releases)
- [Changelog](https://github.com/sequelize/umzug/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sequelize/umzug/compare/v3.0.0...v3.8.2)
---
updated-dependencies:
- dependency-name: umzug
dependency-version: 3.8.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump yargs from 16.2.0 to 18.0.0 in /migrator
Bumps [yargs](https://github.com/yargs/yargs) from 16.2.0 to 18.0.0.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/compare/v16.2.0...v18.0.0)
---
updated-dependencies:
- dependency-name: yargs
dependency-version: 18.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump typescript from 5.2.2 to 6.0.3 in /migrator
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.2.2 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.2.2...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Regenerate migrator/package-lock.json after batching dependency updates
* Bump @roostorg/db-migrator to 1.1.0 for batched dependency release
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump uuid from 8.3.2 to 13.0.0 in /db
Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.2 to 13.0.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.2...v13.0.0)
---
updated-dependencies:
- dependency-name: uuid
dependency-version: 13.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump latlon-geohash from 1.1.0 to 2.0.0 in /db
Bumps [latlon-geohash](https://github.com/chrisveness/latlon-geohash) from 1.1.0 to 2.0.0.
- [Commits](https://github.com/chrisveness/latlon-geohash/compare/v1.1.0...v2.0.0)
---
updated-dependencies:
- dependency-name: latlon-geohash
dependency-version: 2.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump csv-parse from 5.6.0 to 6.2.1 in /db
Bumps [csv-parse](https://github.com/adaltas/node-csv/tree/HEAD/packages/csv-parse) from 5.6.0 to 6.2.1.
- [Changelog](https://github.com/adaltas/node-csv/blob/master/packages/csv-parse/CHANGELOG.md)
- [Commits](https://github.com/adaltas/node-csv/commits/csv-parse@6.2.1/packages/csv-parse)
---
updated-dependencies:
- dependency-name: csv-parse
dependency-version: 6.2.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /db
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [Kysely] Migrate MRT action/policy id lookups off Sequelize
* code review changes
Bumps protobufjs in the /client directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.4.0 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.5)
Bumps the prod-security group with 1 update in the /nodejs-instrumentation directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.4.0 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.5)
---
updated-dependencies:
- dependency-name: protobufjs
dependency-version: 7.5.5
dependency-type: indirect
dependency-group: prod-security
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the prod-security group with 1 update in the /server directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.5.4 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5)
---
updated-dependencies:
- dependency-name: protobufjs
dependency-version: 7.5.5
dependency-type: indirect
dependency-group: prod-security
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps facebook/threatexchange/hma from 1.1.3 to 1.1.4.
---
updated-dependencies:
- dependency-name: facebook/threatexchange/hma
dependency-version: 1.1.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This patch breaks the DRY principle and doesn't use YAML aliases because
they are not supported by Dependabot [0].
[0] https://github.com/dependabot/dependabot-core/issues/1582
* [Vulnerabilities] Upgrade Kysely to latest
* fix lint
* code review
* [Kysely] migrate rule-engine queries and related jobs to Kysely (phase 1)
* fixes
* fix lint by organizing errors to a file for simplifications
* lint fix again
* fix test
* [Kysely] Remove knex migrate backtest pagination and takeLast to Kysely (#226)
* [Kysely] Remove knex migrate backtest pagination and takeLast to Kysely
* code revie fix
* simplify enum uses
* [Vulnerabilities] Upgrade Kysely to latest
* fix lint
* code review
Bumps node from 24.14.0 to 24.14.1.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [Vulnerabilities] Remove lodash by migrating from better mutation to plugin-functional and fix minor lint wwarnings
* remove bad merge main
* server: Replace error classes no longer provided by Apollo
* server: Remove no longer available DataSource base class
* server: Remove no longer necessary gql tag
* server: Upgrade Apollo packages
* server: Refactor API server bootstrap
* server: Remove Apollo packages that reached end-of-life
* server/client: Bump graphql package version
* fixup! server: Refactor API server bootstrap
* fixup! server: Remove Apollo packages that reached end-of-life
* fixup! server: Refactor API server bootstrap
* fixup! server: Replace error classes no longer provided by Apollo
* fix merge main and final code review changes
* lint fixes
---------
Co-authored-by: Juan S. Mrad <juansmrad@gmail.com>
* Fix unbounded queries causing dashboard crashes under high queue depth
* add load test script for testing
* code review comments
* change comment to 5000
Bumps facebook/threatexchange/hma from 1.1.2 to 1.1.3.
