[PR #5329] [MERGED] chore: bump dependencies and account for breaking changes #5163

New issue

Closed

opened 2026-03-17 02:38:12 +03:00 by kerem · 0 comments

kerem commented

2026-03-17 02:38:12 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hoppscotch/hoppscotch/pull/5329
Author: @jamesgeorge007
Created: 8/14/2025
Status: ✅ Merged
Merged: 8/20/2025
Merged by: @jamesgeorge007

Base: next ← Head: bump-deps

📝 Commits (6)

d25c6a0 chore: bump dependencies
dd718a1 chore: update Alpine version and add build dependencies
b6a0928 chore: account for recent minor bumps
85a2b3b build: backend update dependencies and pnpm version
da471af build: resolve vulnerability
597f6c8 build: add early return for GQL schema generation in MailerModule

📊 Changes

28 files changed (+7963 additions, -5621 deletions)

View changed files

📝 package.json (+9 -9)
📝 packages/codemirror-lang-graphql/package.json (+8 -8)
📝 packages/hoppscotch-backend/package.json (+21 -21)
📝 packages/hoppscotch-backend/src/mailer/mailer.module.ts (+2 -0)
📝 packages/hoppscotch-cli/package.json (+15 -15)
📝 packages/hoppscotch-cli/src/__tests__/unit/getters.spec.ts (+1 -1)
📝 packages/hoppscotch-common/.eslintrc.js (+1 -2)
📝 packages/hoppscotch-common/package.json (+83 -85)
📝 packages/hoppscotch-common/src/components.d.ts (+1 -0)
📝 packages/hoppscotch-common/src/components/collections/Collection.vue (+4 -4)
📝 packages/hoppscotch-common/src/components/collections/MyCollections.vue (+71 -71)
📝 packages/hoppscotch-common/src/components/collections/TeamCollections.vue (+68 -68)
📝 packages/hoppscotch-common/src/components/collections/graphql/Collection.vue (+2 -2)
📝 packages/hoppscotch-common/src/components/collections/graphql/Folder.vue (+2 -2)
📝 packages/hoppscotch-common/src/components/instance/Switcher.vue (+1 -1)
📝 packages/hoppscotch-common/src/helpers/backend/GQLClient.ts (+1 -0)
📝 packages/hoppscotch-common/src/modules/head.ts (+3 -1)
📝 packages/hoppscotch-common/vitest.config.mts (+0 -0)
📝 packages/hoppscotch-data/package.json (+8 -8)
📝 packages/hoppscotch-js-sandbox/package.json (+13 -13)

...and 8 more files

📄 Description

This PR aims to bump dependencies across relevant packages. Certain bumps are deferred - a few carried over from previous attempts, while others are new due to the scope and surface area of related action items. For example, Vite v7 introduces changes to the browser support and increases the minimum supported Node.js version.

Also, includes changes aimed at resolving SH Docker image vulnerabilities.

Rust side dependency bumps handled in #5331.

Closes FE-969.

What's changed

Bump dependencies.
Account for breaking changes:
- @unhead/vue - change in import path.
- @urql/core - opt out from preferring GET for queries combining query-string + variables via preferGetMethod option.
- eslint-plugin-vue - Switched from plugin:vue/vue3-recommended to plugin:vue/recommended to account for ESLint plugin resolution.
Removed @urql/exchange-graphcache since it isn't consumed elsewhere.
Resolve lint/formatting errors/warnings.
Bump the base Alpine image based on Node.js v22.16 and related build dependency additions.
prod.Dockerfile updates aimed at SH Docker image vulnerability resolution (installs go manually).

Deferred updates

eslint - ESLint v9 migration has a broader surface area.
@vue/eslint-config-typescript - Staying on v13 since v14 dropped support for legacy ESLing config.
vue-tsc - There are breaking API changes in v2, and the type check script for services has to be updated after proper research.
zod - Larger surface area with the breaking API changes.
splitpanes - v3.1.6 affects the layout.
vite - v7 requires Node.js v20.19+ and drops support for legacy browsers.
@vitejs/plugin-vue - v6 requires Node.js v20.19+
tailwindcss - Pinned on v3.4 since v4 drops support for old browsers.
isolated-vm - v6 dropped support for Node.js v20.
@apollo/server:v5.0.0 - since @nestjs/apollo not compatible. Also, subscriptions-transport-ws support dropped in v5. So, we (BE+FE) need to implement the graphql-ws protocol.

