chore(deps): remove unused joi and sequelize dependencies

[PierreBrisorgueil]

Summary

• What changed: Removed the sequelize npm package and deleted dead files (lib/helpers/joi.js, lib/services/sequelize.js, modules/tasks/models/tasks.model.sequelize.js). Cleaned up all references in config, jest exclusions, app bootstrap, and tests.
• Why: Both dependencies were fully commented out / unused since the migration to Zod and MongoDB-only. Removing them shrinks the dependency tree and eliminates 15 transitive packages.
• Related issues: Closes chore: remove unused joi and sequelize dependencies #3443

Scope

• Module(s) impacted: lib/app.js, config/assets.js, config/defaults/development.config.js, lib/helpers/config.js, jest.config.js, modules/core/tests, modules/users/services
• Cross-module impact: none
• Risk level: low

Validation

• npm run lint
• npm test
• Manual checks done (if applicable)

Guardrails check

• No secrets or credentials introduced (.env*, secrets/**, keys, tokens)
• No risky rename/move of core stack paths
• Changes remain merge-friendly for downstream projects
• Tests added or updated when behavior changed

Notes for reviewers

• Security considerations: Removes 15 transitive dependencies, reducing attack surface
• Mergeability considerations: No downstream project uses sequelize or joi — safe to merge
• Follow-up tasks (optional): None

Summary by CodeRabbit

Release Notes

• Chores
  • Removed Sequelize ORM support and package dependency from the project
  • Updated application configuration, metadata, and initialization logic to reflect ORM removal
  • Simplified application bootstrap and startup process
  • Updated test coverage configuration and unit test expectations
  • Removed legacy password strength validation extension

[coderabbitai]

Warning

Rate limit exceeded

@PierreBrisorgueil has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 1 minutes and 14 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 1 minutes and 14 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 461c55b8-d45c-4936-9f37-382a8abd0367

📥 Commits

Reviewing files that changed from the base of the PR and between ffbaf70 and e3d586e.

📒 Files selected for processing (3)

• config/index.js
• lib/app.js
• modules/users/services/users.service.js

Walkthrough

This PR removes unused Joi and Sequelize dependencies from the codebase. It deletes Sequelize service and Joi helper files, removes Sequelize model files and related asset/config references, updates the bootstrap flow to exclude ORM initialization, and removes both Joi and Sequelize from package.json dependencies.

Changes

Cohort / File(s)	Summary
Removed Sequelize & Joi Files lib/services/sequelize.js, lib/helpers/joi.js, modules/tasks/models/tasks.model.sequelize.js	Completely removed Sequelize service, Joi validation extension, and commented-out Sequelize model files.
Configuration Updates config/assets.js, config/defaults/development.config.js, lib/helpers/config.js	Removed sequelizeModels asset glob, removed Sequelize references from app description/keywords, and removed sequelizeModels config initialization.
Bootstrap/Start Flow lib/app.js	Updated bootstrap() and start() methods to remove orm from return values; changed from { db, orm, app } to { db, app }.
Test & Coverage Updates modules/core/tests/core.unit.tests.js, jest.config.js	Removed sequelizeModels from expected asset keys in unit test; removed coverage exclusions for Sequelize and Joi files.
Service Documentation modules/users/services/users.service.js	Updated inline comment to reference zod.zxcvbn instead of joi.zxcvbn.
Dependency Cleanup package.json	Removed sequelize and joi from dependencies; removed both from keywords list; updated description to remove Sequelize mention.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat(config): per-module activated flag #3384: Both PRs involve modifications to config.files.sequelizeModels — this PR removes it entirely while the related PR references it with filter logic.