---
updated-dependencies:
- dependency-name: facebook/threatexchange/hma
dependency-version: 1.1.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* clean up integrations in enum definition to remove unused ones
* add model card details to zentropi manifest
* revert model card learn more URL to general MC educational resource
* Regenerate GraphQL files
* merge main and reinstall npm
* actually add regenerated graphql files
* revert package-lock.json to main
* include package-lock.json changes for consistent codegen
* [Vulnerability][Patches] Apply patch to vulnerable dependencies
* [Vulnerabilities] Upgrade @graphql-codegen packages and @apollo/client to fix vulnerabilities (#178)
* fix: disable demo requests with env var
* test: deflake moderationConfigService by using longer random names
faker.random.alphaNumeric() defaults to a single character, producing
only 62 possible values. Many tests in this file share the same
dummyOrgId and insert into item_types / actions, which are unique on
(org_id, name). Collisions are therefore frequent and cause the suite
to fail intermittently (e.g. CI failure on PR #352 hit
duplicate key value violates unique constraint "org_id_name_key" with
name="m").
Pass a length of 16 so the chance of collision is negligible. No
production code is touched.
---------
Co-authored-by: Juan S. Mrad <juansmrad@gmail.com>
Same dev-dep bumps as #306, but pinned to what the project actually
supports:
- @types/node kept on ^24 (Node 24 LTS per .nvmrc / engines), not ^25
- typescript kept on ^5.9 (defer TS 6 major to its own PR)
- husky 9 prepare script updated to the v9 syntax (`husky` vs
deprecated `husky install`)
Co-authored-by: Cursor Agent <agent@cursor.com>
Bumps the db-dev group with 1 update in the /db directory: [dotenv](https://github.com/motdotla/dotenv).
Updates `dotenv` from 16.6.1 to 17.4.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](https://github.com/motdotla/dotenv/compare/v16.6.1...v17.4.2)
---
updated-dependencies:
- dependency-name: dotenv
dependency-version: 17.4.2
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: db-dev
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the db-prod group with 3 updates in the /db directory: [@clickhouse/client](https://github.com/ClickHouse/clickhouse-js), [@roostorg/db-migrator](https://github.com/roostorg/coop/tree/HEAD/migrator) and [uuid](https://github.com/uuidjs/uuid).
Updates `@clickhouse/client` from 1.18.2 to 1.18.3
- [Release notes](https://github.com/ClickHouse/clickhouse-js/releases)
- [Changelog](https://github.com/ClickHouse/clickhouse-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ClickHouse/clickhouse-js/commits)
Updates `@roostorg/db-migrator` from 1.0.9 to 1.1.0
- [Release notes](https://github.com/roostorg/coop/releases)
- [Commits](https://github.com/roostorg/coop/commits/HEAD/migrator)
Updates `uuid` from 13.0.0 to 14.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0)
---
updated-dependencies:
- dependency-name: "@clickhouse/client"
dependency-version: 1.18.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: db-prod
- dependency-name: "@roostorg/db-migrator"
dependency-version: 1.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: db-prod
- dependency-name: uuid
dependency-version: 14.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: db-prod
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add AGENTS.md with Coop-specific agent guidance
Inherits from the ROOST community AGENTS.md and CONTRIBUTING.md; adds
Coop-specific guidance for GraphQL codegen, install/lockfile hygiene,
Codespaces quirks, BottleJS DI, the pre-PR gate, and ask-before-doing
items (migrations, schema deletions, iocContainer rewires, auth/middleware).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* simplify description of agents guide
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* add migrator
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* remove nonexistent folders
my bad ><
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* replace bottlejs with proper repo
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* Update AGENTS.md
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* replace claude from example agent signature
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* based on the Osprey agents.md file, reorganized the Coop one to be clearer. Also includes new CI section based on #314
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* [Kysely] Migrate Org murations off sequelize
* fix lint
* fix test ordering
* test fixes
* fix(routes/tests): drop restricted graphql/datasources import
Replace direct kyselyOrgDeleteById imports in 5 route tests with the
cleanup() function returned by createOrg, satisfying the
import/no-restricted-paths rule that forbids routes/* from importing
graphql/*.