Notes to reviewers

Spin up the AIO container and verify the major flows across the app & Admin dashboard. E2E tests cover CLI behaviour; still worth taking for a spin.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hoppscotch/hoppscotch/pull/5329 **Author:** [@jamesgeorge007](https://github.com/jamesgeorge007) **Created:** 8/14/2025 **Status:** ✅ Merged **Merged:** 8/20/2025 **Merged by:** [@jamesgeorge007](https://github.com/jamesgeorge007) **Base:** `next` ← **Head:** `bump-deps` --- ### 📝 Commits (6) - [`d25c6a0`](https://github.com/hoppscotch/hoppscotch/commit/d25c6a072b2b88c29067ae2e39cf6bb84955e361) chore: bump dependencies - [`dd718a1`](https://github.com/hoppscotch/hoppscotch/commit/dd718a186ab2aa42ed2f804f9e628d3409f2f8f3) chore: update Alpine version and add build dependencies - [`b6a0928`](https://github.com/hoppscotch/hoppscotch/commit/b6a09282f00826286d2ef0e8fc89be9ddbe6c757) chore: account for recent minor bumps - [`85a2b3b`](https://github.com/hoppscotch/hoppscotch/commit/85a2b3b3cf93ac1705336c4fcca6688d40c1ab19) build: backend update dependencies and pnpm version - [`da471af`](https://github.com/hoppscotch/hoppscotch/commit/da471af034df609c87f35c3896ee5363ac4ff3a8) build: resolve vulnerability - [`597f6c8`](https://github.com/hoppscotch/hoppscotch/commit/597f6c8ebd6320df89966149505663604f564561) build: add early return for GQL schema generation in MailerModule ### 📊 Changes **28 files changed** (+7963 additions, -5621 deletions) <details> <summary>View changed files</summary> 📝 `package.json` (+9 -9) 📝 `packages/codemirror-lang-graphql/package.json` (+8 -8) 📝 `packages/hoppscotch-backend/package.json` (+21 -21) 📝 `packages/hoppscotch-backend/src/mailer/mailer.module.ts` (+2 -0) 📝 `packages/hoppscotch-cli/package.json` (+15 -15) 📝 `packages/hoppscotch-cli/src/__tests__/unit/getters.spec.ts` (+1 -1) 📝 `packages/hoppscotch-common/.eslintrc.js` (+1 -2) 📝 `packages/hoppscotch-common/package.json` (+83 -85) 📝 `packages/hoppscotch-common/src/components.d.ts` (+1 -0) 📝 `packages/hoppscotch-common/src/components/collections/Collection.vue` (+4 -4) 📝 `packages/hoppscotch-common/src/components/collections/MyCollections.vue` (+71 -71) 📝 `packages/hoppscotch-common/src/components/collections/TeamCollections.vue` (+68 -68) 📝 `packages/hoppscotch-common/src/components/collections/graphql/Collection.vue` (+2 -2) 📝 `packages/hoppscotch-common/src/components/collections/graphql/Folder.vue` (+2 -2) 📝 `packages/hoppscotch-common/src/components/instance/Switcher.vue` (+1 -1) 📝 `packages/hoppscotch-common/src/helpers/backend/GQLClient.ts` (+1 -0) 📝 `packages/hoppscotch-common/src/modules/head.ts` (+3 -1) 📝 `packages/hoppscotch-common/vitest.config.mts` (+0 -0) 📝 `packages/hoppscotch-data/package.json` (+8 -8) 📝 `packages/hoppscotch-js-sandbox/package.json` (+13 -13) _...and 8 more files_ </details> ### 📄 Description This PR aims to bump dependencies across relevant packages. Certain bumps are deferred - a few carried over from previous attempts, while others are new due to the scope and surface area of related action items. For example, Vite `v7` introduces changes to the browser support and increases the minimum supported Node.js version. Also, includes changes aimed at resolving SH Docker image vulnerabilities. > Rust side dependency bumps handled in #5331. Closes FE-969. ### What's changed - Bump dependencies. - Account for breaking changes: - [@unhead/vue](https://unhead.unjs.io/docs/vue/head/guides/get-started/migration) - change in import path. - [@urql/core](https://github.com/urql-graphql/urql/blob/main/packages/core/CHANGELOG.md#600) - opt out from preferring `GET` for queries combining query-string + variables via `preferGetMethod` option. - `eslint-plugin-vue` - Switched from `plugin:vue/vue3-recommended` to `plugin:vue/recommended` to account for ESLint plugin resolution. - Removed `@urql/exchange-graphcache` since it isn't consumed elsewhere. - Resolve lint/formatting errors/warnings. - Bump the base Alpine image based on `Node.js v22.16` and related build dependency additions. - `prod.Dockerfile` updates aimed at SH Docker image vulnerability resolution (installs `go` manually). ### Deferred updates - `eslint` - ESLint `v9` migration has a broader surface area. - `@vue/eslint-config-typescript` - Staying on `v13` since `v14` dropped support for legacy ESLing config. - `vue-tsc` - There are breaking API changes in `v2`, and the type check script for services has to be updated after proper research. - `zod` - Larger surface area with the breaking API changes. - `splitpanes` - `v3.1.6` affects the layout. - `vite` - `v7` requires Node.js `v20.19+` and drops support for legacy browsers. - `@vitejs/plugin-vue` - `v6` requires Node.js `v20.19+` - `tailwindcss` - Pinned on `v3.4` since `v4` drops support for old browsers. - `isolated-vm` - `v6` dropped support for Node.js `v20`. - `@apollo/server:v5.0.0` - since `@nestjs/apollo` not compatible. Also, `subscriptions-transport-ws` support dropped in v5. So, we (BE+FE) need to implement `the graphql-ws` protocol. ### Notes to reviewers Spin up the AIO container and verify the major flows across the app & Admin dashboard. E2E tests cover CLI behaviour; still worth taking for a spin. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>