Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency pino to v9 #1919

Merged
merged 1 commit into from
Jun 3, 2024
Merged

fix(deps): update dependency pino to v9 #1919

merged 1 commit into from
Jun 3, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 25, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
pino (source) ^8.18.0 -> ^9.0.0 age adoption passing confidence

Release Notes

pinojs/pino (pino)

v9.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: pinojs/pino@v9.0.0...v9.1.0

v9.0.0

Compare Source


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Copy link

deepsource-io bot commented Apr 25, 2024

Here's the code health analysis summary for commits c4bb26a..437ab75. View details on DeepSource ↗.

Analysis Summary

AnalyzerStatusSummaryLink
DeepSource JavaScript LogoJavaScript✅ SuccessView Check ↗

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The main change in this commit is the update of the 'pino' package from version 8 to version 9 in both package.json and pnpm-lock.yaml files. This is a major version change. It's important to ascertain that none of the breaking changes or deprecations affect our codebase. Make sure to thoroughly test all parts of the application that use 'pino' after this change.

package.json Outdated
@@ -48,7 +48,7 @@
"@rustymotors/shared-packets": "workspace:^",
"@sentry/esbuild-plugin": "^2.16.0",
"fastify": "^4.26.2",
"pino": "^8.19.0",
"pino": "^9.0.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 'pino' package is updated to its latest major release, v9. Ensure to consult the changelogs and migration guide of the 'pino' library as major upgrades involve breaking changes.

@@ -16,7 +16,7 @@
"author": "",
"license": "ISC",
"dependencies": {
"pino": "^8.18.0",
"pino": "^9.0.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here also 'pino' is updated to v9 in the shared package. Do the same verifications regarding breaking changes.

pnpm-lock.yaml Outdated
@@ -27,8 +27,8 @@ importers:
specifier: ^4.26.2
version: 4.26.2
pino:
specifier: ^8.19.0
version: 8.21.0
specifier: ^9.0.0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This 'pino' version change in pnpm-lock.yaml confirms 'pino' v9.0.0 is used instead of v8.19.0. Please ensure to run 'pnpm install' for updating the lock file corresponding to package.json changes.

pnpm-lock.yaml Outdated
@@ -161,8 +161,8 @@ importers:
packages/shared:
dependencies:
pino:
specifier: ^8.18.0
version: 8.21.0
specifier: ^9.0.0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 'pino' dependency for the shared package is also updated in the pnpm-lock file. If you encounter issues, checking for compatibility may be necessary.

pnpm-lock.yaml Outdated
@@ -3200,8 +3200,8 @@ packages:
thread-stream: 2.4.1
dev: false

/pino@8.21.0:
resolution: {integrity: sha512-ip4qdzjkAyDDZklUaZkcRFb2iA118H9SgRh8yzTkSQK8HilsOJF7rSY8HoW5+I0M46AZgX/pxbprf2vvzQCE0Q==}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new SHA512 hash corresponding to the 'pino' v9.0.0 version is updated. This is automatically managed by the package manager and does not require any actions.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code changes mainly revolve around upgrading the pino package version from 8.19.0 and 8.18.0 to the latest 9.0.0 version across multiple files. These changes are fine if the new version does not introduce breaking changes that would affect the current system. Always ensure backward compatibility unless the system is prepared for the breaking changes.

package.json Outdated
@@ -48,7 +48,7 @@
"@rustymotors/shared-packets": "workspace:^",
"@sentry/esbuild-plugin": "^2.16.0",
"fastify": "^4.26.2",
"pino": "^8.19.0",
"pino": "^9.0.0",
Copy link

@codecov codecov bot Apr 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You've updated the version of the 'pino' package from '^8.21.0' to '^9.0.0'. Ensure that these changes are compatible with the rest of the application by thorough testing, specifically for any breaking changes introduced by the new version.