* validation of org using validator package to match sequelize
Bumps the root-prod group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@graphql-codegen/cli](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/graphql-codegen-cli) | `6.3.0` | `6.3.1` |
| [@graphql-codegen/named-operations-object](https://github.com/dotansimha/graphql-code-generator-community/tree/HEAD/packages/plugins/typescript/named-operations-object) | `4.0.0` | `4.0.1` |
| [@graphql-codegen/typescript-react-apollo](https://github.com/dotansimha/graphql-code-generator-community/tree/HEAD/packages/plugins/typescript/react-apollo) | `4.4.1` | `4.4.2` |
| [@graphql-codegen/typescript-resolvers](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/plugins/typescript/resolvers) | `5.1.7` | `5.1.8` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `15.5.2` | `16.4.0` |
| [sequelize-cli](https://github.com/sequelize/cli) | `6.6.0` | `6.6.5` |
Updates `@graphql-codegen/cli` from 6.3.0 to 6.3.1
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/graphql-codegen-cli/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/cli@6.3.1/packages/graphql-codegen-cli)
Updates `@graphql-codegen/named-operations-object` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/dotansimha/graphql-code-generator-community/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator-community/blob/main/packages/plugins/typescript/named-operations-object/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator-community/commits/@graphql-codegen/named-operations-object@4.0.1/packages/plugins/typescript/named-operations-object)
Updates `@graphql-codegen/typescript-react-apollo` from 4.4.1 to 4.4.2
- [Release notes](https://github.com/dotansimha/graphql-code-generator-community/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator-community/blob/main/packages/plugins/typescript/react-apollo/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator-community/commits/@graphql-codegen/typescript-react-apollo@4.4.2/packages/plugins/typescript/react-apollo)
Updates `@graphql-codegen/typescript-resolvers` from 5.1.7 to 5.1.8
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/plugins/typescript/resolvers/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/typescript-resolvers@5.1.8/packages/plugins/typescript/resolvers)
Updates `lint-staged` from 15.5.2 to 16.4.0
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lint-staged/lint-staged/compare/v15.5.2...v16.4.0)
Updates `sequelize-cli` from 6.6.0 to 6.6.5
- [Release notes](https://github.com/sequelize/cli/releases)
- [Changelog](https://github.com/sequelize/cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sequelize/cli/compare/v6.6.0...v6.6.5)
---
updated-dependencies:
- dependency-name: "@graphql-codegen/cli"
dependency-version: 6.3.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/named-operations-object"
dependency-version: 4.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/typescript-react-apollo"
dependency-version: 4.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: "@graphql-codegen/typescript-resolvers"
dependency-version: 5.1.8
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
- dependency-name: lint-staged
dependency-version: 16.4.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: root-prod
- dependency-name: sequelize-cli
dependency-version: 6.6.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: root-prod
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the nodejs-instrumentation-dev group with 1 update in the /nodejs-instrumentation directory: [typescript](https://github.com/microsoft/TypeScript).
Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: nodejs-instrumentation-dev
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* dependabot: Rename security updates groups
Grouping only security updates isn't enough anymore. Prod and dev
dependency types also need to be covered by grouped updates.
Goal of this change is to highlight which component is affected by
generated PR right in the PR title.
* dependabot: Add prod/dev dependency groups
* build(deps): bump pg from 8.9.0 to 8.20.0
Bumps [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) from 8.9.0 to 8.20.0.
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.20.0/packages/pg)
---
updated-dependencies:
- dependency-name: pg
dependency-version: 8.20.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump concurrently from 6.5.1 to 9.2.1
Bumps [concurrently](https://github.com/open-cli-tools/concurrently) from 6.5.1 to 9.2.1.
- [Release notes](https://github.com/open-cli-tools/concurrently/releases)
- [Commits](https://github.com/open-cli-tools/concurrently/compare/v6.5.1...v9.2.1)
---
updated-dependencies:
- dependency-name: concurrently
dependency-version: 9.2.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump @types/validator from 13.11.9 to 13.15.10
Bumps [@types/validator](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/validator) from 13.11.9 to 13.15.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/validator)
---
updated-dependencies:
- dependency-name: "@types/validator"
dependency-version: 13.15.10
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump @types/express from 4.17.16 to 5.0.6
Bumps [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) from 4.17.16 to 5.0.6.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express)
---
updated-dependencies:
- dependency-name: "@types/express"
dependency-version: 5.0.6
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @graphql-codegen/cli from 6.2.1 to 6.3.0
Bumps [@graphql-codegen/cli](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/graphql-codegen-cli) from 6.2.1 to 6.3.0.
