chore(deps): bump @bymax-one/nest-auth to ^1.0.11#4
Merged
Conversation
Dev-only security patch (forces tmp >=0.2.6 via overrides); no API changes from 1.0.10. Updates root, apps/api, apps/web and the lockfile. Includes staged .vscode editor settings. Verified: typecheck, lint, format:check and full test suite (API 540 tests, web 701 tests) all green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR bumps @bymax-one/nest-auth from ^1.0.10 to ^1.0.11 across the monorepo and updates the lockfile accordingly, plus adds shared VS Code workspace settings/extensions to standardize formatting and linting behavior for contributors.
Changes:
- Bump
@bymax-one/nest-authto^1.0.11in the root,apps/api, andapps/web. - Update
pnpm-lock.yamlto reflect the new resolved version. - Add
.vscodeworkspace settings and extension recommendations for Prettier/ESLint/Tailwind/EditorConfig.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
pnpm-lock.yaml |
Updates lock resolution to @bymax-one/nest-auth@1.0.11. |
package.json |
Bumps root devDependency for @bymax-one/nest-auth to ^1.0.11. |
apps/api/package.json |
Bumps API app dependency for @bymax-one/nest-auth to ^1.0.11. |
apps/web/package.json |
Bumps Web app dependency for @bymax-one/nest-auth to ^1.0.11. |
.vscode/settings.json |
Adds workspace editor/formatter/linting/search settings. |
.vscode/extensions.json |
Recommends common workspace extensions (ESLint, Prettier, Tailwind, EditorConfig). |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Member
Author
{
"consecutiveFailures": {
"Mutation — apps/api::prisma-config-DATABASE_URL": 1,
"Mutation — apps/api::users.service.ts:179-StringLiteral-survived": 1
},
"flakyReruns": {},
"processedCommentIds": [3329162383, 4583900291, 3329191232],
"paused": false,
"localGate": "pnpm test",
"headSha": "2b34613",
"terminated": true,
"terminatedReason": "All checks green, mergeable CLEAN, no open bot threads. Ready to merge (babysit did not merge).",
"fixes": [
{ "commit": "0677f1a", "summary": "DATABASE_URL placeholder for prisma generate in mutation.yml + mutation-nightly.yml." },
{ "commit": "fa01c94", "summary": "Hardened findById not-found test to assert verbatim 404 message — kills surviving StringLiteral mutant." },
{ "commit": "2b34613", "summary": "Copilot review: assert against a single rejected promise. Mutation apps/api back to 100%." }
]
} |
… workflows
The "Generate Prisma client" step in mutation.yml and mutation-nightly.yml
did not set DATABASE_URL. Prisma 7 resolves env('DATABASE_URL') in
prisma.config.ts at CLI load time, so `prisma generate` throws
PrismaConfigEnvError before mutation testing can even start. ci.yml already
passes a placeholder on the same step; these two workflows were missing it.
Surfaced on PR #4 — the first run of mutation.yml (triggered by pnpm-lock.yaml
/ package.json paths). Pre-existing latent bug, not a regression.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…case The not-found test only asserted the error type (NotFoundException), not the message, so an empty-message variant of the 404 went uncaught — surfacing as a surviving StringLiteral mutant (score 99.87 < break threshold 100) the first time mutation.yml ran on a PR. The incremental cache from main had masked it; the nightly cold run would have caught it. Adds an assertion that the 404 names the requested id verbatim, matching the existing convention in the updateStatus tests. Targeted Stryker run on users.service.ts is back to 100.00% (0 survivors). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Asserts the type and the verbatim 404 message against one rejected promise instead of calling service.findById twice, so the lookup runs exactly once. Still kills the StringLiteral mutant — targeted Stryker run stays at 100.00%. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps
@bymax-one/nest-authfrom^1.0.10to^1.0.11across the root,apps/api, andapps/web, plus the regeneratedpnpm-lock.yaml. Also includes staged.vscodeeditor settings.About 1.0.11
The library's
1.0.11release is a dev-only security patch internal to the library's own repo — it forcestmp >=0.2.6via apnpm.overridesentry in the library, clearing an advisory in its dev toolchain. That override is not present in the published bundle and does not propagate to consumers, so this example app needs notmpoverride and its lockfile/overrides are unchanged (this repo'spnpm.overridesstill contains only@hono/node-server). There are no API changes from1.0.10, so no application code changes were required.Verification
typecheck,lint,format:check, and the full test suite (API 540 tests, web 701 tests) all green locally.