@@ -16,7 +16,7 @@
"author": "",
"license": "ISC",
"dependencies": {
"pino": "^8.18.0",
"pino": "^9.0.0",
Copy link

@codecov codecov bot Apr 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You've upgraded pino logging library from version 8.18.0 to 9.0.0. Note that whenever we upgrade dependencies to a new major version, we should analyse the breaking changes introduced in that version to estimate the potential impact on our application. Review the library's changelog or release notes for any breaking changes. Also, run all the tests to make sure those updates do not break the application.

pnpm-lock.yaml Outdated
@@ -27,8 +27,8 @@ importers:
specifier: ^4.26.2
version: 4.26.2
pino:
specifier: ^8.19.0
version: 8.21.0
specifier: ^9.0.0
Copy link

@codecov codecov bot Apr 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here once again the pino version is being updated. Ensure that this change aligns with the shift in version for other packages as well, and hasn't results in any versioning conflicts.

pnpm-lock.yaml Outdated
@@ -161,8 +161,8 @@ importers:
packages/shared:
dependencies:
pino:
specifier: ^8.18.0
version: 8.21.0
specifier: ^9.0.0
Copy link

@codecov codecov bot Apr 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new version of pino (version 9.0.0) is specified here. Make sure that this new version does not break anything in the code base, thoroughly test the updates.

pnpm-lock.yaml Outdated
@@ -3200,8 +3200,8 @@ packages:
thread-stream: 2.4.1
dev: false

/pino@8.21.0:
resolution: {integrity: sha512-ip4qdzjkAyDDZklUaZkcRFb2iA118H9SgRh8yzTkSQK8HilsOJF7rSY8HoW5+I0M46AZgX/pxbprf2vvzQCE0Q==}
Copy link

@codecov codecov bot Apr 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here the previous versions of pino (8.20.0 and 8.21.0) have been removed. Please validate that no part of the application was specifically dependent on the old version of pino, and make necessary adjustments if that's the case.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You've made a significant version jump from Pino v8 to v9. Pino v9 has several breaking changes as compared to v8, so it would be advisable to check if any of your existing functionality which relies on Pino logging is negatively affected. A comprehensive test suite would be very helpful in this context.

package.json Outdated
@@ -48,7 +48,7 @@
"@rustymotors/shared-packets": "workspace:^",
"@sentry/esbuild-plugin": "^2.16.0",
"fastify": "^4.26.2",
"pino": "^8.19.0",
"pino": "^9.0.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You've updated Pino to v9.0.0. Ensure that all breaking changes are properly accounted for in your application, and check the official Pino documentation for details on breaking changes.

@@ -16,7 +16,7 @@
"author": "",
"license": "ISC",
"dependencies": {
"pino": "^8.18.0",
"pino": "^9.0.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You've updated Pino in your shared package as well. Make sure that this does not cause any incompatibility issues with other packages or applications using your shared package.

pnpm-lock.yaml Outdated
@@ -27,8 +27,8 @@ importers:
specifier: ^4.26.2
version: 4.26.2
pino:
specifier: ^8.19.0
version: 8.21.0
specifier: ^9.0.0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, ensure that you're updating the lockfile correctly. The previous version seemed to be 8.21.0, which isn't the same as in your package.json. This might suggest some inconsistencies in how dependencies are being managed.

pnpm-lock.yaml Outdated
@@ -3200,8 +3200,8 @@ packages:
thread-stream: 2.4.1
dev: false

/pino@8.21.0:
resolution: {integrity: sha512-ip4qdzjkAyDDZklUaZkcRFb2iA118H9SgRh8yzTkSQK8HilsOJF7rSY8HoW5+I0M46AZgX/pxbprf2vvzQCE0Q==}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You've updated the Pino version in your lock file. This is good as it ensures that the correct dependency versions are installed. However, ensure all packages which depend on Pino also support this new version.

Copy link

coderabbitai bot commented Apr 25, 2024

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

codecov bot commented Apr 25, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 9.74%. Comparing base (c4bb26a) to head (437ab75).