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/graphql-codegen-cli/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/cli@6.3.0/packages/graphql-codegen-cli)
---
updated-dependencies:
- dependency-name: "@graphql-codegen/cli"
dependency-version: 6.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Paweł Wieczorek <pawiecz@collabora.com>
* [fix] Surface Thread-kind items in user submission history
Thread items submitted with a schema field role were
silently being dropped from creator-keyed surfaces
* [test] Add unit tests for getCreator across item kinds
Pins the behavior change from the previous commit so the THREAD case
can't silently regress to `undefined` again. Covers:
- CONTENT: returns the creator from the creatorId field role; returns
undefined when the role is unconfigured or the field is missing.
- THREAD: same as CONTENT (this is the regression case the bug fix
targets).
- USER: always returns undefined.
Exports `getCreator` from `makeItemSubmission.ts` for testability;
nothing else in the codebase imports it.
* client: Add dummy package.json for ESLint custom rules
NPM requires "package.json" file to include "name" and "version" fields
for packages published to the registry [0]. ESLint custom rules will
stay within this repo for the time being. Dependabot doesn't impose any
requirements on this file so an empty one would suffice but let's provide
some details anyway.
File "index.js" now filters out all non-JS files so there's no attempt
made to pick up additional rules from the dummy "package.json".
[0] https://docs.npmjs.com/creating-a-package-json-file
Fixes: #279
Co-authored-by: Juan Mrad <juansmrad@gmail.com>
* build(deps): bump fast-check from 3.12.0 to 4.6.0 in /server
Bumps [fast-check](https://github.com/dubzzz/fast-check/tree/HEAD/packages/fast-check) from 3.12.0 to 4.6.0.
- [Release notes](https://github.com/dubzzz/fast-check/releases)
- [Changelog](https://github.com/dubzzz/fast-check/blob/main/packages/fast-check/CHANGELOG.md)
- [Commits](https://github.com/dubzzz/fast-check/commits/v4.6.0/packages/fast-check)
---
updated-dependencies:
- dependency-name: fast-check
dependency-version: 4.6.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/semantic-conventions in /server
Bumps [@opentelemetry/semantic-conventions](https://github.com/open-telemetry/opentelemetry-js) from 1.22.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.22.0...semconv/v1.40.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/semantic-conventions"
dependency-version: 1.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @clickhouse/client from 1.13.0 to 1.18.2 in /server
Bumps [@clickhouse/client](https://github.com/ClickHouse/clickhouse-js) from 1.13.0 to 1.18.2.
- [Release notes](https://github.com/ClickHouse/clickhouse-js/releases)
- [Changelog](https://github.com/ClickHouse/clickhouse-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ClickHouse/clickhouse-js/compare/1.13.0...1.18.2)
---
updated-dependencies:
- dependency-name: "@clickhouse/client"
dependency-version: 1.18.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @types/jsonwebtoken from 8.5.9 to 9.0.10 in /server
Bumps [@types/jsonwebtoken](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsonwebtoken) from 8.5.9 to 9.0.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jsonwebtoken)
---
updated-dependencies:
- dependency-name: "@types/jsonwebtoken"
dependency-version: 9.0.10
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump ioredis from 5.9.2 to 5.10.1 in /server
Bumps [ioredis](https://github.com/luin/ioredis) from 5.9.2 to 5.10.1.
- [Release notes](https://github.com/luin/ioredis/releases)
- [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md)
- [Commits](https://github.com/luin/ioredis/compare/v5.9.2...v5.10.1)
---
updated-dependencies:
- dependency-name: ioredis
dependency-version: 5.10.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update bullmq to 5.75.2 to dedupe ioredis with the bumped version
The ioredis 5.9.2 -> 5.10.1 bump in this batch caused bullmq@5.67.3 to
keep its own nested copy of ioredis@5.9.2 (it pins the version exactly).