Suggested labels

Refactor

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely describes the main change: removing unused joi and sequelize dependencies from the project.
Description check	✅ Passed	The PR description is comprehensive and follows the template, covering summary, scope, validation steps, guardrails, and reviewer notes with clear justification for the changes.
Linked Issues check	✅ Passed	All objectives from issue #3443 are met: dependencies uninstalled from package.json, dead files deleted, references cleaned up, and no remaining imports verified.
Out of Scope Changes check	✅ Passed	All changes are directly related to removing joi and sequelize dependencies and their references; no unrelated modifications are present in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/remove-unused-deps

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.58%. Comparing base (2be9390) to head (e3d586e).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3444      +/-   ##
==========================================
- Coverage   85.58%   85.58%   -0.01%     
==========================================
  Files         113      113              
  Lines        2879     2878       -1     
  Branches      796      796              
==========================================
- Hits         2464     2463       -1     
  Misses        329      329              
  Partials       86       86              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Removes legacy/unused Sequelize + Joi-related code and references to reduce dependency footprint now that the stack is MongoDB + Zod only.

Changes:

• Remove sequelize from dependencies (and prune related transitive packages from the lockfile).
• Delete dead Sequelize/Joi helper/model files and strip remaining bootstrap/config/test references.
• Update asset/config/test expectations and development metadata to reflect Mongo-only support.

Reviewed changes

Copilot reviewed 10 out of 12 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
package.json	Drops Sequelize from dependencies and removes Sequelize from package metadata.
package-lock.json	Prunes Sequelize and related transitive packages from the lockfile.
lib/app.js	Removes the (commented) Sequelize bootstrap path and stops returning orm.
lib/helpers/config.js	Stops generating files.sequelizeModels during config initialization.
config/assets.js	Removes the sequelizeModels glob from the assets map.
config/defaults/development.config.js	Removes Sequelize mention in app metadata and deletes commented ORM config block.
jest.config.js	Removes Jest exclusions that referenced deleted Sequelize/Joi files/patterns.
modules/core/tests/core.unit.tests.js	Updates expected assets keys to no longer include sequelizeModels.
modules/users/services/users.service.js	Updates an inline comment to reference Zod instead of Joi.
lib/services/sequelize.js	Deletes the unused (commented) Sequelize service file.
lib/helpers/joi.js	Deletes the deprecated Joi extension helper file.
modules/tasks/models/tasks.model.sequelize.js	Deletes the dead Sequelize model stub.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@lib/app.js`:
- Around line 41-43: The JSDoc for the bootstrap function uses "@return" instead
of the required "@returns"; update the JSDoc block for the bootstrap function in
lib/app.js to use "@returns {Object} db and app instances" (or equivalent) and
ensure the function's JSDoc header includes both required tags (e.g., "@param"
entries if any and the corrected "@returns") so it conforms to the repository
guideline; locate the doc block immediately above the bootstrap function
declaration to make the change.

In `@modules/core/tests/core.unit.tests.js`:
- Line 59: The test updated expected asset keys to remove 'sequelizeModels' but
the configuration loader still includes 'sequelizeModels' in the fileKeys list;
update the config loading logic by removing 'sequelizeModels' from the fileKeys
array and any associated processing paths so the loader no longer expects or
processes Sequelize assets (search for the symbol 'fileKeys' and remove
references to 'sequelizeModels'), and ensure no other functions or branches
reference 'sequelizeModels' (e.g., cleanup any handlers or conditionals that
mention 'sequelizeModels') so the test and runtime match.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9bb82b18-2aa3-418a-b59c-cebd0ada4f64

📥 Commits

Reviewing files that changed from the base of the PR and between 2be9390 and ffbaf70.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (11)

• config/assets.js
• config/defaults/development.config.js
• jest.config.js
• lib/app.js
• lib/helpers/config.js
• lib/helpers/joi.js
• lib/services/sequelize.js
• modules/core/tests/core.unit.tests.js
• modules/tasks/models/tasks.model.sequelize.js
• modules/users/services/users.service.js
• package.json

💤 Files with no reviewable changes (6)

• lib/helpers/config.js
• config/assets.js
• modules/tasks/models/tasks.model.sequelize.js
• jest.config.js
• lib/services/sequelize.js
• lib/helpers/joi.js