Additional details and impacted files
@@          Coverage Diff          @@
##            main   #1919   +/-   ##
=====================================
  Coverage   9.74%   9.74%           
=====================================
  Files        133     133           
  Lines       9730    9730           
  Branches     128     132    +4     
=====================================
  Hits         948     948           
  Misses      8782    8782           
Flag Coverage Δ *Carryforward flag
cli 0.00% <ø> (ø)
connection 25.66% <ø> (ø)
database 9.70% <ø> (ø)
gateway 41.48% <ø> (ø)
mcots 0.00% <ø> (ø)
nps 0.00% <ø> (ø) Carriedforward from c4bb26a
patch 86.08% <ø> (ø)
schema 0.00% <ø> (ø) Carriedforward from c4bb26a
shard 41.47% <ø> (ø)
shared 13.44% <ø> (ø)
shared-packets 0.00% <ø> (ø)

*This pull request uses carry forward flags. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link

socket-security bot commented May 7, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher

🚮 Removed packages: npm/pino@8.21.0

View full report↗︎

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 9914a3b

pnpm-lock.yaml Outdated
specifier: ^8.19.0
version: 8.21.0
specifier: ^9.0.0
version: 9.0.0
Copy link

@codecov codecov bot May 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have upgraded pino to its 9.0.0 version. Make sure this change does not cause any inconsistency or version conflict with other dependencies or sub-dependencies.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 58f0c15

pnpm-lock.yaml Outdated
@@ -3197,11 +3197,11 @@ packages:
real-require: 0.2.0
safe-stable-stringify: 2.4.3
sonic-boom: 3.8.1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 'thread-stream' library has also been updated from version 2.4.1 to 2.7.0. It's important to understand the implications of this version upgrade as well.

pnpm-lock.yaml Outdated
/thread-stream@2.4.1:
resolution: {integrity: sha512-d/Ex2iWd1whipbT681JmTINKw0ZwOUBZm7+Gjs64DHuX34mmw8vJL2bFAaNacaW72zYiTJxSHi5abUuOi5nsfg==}
dependencies:
real-require: 0.2.0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that the older version of 'thread-stream' has been completely replaced with the new one based on the lockfile. If there were any known issues with the older version, this should resolve them.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 58f0c15

pnpm-lock.yaml Outdated
@@ -3197,11 +3197,11 @@ packages:
real-require: 0.2.0
safe-stable-stringify: 2.4.3
sonic-boom: 3.8.1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'thread-stream' has been updated to version 2.7.0. Make sure to test and ensure no significant changes in this updated package adversely impacts your application.

pnpm-lock.yaml Outdated
@@ -3703,12 +3703,6 @@ packages:
resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
dev: true

/thread-stream@2.4.1:
resolution: {integrity: sha512-d/Ex2iWd1whipbT681JmTINKw0ZwOUBZm7+Gjs64DHuX34mmw8vJL2bFAaNacaW72zYiTJxSHi5abUuOi5nsfg==}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As the 'thread-stream' has been updated to a new version, the old version information is correctly removed.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 6f5eb91

pnpm-lock.yaml Outdated
@@ -3200,8 +3200,8 @@ packages:
thread-stream: 2.4.1
dev: false

/pino@8.21.0:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An update was made to the SHA512 hash resolving the pino package. This change was expected and is correct, as the hash corresponds to the precise version of the package being pulled.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 6f5eb91

pnpm-lock.yaml Outdated
@@ -3200,8 +3200,8 @@ packages:
thread-stream: 2.4.1
dev: false

/pino@8.21.0:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The integrity hash has been updated, which suggests a successful update of 'pino' to version 9.0.0. This includes a complete download which ensures the package is not tampered with.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 8ce2487

pnpm-lock.yaml Outdated
@@ -3795,23 +3793,6 @@ packages:
resolution: {integrity: sha512-cHjPPsE+vhj/tnhCy/wiMh3M3z3h/j15zHQX+S9GkTBgqJuTuJzYJ4gUyACLhDaJ7kk9ba9iRDmbH2tJU03OiA==}
dev: false

