Pinning Notion client version

[GTFalcao]

The latest 5.x Notion version broke the live components. Pinning the version specified in the package should resolve the issue

notion_api_key components will be fixed in a subsequent PR

Summary by CodeRabbit

• Chores
  • Bumped versions across multiple Notion actions (create, update, delete, retrieve, query, search, file uploads) and sources (new/updated pages, databases, comments, webhooks). No functional changes.
  • Updated the Notion package to version 0.10.1.
  • Pinned the Notion SDK dependency to version 4.0.2 for consistency and predictability.
  • General metadata refresh to align component versions across the Notion integration suite.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
pipedream-docs	Ignored			Sep 5, 2025 4:15pm
pipedream-docs-redirect-do-not-edit	Ignored			Sep 5, 2025 4:15pm

[coderabbitai]

Walkthrough

This PR updates version metadata across multiple Notion actions and sources and bumps the Notion component package version. It also pins @notionhq/client to 4.0.2. No functional logic or control flow changes are included.

Changes

Cohort / File(s)	Summary of changes
Notion actions — version bumps components/notion/actions/append-block/append-block.mjs, .../complete-file-upload/complete-file-upload.mjs, .../create-comment/create-comment.mjs, .../create-database/create-database.mjs, .../create-file-upload/create-file-upload.mjs, .../create-page-from-database/create-page-from-database.mjs, .../create-page/create-page.mjs, .../delete-block/delete-block.mjs, .../duplicate-page/duplicate-page.mjs, .../list-all-users/list-all-users.mjs, .../list-file-uploads/list-file-uploads.mjs, .../query-database/query-database.mjs, .../retrieve-block/retrieve-block.mjs, .../retrieve-database-content/retrieve-database-content.mjs, .../retrieve-database-schema/retrieve-database-schema.mjs, .../retrieve-file-upload/retrieve-file-upload.mjs, .../retrieve-page-property-item/retrieve-page-property-item.mjs, .../retrieve-page/retrieve-page.mjs, .../retrieve-user/retrieve-user.mjs, .../search/search.mjs, .../send-file-upload/send-file-upload.mjs, .../update-block/update-block.mjs, .../update-database/update-database.mjs, .../update-page/update-page.mjs	Updated exported metadata version fields only; no logic, API, or control-flow changes.
Notion sources — version bumps components/notion/sources/new-comment-created/new-comment-created.mjs, .../new-database/new-database.mjs, .../new-page/new-page.mjs, .../new-webhook-event-instant/new-webhook-event-instant.mjs, .../page-or-subpage-updated/page-or-subpage-updated.mjs, .../page-properties-updated-instant/page-properties-updated-instant.mjs, .../updated-page-by-timestamp/updated-page-by-timestamp.mjs, .../updated-page-id/updated-page-id.mjs, .../updated-page/updated-page.mjs	Updated exported metadata version fields only; no logic, API, or control-flow changes.
Package manifest components/notion/package.json	Bumped package version 0.10.0 → 0.10.1; pinned @notionhq/client to 4.0.2 (removed caret).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

User submitted

Suggested reviewers

• lcaresia
• danhsiung

Poem

A nibble of numbers, a hop and a cheer,
Versions all bumped—no bugs to fear.
Carrots aligned, the roadmap’s bright,
Package pinned snug, dependencies tight.
Thump-thump! goes my review delight—
Ship it swift, into the night. 🥕🐇

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch notion-client-version

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

components/notion/actions/query-database/query-database.mjs (1)

4-9: Pin @notionhq/client globally to 4.0.2

• In components/notion_api_key/package.json, change
  "@notionhq/client": "^2.3.0" → "4.0.2".
• In the root package.json, add a top-level resolutions (Yarn) or overrides (pnpm) entry:

  "resolutions": {
    "@notionhq/client": "4.0.2"
  }

  (or under overrides for pnpm) to block any 5.x hoisting.
• Verify no other package.json declares a loose range for @notionhq/client.

🧹 Nitpick comments (11)

components/notion/package.json (1)

3-3: Approve—@notionhq/client dependency fully pinned.

No other caret-prefixed or range versions found in any package.json; consider adding a workspace-level overrides/resolutions entry for extra protection.

components/notion/actions/send-file-upload/send-file-upload.mjs (1)

11-11: Version bump ACK; minor UX copy nit for non-images.

Label/description references “Image” though this action uploads any file. Consider generalizing.

Apply:

-      label: "Image File Path or URL",
-      description: "The image to process. Provide either a file URL or a path to a file in the `/tmp` directory (for example, `/tmp/myImage.jpg`).",
+      label: "File Path or URL",
+      description: "Provide a file URL or a path to a file in the `/tmp` directory (for example, `/tmp/myFile.bin`).",

components/notion/sources/updated-page-by-timestamp/updated-page-by-timestamp.mjs (1)

11-11: Version bump ACK; reduce duplicate emissions around equal timestamps.

Current logic uses on_or_after, which can re-emit pages when multiple items share the same last_edited_time. Store +1ms to advance the cursor.

Apply:

-    this.setLastUpdatedTimestamp(newLastUpdatedTimestamp);
+    // Advance by 1ms to avoid re-emitting items with identical timestamps
+    this.setLastUpdatedTimestamp(newLastUpdatedTimestamp + 1);

After change, trigger consecutively and confirm no duplicates when multiple pages share the same last_edited_time.

components/notion/actions/search/search.mjs (1)

8-8: Version bump ACK; polish summary grammar.

Apply:

-      return `Found ${response.results?.length} object${response.results?.length === 1
-        ? ""
-        : "s"} with query search ${this.title}`;
+      return `Found ${response.results?.length} object${response.results?.length === 1 ? "" : "s"} for query "${this.title}"`;

components/notion/actions/update-database/update-database.mjs (1)

10-10: Version bump ACK; avoid sending undefined fields to Notion API.

Only include title/description when provided; otherwise Notion may reject or overwrite unintentionally.

Apply:

   async run({ $ }) {
-    const response = await this.notion.updateDatabase({
-      database_id: this.databaseId,
-      title: [
-        {
-          text: {
-            content: this.title,
-          },
-        },
-      ],
-      description: [
-        {
-          text: {
-            content: this.description,
-          },
-        },
-      ],
-      properties: utils.parseObject(this.properties),
-    });
+    const payload = {
+      database_id: this.databaseId,
+      properties: utils.parseObject(this.properties),
+    };
+    if (this.title) {
+      payload.title = [{ text: { content: this.title } }];
+    }
+    if (this.description) {
+      payload.description = [{ text: { content: this.description } }];
+    }
+    const response = await this.notion.updateDatabase(payload);

Please confirm existing tests (or a quick manual run) still update only the specified fields and leave others unchanged.

components/notion/actions/create-file-upload/create-file-upload.mjs (1)

9-9: LGTM – safe version bump.

No logic changes; publish-only.

Minor: consider validating mode-specific required fields before calling the API (e.g., filename/contentType/numberOfParts for multi_part, externalUrl for external_url) to fail fast with clearer errors. Not blocking this PR.

components/notion/actions/create-comment/create-comment.mjs (1)

8-8: LGTM – publish-only change.

No behavioral differences introduced.

Optional: when both pageId/discussionId validation fails, include provided values in the error message to aid debugging (keep IDs partially redacted if logged).

components/notion/actions/create-database/create-database.mjs (1)

10-10: LGTM – metadata bump aligns with dependency pin.

No runtime changes; ready to publish.

Since 5.x caused breakage, add a short note in components/notion/CHANGELOG.md explaining the pin and a future plan to test/upgrade to 5.x, so downstream users understand why we’re holding at 4.0.2.

components/notion/actions/list-all-users/list-all-users.mjs (1)

13-21: Avoid materializing all users for large workspaces.

Optional: stream or batch to reduce memory (e.g., process per page/chunk) instead of building a single array.

components/notion/actions/retrieve-page-property-item/retrieve-page-property-item.mjs (1)

27-34: Consider adding minimal error handling/context.

Optional: wrap the call to surface pageId/propertyId in thrown errors for faster triage when Notion returns 404/validation errors.

components/notion/actions/list-file-uploads/list-file-uploads.mjs (1)

15-27: Memory-friendly pagination.

Optional: process each item as it’s yielded (or cap array size) to avoid high memory use when many uploads exist.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e9191fc and 111099a.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (34)

• components/notion/actions/append-block/append-block.mjs (1 hunks)
• components/notion/actions/complete-file-upload/complete-file-upload.mjs (1 hunks)
• components/notion/actions/create-comment/create-comment.mjs (1 hunks)
• components/notion/actions/create-database/create-database.mjs (1 hunks)
• components/notion/actions/create-file-upload/create-file-upload.mjs (1 hunks)
• components/notion/actions/create-page-from-database/create-page-from-database.mjs (1 hunks)
• components/notion/actions/create-page/create-page.mjs (1 hunks)
• components/notion/actions/delete-block/delete-block.mjs (1 hunks)
• components/notion/actions/duplicate-page/duplicate-page.mjs (1 hunks)
• components/notion/actions/list-all-users/list-all-users.mjs (1 hunks)
• components/notion/actions/list-file-uploads/list-file-uploads.mjs (1 hunks)
• components/notion/actions/query-database/query-database.mjs (1 hunks)
• components/notion/actions/retrieve-block/retrieve-block.mjs (1 hunks)
• components/notion/actions/retrieve-database-content/retrieve-database-content.mjs (1 hunks)
• components/notion/actions/retrieve-database-schema/retrieve-database-schema.mjs (1 hunks)
• components/notion/actions/retrieve-file-upload/retrieve-file-upload.mjs (1 hunks)
• components/notion/actions/retrieve-page-property-item/retrieve-page-property-item.mjs (1 hunks)
• components/notion/actions/retrieve-page/retrieve-page.mjs (1 hunks)
• components/notion/actions/retrieve-user/retrieve-user.mjs (1 hunks)
• components/notion/actions/search/search.mjs (1 hunks)
• components/notion/actions/send-file-upload/send-file-upload.mjs (1 hunks)
• components/notion/actions/update-block/update-block.mjs (1 hunks)
• components/notion/actions/update-database/update-database.mjs (1 hunks)
• components/notion/actions/update-page/update-page.mjs (1 hunks)
• components/notion/package.json (2 hunks)
• components/notion/sources/new-comment-created/new-comment-created.mjs (1 hunks)
• components/notion/sources/new-database/new-database.mjs (1 hunks)
• components/notion/sources/new-page/new-page.mjs (1 hunks)
• components/notion/sources/new-webhook-event-instant/new-webhook-event-instant.mjs (1 hunks)
• components/notion/sources/page-or-subpage-updated/page-or-subpage-updated.mjs (1 hunks)
• components/notion/sources/page-properties-updated-instant/page-properties-updated-instant.mjs (1 hunks)
• components/notion/sources/updated-page-by-timestamp/updated-page-by-timestamp.mjs (1 hunks)
• components/notion/sources/updated-page-id/updated-page-id.mjs (1 hunks)
• components/notion/sources/updated-page/updated-page.mjs (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-08-19T09:02:18.222Z

Learnt from: nurul3101
PR: PipedreamHQ/pipedream#18092
File: components/prisma_management_api/README.md:24-31
Timestamp: 2025-08-19T09:02:18.222Z
Learning: In Prisma Management API documentation, the "Create Database" section title is intentional and should not be changed to "Create Project", even though the action technically creates a complete project with database. This naming choice follows user-facing terminology preferences.

Applied to files:

• components/notion/actions/create-database/create-database.mjs

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Publish TypeScript components
• GitHub Check: Verify TypeScript components
• GitHub Check: Lint Code Base
• GitHub Check: pnpm publish

🔇 Additional comments (26)

components/notion/actions/query-database/query-database.mjs (1)

8-8: Patch bump only — LGTM.
No logic changes; safe metadata update.

components/notion/sources/new-database/new-database.mjs (1)

10-10: Patch bump only — LGTM.
Matches the dependency pin intent; no behavioral impact.

components/notion/actions/retrieve-database-schema/retrieve-database-schema.mjs (1)

7-7: Patch bump only — LGTM.
No runtime changes.

components/notion/actions/retrieve-database-content/retrieve-database-content.mjs (1)

7-7: Patch bump only — LGTM.
No logic touched.

components/notion/actions/duplicate-page/duplicate-page.mjs (1)

10-10: Patch bump only — LGTM.
Consistent with the pinning strategy.

components/notion/actions/update-page/update-page.mjs (1)

10-10: Version bump only — LGTM.

No functional changes; safe metadata update.

components/notion/sources/updated-page-id/updated-page-id.mjs (1)

10-10: Version bump only — LGTM.

No runtime changes; consistent with pinning strategy.

components/notion/sources/page-properties-updated-instant/page-properties-updated-instant.mjs (1)

9-9: Version bump only — LGTM.

No behavioral changes.

components/notion/actions/append-block/append-block.mjs (1)

10-10: Version bump only — LGTM.

No logic modified.

components/notion/actions/retrieve-file-upload/retrieve-file-upload.mjs (1)

9-9: Version bump only — LGTM.

No functional changes.

components/notion/sources/new-page/new-page.mjs (1)

11-11: LGTM – version bump only.

No code-path changes; safe to publish alongside the client pin.

components/notion/actions/create-page/create-page.mjs (2)

10-10: Version bump only — LGTM

No behavioral changes. Safe to ship.

---

10-10: Pin @notionhq/client v4.0.2 in the Notion component

– In components/notion/package.json add under dependencies (without ^ or ~):

{
  "dependencies": {
+   "@notionhq/client": "4.0.2"
  }
}

– Add to the root package.json a workspace-wide override/resolution to lock @notionhq/client at 4.0.2.

Likely an incorrect or invalid review comment.

components/notion/actions/retrieve-user/retrieve-user.mjs (1)

7-7: Version bump only — LGTM

No functional changes.

components/notion/sources/page-or-subpage-updated/page-or-subpage-updated.mjs (1)

10-10: Version bump only — LGTM

No behavioral impact.

components/notion/actions/create-page-from-database/create-page-from-database.mjs (1)

11-11: Version bump only — LGTM

No logic changes.

components/notion/actions/update-block/update-block.mjs (1)

10-10: Version bump only — LGTM

No runtime changes.

components/notion/sources/new-comment-created/new-comment-created.mjs (1)

8-8: Version bump only — LGTM.

No behavioral changes. Safe metadata update.

components/notion/actions/retrieve-block/retrieve-block.mjs (1)

7-7: Version bump only — LGTM.

No changes to inputs, run logic, or output shape.

components/notion/actions/complete-file-upload/complete-file-upload.mjs (1)

9-9: Version bump only — LGTM.

Metadata update aligns with the package pin.

components/notion/sources/updated-page/updated-page.mjs (1)

12-12: Version bump only — LGTM.

No functional diffs detected.

components/notion/sources/new-webhook-event-instant/new-webhook-event-instant.mjs (1)

9-9: Version bump only — LGTM.

No behavioral changes in webhook handling.

components/notion/actions/delete-block/delete-block.mjs (1)

9-9: LGTM: version bump only.

No runtime changes; aligns with the Notion client pinning effort.

components/notion/actions/list-all-users/list-all-users.mjs (1)

7-7: LGTM: metadata bump.

Behavior unchanged; paginate + aggregation still correct.

components/notion/actions/retrieve-page-property-item/retrieve-page-property-item.mjs (1)

7-7: LGTM: version bump only.

No functional deltas; API call remains the same.

components/notion/actions/list-file-uploads/list-file-uploads.mjs (1)

9-9: LGTM: metadata bump.

No runtime changes.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Ensure the pin is enforced repo-wide (avoid accidental 5.x).

Add a repo-level override/resolution to force @notionhq/client@4.0.2 and verify no packages depend on ^5. Script below checks all package.jsons and the lockfile for stray 5.x.

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Scanning package.json files for @notionhq/client..."
fd -t f package.json | xargs -I{} jq -r '[input_filename, (.dependencies["@notionhq/client"] // .devDependencies["@notionhq/client"] // empty)] | @tsv' {} \
  | awk 'NF==2 { print }' | column -t

echo
echo "Flagging any specs that are not exactly 4.0.2:"
fd -t f package.json | xargs -I{} jq -r '[(.name // input_filename), (.dependencies["@notionhq/client"] // .devDependencies["@notionhq/client"] // empty)] | @tsv' {} \
  | awk '$2 && $2 != "4.0.2" { print "Mismatch:", $0 }'

echo
echo "Checking lockfiles for resolved 5.x (may miss if tool differs):"
fd -a 'pnpm-lock.yaml|yarn.lock|package-lock.json' -E node_modules | while read -r lock; do
  echo "=> $lock"
  rg -n '(@notionhq/client).*5\.' "$lock" || echo "No 5.x found in $lock"
done

echo
echo "If your workspace uses npm, consider adding root-level overrides:"
echo '{ "overrides": { "@notionhq/client": "4.0.2" } }'

Length of output: 426

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Scanning package.json files for @notionhq/client..."
fd -t f package.json | while read -r file; do
  version=$(jq -r '.dependencies["@notionhq/client"] // .devDependencies["@notionhq/client"] // empty' "$file")
  if [ -n "$version" ]; then
    printf "%-60s %s\n" "$file" "$version"
  fi
done

echo
echo "Flagging any specs that are not exactly 4.0.2:"
fd -t f package.json | while read -r file; do
  version=$(jq -r '.dependencies["@notionhq/client"] // .devDependencies["@notionhq/client"] // empty' "$file")
  if [ -n "$version" ] && [ "$version" != "4.0.2" ]; then
    printf "Mismatch: %-55s %s\n" "$file" "$version"
  fi
done

echo
echo "Checking lockfiles for @notionhq/client 5.x occurrences..."
grep -R -n '@notionhq/client.*5\.' --include="*.lock*" --include="*.yaml" .

echo
echo "If using npm, add this at root to pin 4.0.2:"
echo '{ "overrides": { "@notionhq/client": "4.0.2" } }'

Length of output: 262357

---

Pin @notionhq/client consistently at 4.0.2
components/notion_api_key/package.json currently specifies ^2.3.0—update it to 4.0.2 or add a root-level "overrides": { "@notionhq/client": "4.0.2" } (npm) / "resolutions": { "@notionhq/client": "4.0.2" } (Yarn) to enforce this repo-wide.

🤖 Prompt for AI Agents

In components/notion/actions/delete-block/delete-block.mjs around line 9, the
repo requires pinning @notionhq/client to 4.0.2 but
components/notion_api_key/package.json currently allows ^2.3.0; update that
package.json dependency to "4.0.2" (or add a root-level "overrides": {
"@notionhq/client": "4.0.2" } for npm / "resolutions": { "@notionhq/client":
"4.0.2" } for Yarn) to enforce repo-wide usage, then update the lockfile by
reinstalling dependencies (npm install or yarn install) so the lockfile reflects
the pinned version.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

LGTM – metadata bump to trigger publish.

No functional changes. Given the PR intent (pinning @notionhq/client to 4.0.2), this version bump is appropriate to republish the action.

To ensure the pin is truly effective across the repo and CI images (no hoisted 5.x), run:

If any 5.x appears, add a root-level override/resolution to force 4.0.2 and update the lockfile.

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "1) List all declared versions of @notionhq/client across package.json files"
rg -nP '"@notionhq/client"\s*:\s*"[^\"]+"' -g '**/package.json' -S || true

echo
echo "2) Confirm no caret (^) ranges for @notionhq/client"
rg -nP '"@notionhq/client"\s*:\s*"\^' -g '**/package.json' -S || true

echo
echo "3) Check lockfiles for any 5.x resolution"
for f in pnpm-lock.yaml yarn.lock package-lock.json; do
  if [[ -f "$f" ]]; then
    echo "Scanning $f"
    rg -nP '@notionhq/client@?[^"\s]*5\.' "$f" || true
  fi
done

echo
echo "4) If using pnpm/yarn/npm, optionally verify the installed graph:"
command -v pnpm >/dev/null && pnpm why @notionhq/client || true
command -v yarn >/dev/null && yarn why @notionhq/client || true
command -v npm  >/dev/null && npm ls @notionhq/client || true

Length of output: 2851

---

Pin @notionhq/client in components/notion_api_key/package.json
components/notion_api_key/package.json:16 still uses ^2.3.0; update to "4.0.2" (or add a root-level override) and regenerate the lockfile.