The two copies produced incompatible Redis types in our consumers of
bullmq Queue. bullmq@5.75.2 (still ^5.0.0, no API change for us) pins
ioredis@5.10.1, which lets npm dedupe the tree.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump @opentelemetry/semantic-conventions
Bumps [@opentelemetry/semantic-conventions](https://github.com/open-telemetry/opentelemetry-js) from 1.27.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.27.0...semconv/v1.40.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/semantic-conventions"
dependency-version: 1.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/resource-detector-container
Bumps [@opentelemetry/resource-detector-container](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/resource-detector-container) from 0.4.1 to 0.8.5.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/resource-detector-container/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/resource-detector-container-v0.8.5/packages/resource-detector-container)
---
updated-dependencies:
- dependency-name: "@opentelemetry/resource-detector-container"
dependency-version: 0.8.5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/exporter-trace-otlp-grpc
Bumps [@opentelemetry/exporter-trace-otlp-grpc](https://github.com/open-telemetry/opentelemetry-js) from 0.53.0 to 0.214.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.53.0...experimental/v0.214.0)
---
updated-dependencies:
- dependency-name: "@opentelemetry/exporter-trace-otlp-grpc"
dependency-version: 0.214.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/propagator-aws-xray
Bumps [@opentelemetry/propagator-aws-xray](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/propagator-aws-xray) from 1.26.0 to 2.2.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/propagator-aws-xray/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/propagator-aws-xray-v2.2.0/packages/propagator-aws-xray)
---
updated-dependencies:
- dependency-name: "@opentelemetry/propagator-aws-xray"
dependency-version: 2.2.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump @opentelemetry/resources in /nodejs-instrumentation
Bumps [@opentelemetry/resources](https://github.com/open-telemetry/opentelemetry-js) from 1.26.0 to 2.6.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js/compare/v1.26.0...v2.6.1)
---
updated-dependencies:
- dependency-name: "@opentelemetry/resources"
dependency-version: 2.6.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Regenerate nodejs-instrumentation/package-lock.json after batching dependency updates
* Migrate /nodejs-instrumentation to OpenTelemetry 2.x
Bumps the OpenTelemetry stack to a coherent set of versions (stable 2.x,
experimental 0.215.x) so the previously-batched bumps don't leave the
workspace with an inconsistent SDK that fails to compile.
Coordinated bumps beyond the original Dependabot scope:
- @opentelemetry/auto-instrumentations-node ^0.50.0 -> ^0.73.0
- @opentelemetry/exporter-metrics-otlp-grpc ^0.53.0 -> ^0.215.0
- @opentelemetry/resource-detector-aws ^1.6.1 -> ^2.15.0
- @opentelemetry/sdk-metrics ^1.26.0 -> ^2.7.0
- @opentelemetry/sdk-node ^0.53.0 -> ^0.215.0
- @opentelemetry/sdk-trace-base ^1.26.0 -> ^2.7.0
- @opentelemetry/winston-transport ^0.6.0 -> ^0.25.0
Source change in src/autoinstrumentation.ts to match the 2.x Resource
API: the Resource class is gone, replaced by the resourceFromAttributes
and defaultResource factory functions.
Workspace version bumped 1.0.6 -> 1.1.0.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump @total-typescript/ts-reset in /migrator
Bumps [@total-typescript/ts-reset](https://github.com/total-typescript/ts-reset) from 0.5.1 to 0.6.1.
- [Release notes](https://github.com/total-typescript/ts-reset/releases)
- [Changelog](https://github.com/mattpocock/ts-reset/blob/main/CHANGELOG.md)
- [Commits](https://github.com/total-typescript/ts-reset/commits)
---
updated-dependencies:
- dependency-name: "@total-typescript/ts-reset"
dependency-version: 0.6.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump umzug from 3.0.0 to 3.8.2 in /migrator
Bumps [umzug](https://github.com/sequelize/umzug) from 3.0.0 to 3.8.2.
- [Release notes](https://github.com/sequelize/umzug/releases)
- [Changelog](https://github.com/sequelize/umzug/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sequelize/umzug/compare/v3.0.0...v3.8.2)
---
updated-dependencies:
- dependency-name: umzug
dependency-version: 3.8.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump yargs from 16.2.0 to 18.0.0 in /migrator
Bumps [yargs](https://github.com/yargs/yargs) from 16.2.0 to 18.0.0.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/compare/v16.2.0...v18.0.0)
---
updated-dependencies:
- dependency-name: yargs
dependency-version: 18.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump typescript from 5.2.2 to 6.0.3 in /migrator
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.2.2 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.2.2...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Regenerate migrator/package-lock.json after batching dependency updates
* Bump @roostorg/db-migrator to 1.1.0 for batched dependency release
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump uuid from 8.3.2 to 13.0.0 in /db
Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.2 to 13.0.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.2...v13.0.0)
---
updated-dependencies:
- dependency-name: uuid
dependency-version: 13.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump latlon-geohash from 1.1.0 to 2.0.0 in /db
Bumps [latlon-geohash](https://github.com/chrisveness/latlon-geohash) from 1.1.0 to 2.0.0.
- [Commits](https://github.com/chrisveness/latlon-geohash/compare/v1.1.0...v2.0.0)
---
updated-dependencies:
- dependency-name: latlon-geohash
dependency-version: 2.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump csv-parse from 5.6.0 to 6.2.1 in /db
Bumps [csv-parse](https://github.com/adaltas/node-csv/tree/HEAD/packages/csv-parse) from 5.6.0 to 6.2.1.
- [Changelog](https://github.com/adaltas/node-csv/blob/master/packages/csv-parse/CHANGELOG.md)
- [Commits](https://github.com/adaltas/node-csv/commits/csv-parse@6.2.1/packages/csv-parse)
---
updated-dependencies:
- dependency-name: csv-parse
dependency-version: 6.2.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /db
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps protobufjs in the /client directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.4.0 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.5)
Bumps the prod-security group with 1 update in the /nodejs-instrumentation directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.4.0 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.5)
---
updated-dependencies:
- dependency-name: protobufjs
dependency-version: 7.5.5
dependency-type: indirect
dependency-group: prod-security
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the prod-security group with 1 update in the /server directory: [protobufjs](https://github.com/protobufjs/protobuf.js).
Updates `protobufjs` from 7.5.4 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5)
---
updated-dependencies:
- dependency-name: protobufjs
dependency-version: 7.5.5
dependency-type: indirect
dependency-group: prod-security
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps facebook/threatexchange/hma from 1.1.3 to 1.1.4.
---
updated-dependencies:
- dependency-name: facebook/threatexchange/hma
dependency-version: 1.1.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [Vulnerabilities] Upgrade Kysely to latest
* fix lint
* code review
* [Kysely] migrate rule-engine queries and related jobs to Kysely (phase 1)
* fixes
* fix lint by organizing errors to a file for simplifications
* lint fix again
* fix test
* [Kysely] Remove knex migrate backtest pagination and takeLast to Kysely (#226)
* [Kysely] Remove knex migrate backtest pagination and takeLast to Kysely
* code revie fix
* simplify enum uses
Bumps node from 24.14.0 to 24.14.1.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps node from 24.14.0-bullseye-slim to 24.14.1-bullseye-slim.
---
updated-dependencies:
- dependency-name: node
dependency-version: 24.14.1-bullseye-slim
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* server: Replace error classes no longer provided by Apollo
* server: Remove no longer available DataSource base class
* server: Remove no longer necessary gql tag
* server: Upgrade Apollo packages
* server: Refactor API server bootstrap
* server: Remove Apollo packages that reached end-of-life
* server/client: Bump graphql package version
* fixup! server: Refactor API server bootstrap
* fixup! server: Remove Apollo packages that reached end-of-life
* fixup! server: Refactor API server bootstrap
* fixup! server: Replace error classes no longer provided by Apollo
* fix merge main and final code review changes
* lint fixes
---------
Co-authored-by: Juan S. Mrad <juansmrad@gmail.com>
Bumps facebook/threatexchange/hma from 1.1.2 to 1.1.3.
---
updated-dependencies:
- dependency-name: facebook/threatexchange/hma
dependency-version: 1.1.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* clean up integrations in enum definition to remove unused ones
* add model card details to zentropi manifest
* revert model card learn more URL to general MC educational resource
* Regenerate GraphQL files
* merge main and reinstall npm
* actually add regenerated graphql files
* revert package-lock.json to main
* include package-lock.json changes for consistent codegen