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Information about the old version of pino is removed here. Make sure no essential dependencies were lost in this change.

pnpm-lock.yaml Outdated
@@ -4394,12 +4375,6 @@ packages:
resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
dev: true
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'thread-stream@2.6.0' dependency has been removed. If it's a deprecated version, it's generally okay to remove it. However, please ensure these changes won't affect the functioning of your code.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 8ce2487

pnpm-lock.yaml Outdated
@@ -3795,23 +3793,6 @@ packages:
resolution: {integrity: sha512-cHjPPsE+vhj/tnhCy/wiMh3M3z3h/j15zHQX+S9GkTBgqJuTuJzYJ4gUyACLhDaJ7kk9ba9iRDmbH2tJU03OiA==}
dev: false
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'pino@8.20.0' details removed here. Given that the application no longer uses this version of 'pino', this seems to be an appropriate change.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 8ce2487

pnpm-lock.yaml Outdated
quick-format-unescaped: 4.0.4
real-require: 0.2.0
safe-stable-stringify: 2.4.3
sonic-boom: 3.8.1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Previously used pino@8.20.0 package with its dependencies has been removed. Please make sure the removal of these dependencies does not affect other packages that still might be using them.

pnpm-lock.yaml Outdated
@@ -4394,12 +4375,6 @@ packages:
resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
dev: true

/thread-stream@2.6.0:
resolution: {integrity: sha512-t4eNiKdGwd1EV6tx76mRbrOqwvkxz+ssOiQXEXw88m4p/Xp6679vg16sf39BAstRjHOiWIqp5+J2ylHk3pU30g==}
dependencies:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removal of the '/thread-stream@2.6.0' dependency may affect packages that might still be using it. If other packages that still require this version, consider refraining this change.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 8ce2487

pnpm-lock.yaml Outdated
real-require: 0.2.0
safe-stable-stringify: 2.4.3
sonic-boom: 3.8.1
thread-stream: 2.6.0
Copy link

@codecov codecov bot May 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The packages /pino@8.20.0 and /thread-stream@2.6.0 are no longer available after these changes. If any other part of the project is still dependent on these, it could potentially cause breaking changes.

pnpm-lock.yaml Outdated
@@ -4394,12 +4375,6 @@ packages:
resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
dev: true

/thread-stream@2.6.0:
resolution: {integrity: sha512-t4eNiKdGwd1EV6tx76mRbrOqwvkxz+ssOiQXEXw88m4p/Xp6679vg16sf39BAstRjHOiWIqp5+J2ylHk3pU30g==}
dependencies:
Copy link

@codecov codecov bot May 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This removal shows that the version of 'thread-stream' has been changed. It may impact how 'pino' works - investigate any changes to this dependency as well.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 3645c3d

pnpm-lock.yaml Outdated
quick-format-unescaped: 4.0.4
real-require: 0.2.0
safe-stable-stringify: 2.4.3
sonic-boom: 3.8.1
Copy link

@codecov codecov bot May 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It appears that several dependencies that were related to 'pino' v8.21.0, aren't present for 'pino' v9.0.0. Make sure to check the updated 'pino' documentation to be aware of any dropped dependencies and how that could affect your application.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 194704e

pnpm-lock.yaml Outdated
@@ -3793,23 +3793,6 @@ packages:
resolution: {integrity: sha512-cHjPPsE+vhj/tnhCy/wiMh3M3z3h/j15zHQX+S9GkTBgqJuTuJzYJ4gUyACLhDaJ7kk9ba9iRDmbH2tJU03OiA==}
dev: false
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These dependency removals are a result of the 'pino' update. Ensure that removing these dependencies doesn't affect any functionality. If any functionality is affected, you might need to manually add them.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 194704e

pnpm-lock.yaml Outdated
@@ -3793,23 +3793,6 @@ packages:
resolution: {integrity: sha512-cHjPPsE+vhj/tnhCy/wiMh3M3z3h/j15zHQX+S9GkTBgqJuTuJzYJ4gUyACLhDaJ7kk9ba9iRDmbH2tJU03OiA==}
dev: false
Copy link

