[WIP] Upgrade to latest version of @objectstack with plugin-auth#369
[WIP] Upgrade to latest version of @objectstack with plugin-auth#369
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
…objectstack/plugin-auth Co-authored-by: hotlong <50353452+hotlong@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR upgrades the monorepo’s @objectstack/* dependencies from 2.0.3 to 2.0.5 and introduces @objectstack/plugin-auth, wiring it into the runtime configuration.
Changes:
- Bump
@objectstack/{spec,core,runtime,objectql,cli,studio,plugin-hono-server}to2.0.5across affected packages. - Add
@objectstack/plugin-auth@^2.0.5and registerAuthPlugininobjectstack.config.ts. - Update
pnpm-lock.yamlto reflect the new versions and transitive dependency graph.
Reviewed changes
Copilot reviewed 22 out of 23 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| pnpm-lock.yaml | Lockfile updates for @objectstack/*@2.0.5 and new @objectstack/plugin-auth transitive deps |
| package.json | Root dependency bumps and addition of @objectstack/plugin-auth |
| objectstack.config.ts | Registers AuthPlugin with basePath: '/api/v1/auth' |
| packages/protocols/odata-v4/package.json | Bumps @objectstack/spec and @objectstack/core to ^2.0.5 |
| packages/protocols/json-rpc/package.json | Bumps @objectstack/spec and @objectstack/core to ^2.0.5 |
| packages/protocols/graphql/package.json | Bumps @objectstack/spec and @objectstack/core to ^2.0.5 |
| packages/foundation/types/package.json | Bumps @objectstack/spec to ^2.0.5 |
| packages/foundation/plugin-workflow/package.json | Bumps @objectstack/{core,spec} to ^2.0.5 |
| packages/foundation/plugin-validator/package.json | Bumps @objectstack/{core,spec} to ^2.0.5 |
| packages/foundation/plugin-security/package.json | Bumps @objectstack/{core,spec} to ^2.0.5 |
| packages/foundation/plugin-multitenancy/package.json | Bumps @objectstack/{core,spec} to ^2.0.5 |
| packages/foundation/plugin-formula/package.json | Bumps @objectstack/{core,spec} to ^2.0.5 |
| packages/foundation/platform-node/package.json | Bumps @objectstack/spec to ^2.0.5 |
| packages/foundation/core/package.json | Bumps @objectstack/{core,objectql,runtime,spec} to ^2.0.5 |
| packages/drivers/sqlite-wasm/package.json | Bumps @objectstack/spec to ^2.0.5 |
| packages/drivers/sql/package.json | Bumps @objectstack/spec to ^2.0.5 |
| packages/drivers/sdk/package.json | Bumps @objectstack/spec to ^2.0.5 |
| packages/drivers/redis/package.json | Bumps @objectstack/spec to ^2.0.5 |
| packages/drivers/pg-wasm/package.json | Bumps @objectstack/spec to ^2.0.5 |
| packages/drivers/mongo/package.json | Bumps @objectstack/spec to ^2.0.5 |
| packages/drivers/memory/package.json | Bumps @objectstack/spec to ^2.0.5 |
| packages/drivers/fs/package.json | Bumps @objectstack/spec to ^2.0.5 |
| packages/drivers/excel/package.json | Bumps @objectstack/spec to ^2.0.5 |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
| vitest: ^2.0.0 || ^3.0.0 || ^4.0.0 | ||
| vue: ^3.0.0 |
There was a problem hiding this comment.
better-auth@1.4.18 declares an (optional) peer dependency on vitest ^2 || ^3 || ^4, but the lockfile resolves it with vitest@1.6.1. Even if tests currently pass, this will produce a peer-dependency mismatch and can break any better-auth Vitest integrations/utilities; consider upgrading Vitest to a supported major or adjusting dependency resolution so vitest@1.x is not used to satisfy this peer.
| "@objectstack/cli": "2.0.5", | ||
| "@objectstack/core": "2.0.5", | ||
| "@objectstack/plugin-auth": "^2.0.5", | ||
| "@objectstack/plugin-hono-server": "^2.0.5", |
There was a problem hiding this comment.
Adding @objectstack/plugin-auth pulls in transitive dependencies that require Node >= 20.19.0 (see lockfile entries like @noble/ciphers). If this repo intends to support earlier Node 20 minors (or Node 18+ as some tooling suggests), consider declaring/enforcing the actual minimum Node version at the root (e.g. package.json#engines / CI pinning) to prevent install/runtime surprises.
| '@noble/ciphers@2.1.1': | ||
| resolution: {integrity: sha512-bysYuiVfhxNJuldNXlFEitTVdNnYUc+XNJZd7Qm2a5j1vZHgY+fazadNFWFaMK/2vye0JVlxV3gHmC0WDfAOQw==} | ||
| engines: {node: '>= 20.19.0'} | ||
|
|
||
| '@noble/hashes@1.8.0': | ||
| resolution: {integrity: sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==} | ||
| engines: {node: ^14.21.3 || >=16} | ||
|
|
||
| '@noble/hashes@2.0.1': | ||
| resolution: {integrity: sha512-XlOlEbQcE9fmuXxrVTXCTlG2nlRXa9Rj3rr5Ue/+tX+nmkgbX720YHh0VR3hBF9xDvwnb8D2shVGOwNx+ulArw==} | ||
| engines: {node: '>= 20.19.0'} |
There was a problem hiding this comment.
The newly introduced transitive deps @noble/ciphers@2.1.1 and @noble/hashes@2.0.1 require Node >= 20.19.0 (per their engines fields). This effectively raises the minimum Node runtime for installs using this lockfile; please pin/communicate a compatible Node version (e.g. via package.json#engines and/or CI setup-node), otherwise contributors on older Node 20 minors will fail pnpm install.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.