🤖 Prompt for AI Agents

In components/notion/actions/retrieve-page/retrieve-page.mjs around line 7, the
project references a Notion client version but
components/notion_api_key/package.json still pins "@notionhq/client" as
"^2.3.0"; update that dependency entry to "4.0.2" (or add a root-level package
override to enforce 4.0.2), then reinstall (npm/yarn/pnpm) to regenerate the
lockfile and commit the updated lockfile so the dependency is actually pinned
across the repo.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify pin consistency and guard against accidental 5.x upgrades.

Confirm every package.json pins @notionhq/client to an exact 4.x (no ^/~), and no 5.x sneaks in via workspaces/hoisting. Also ensure lockfiles are updated.

Run:

Optionally add a Renovate rule to block majors:

{
  "packageRules": [
    {
      "matchPackageNames": ["@notionhq/client"],
      "allowedVersions": "<5.0.0",
      "rangeStrategy": "pin"
    }
  ]
}

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Occurrences of @notionhq/client versions:"
rg -nP --glob '**/package.json' -S '"@notionhq/client"\s*:\s*"[^"]+"' -C0 || true

echo
echo "Checking for non-pinned ranges (^ or ~):"
if rg -nP --glob '**/package.json' -S '"@notionhq/client"\s*:\s*"[~^]' ; then
  echo "Found non-pinned ranges above."
  exit 1
fi

echo
echo "Checking for any 5.x references:"
if rg -nP --glob '**/package.json' -S '"@notionhq/client"\s*:\s*"(5\.[^"]*)"' ; then
  echo "Found 5.x references above."
  exit 1
fi

echo
echo "Lockfiles present:"
fd -t f 'package-lock.json' 'yarn.lock' 'pnpm-lock.yaml' || true

Length of output: 656

---

Pin @notionhq/client to exact 4.x in all package.json

• components/notion_api_key/package.json currently uses "@notionhq/client": "^2.3.0"—change to an exact 4.x version (e.g. "4.0.2") with no ^ or ~.
• components/notion/package.json is already pinned to "4.0.2".
• After updating, regenerate your lockfile (npm install/yarn install/pnpm install).
• (Optional) Add a Renovate rule to block majors ≥ 5.0.0.

🤖 Prompt for AI Agents

components/notion/actions/update-page/update-page.mjs around lines 10-10: the
repo needs @notionhq/client pinned to an exact 4.x version across packages;
update components/notion_api_key/package.json to replace "@notionhq/client":
"^2.3.0" with an exact 4.x release (e.g. "4.0.2") matching
components/notion/package.json, then run your package manager (npm/yarn/pnpm
install) to regenerate the lockfile; optionally add a Renovate rule to block
major versions >=5.0.0.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify the Notion SDK is truly pinned repo-wide to avoid accidental 5.x upgrades.

Run this to confirm exact pinning and absence of ranges elsewhere.

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) Confirm components/notion/package.json pins exactly 4.0.2
pkg="components/notion/package.json"
if [[ -f "$pkg" ]]; then
  ver=$(jq -r '.dependencies["@notionhq/client"] // empty' "$pkg")
  echo "@notionhq/client in $pkg => ${ver:-<missing>}"
  test "$ver" = "4.0.2" || { echo "ERROR: Not pinned to 4.0.2"; exit 1; }
else
  echo "ERROR: $pkg not found"; exit 1
fi

# 2) Search for any other version specs or ranges (caret/tilde) in the repo
echo
echo "All @notionhq/client specs:"
rg -nP '"@notionhq/client"\s*:\s*".+?"' -g '!**/node_modules/**' || true

echo
echo "Checking for range specifiers (^ or ~):"
if rg -nP '"@notionhq/client"\s*:\s*"[\^~]' -g '!**/node_modules/**'; then
  echo "ERROR: Found range specifiers for @notionhq/client"
  exit 1
else
  echo "OK: No range specifiers found."
fi

# 3) Optional: ensure no root overrides/resolutions contradict the pin
echo
echo "Overrides/resolutions referencing @notionhq/client (if any):"
rg -nP '"(overrides|resolutions)"\s*:\s*{[^}]*@notionhq/client' -g '!**/node_modules/**' || true

Length of output: 989

---

Pin @notionhq/client exact version repo-wide
In components/notion_api_key/package.json (line 16), replace "@notionhq/client": "^2.3.0" with "4.0.2" to match components/notion/package.json; then confirm no other caret/tilde ranges remain.