@codecov codecov bot May 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removal of the old version of 'pino' from the pnpm-lock.yaml file is good to keep it clean and up-to-date, but be aware of any dependencies relying on the old version.

pnpm-lock.yaml Outdated
@@ -4392,12 +4375,6 @@ packages:
resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
Copy link

@codecov codecov bot May 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'thread-stream@2.6.0' dependency is also removed with this update, and its dependencies along with it. Again, make sure this doesn't impact your current codebase.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for fac540b

pnpm-lock.yaml Outdated
safe-stable-stringify: 2.4.3
sonic-boom: 3.8.1
thread-stream: 2.6.0
dev: false
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The detailed information for the previous version (8.21.0) of pino is still present. If 9.0.0 is the preferred version, consider removing these details to maintain consistency.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for e34ea0f

pnpm-lock.yaml Outdated
@@ -27,8 +27,8 @@ importers:
specifier: ^8.11.5
version: 8.11.5
pino:
specifier: ^8.21.0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'pino' package is removed and updated in the lock file. This action suggests that the packages have been updated correctly.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 030351b

pnpm-lock.yaml Outdated
@@ -2633,9 +2625,6 @@ packages:
text-table@0.2.0:
resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'thread-stream' version is removed from your projects. If any of your packages were depending on this version, you might face issues.

pnpm-lock.yaml Outdated
pino-std-serializers: 6.2.2
process-warning: 3.0.0
quick-format-unescaped: 4.0.4
real-require: 0.2.0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removals of dependencies in pino@8.20.0 are also significant, especially if other components in the project directly/indirectly depended on these dependencies.

pnpm-lock.yaml Outdated
@@ -5212,10 +5173,6 @@ snapshots:

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Try to resist removing dependencies such as 'real-require' in 'thread-stream@2.6.0' unless you're absolutely sure they're not needed anywhere else in the codebase as it may cause unexpected breakage.

Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for 030351b

pnpm-lock.yaml Outdated
pino-std-serializers: 6.2.2
process-warning: 3.0.0
quick-format-unescaped: 4.0.4
real-require: 0.2.0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please confirm if it's okay to remove all dependencies of the older version of pino. If some dependencies are still required, they should be shift to new version or kept with older version of pino.

@renovate renovate bot force-pushed the renovate/pino-9.x branch 3 times, most recently from ef26b38 to b4f08bf Compare May 13, 2024 21:13
Copy link

socket-security bot commented May 24, 2024

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

@renovate renovate bot force-pushed the renovate/pino-9.x branch 7 times, most recently from 29775be to dbd3f68 Compare May 29, 2024 19:38
Copy link

@codecov codecov bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodecovAI submitted a new review for dbd3f68

@@ -24,7 +24,7 @@
"license": "AGPL-3.0",
"dependencies": {
"fastify": "^4.27.0",
"pino": "^8.18.0",
"pino": "^9.0.0",
"pino-pretty": "^11.0.0",
Copy link

@codecov codecov bot May 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please confirm 'pino-pretty' version 11.0.0 is compatible with 'pino' version 9.0.0. Although not every single major update will result in issues with dependent libraries, when it does occur it can cause unexpected behaviour.

@renovate renovate bot force-pushed the renovate/pino-9.x branch 2 times, most recently from 79a4ab0 to d724a0f Compare June 3, 2024 19:13
@drazisil drazisil enabled auto-merge June 3, 2024 19:15
Copy link

sonarcloud bot commented Jun 3, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@drazisil drazisil merged commit 6c9bbaf into main Jun 3, 2024
14 checks passed
@drazisil drazisil deleted the renovate/pino-9.x branch June 3, 2024 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant