fix(deps): update dependency pino to v9

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pino (source)	^8.18.0 -> ^9.0.0

---

Release Notes

pinojs/pino (pino)

v9.1.0

Compare Source

What's Changed

• fix(transport-stream): Fix import error when using pkg with node v20 by @​nagyszabi in https://github.com/pinojs/pino/pull/1949
• Update LTS doc by @​jsumners in https://github.com/pinojs/pino/pull/1955
• Update pino types for browser.formatters by @​KatelynKim in https://github.com/pinojs/pino/pull/1946
• add node v22 to CI by @​mcollina in https://github.com/pinojs/pino/pull/1953
• Add Platformatic to sponsors by @​mcollina in https://github.com/pinojs/pino/pull/1956
• Update h3 example by @​mcollina in https://github.com/pinojs/pino/pull/1968
• Support file URLs when configuring multiple transports by @​haines in https://github.com/pinojs/pino/pull/1961
• Adding support for mix&match pipelines by @​dbacarel in https://github.com/pinojs/pino/pull/1954
• apply serializers to args once before asObject or transmit by @​emmyakin in https://github.com/pinojs/pino/pull/1971
• build(deps-dev): bump pino-pretty from 10.3.1 to 11.0.0 by @​dependabot in https://github.com/pinojs/pino/pull/1933
• build(deps): bump sonic-boom from 3.8.1 to 4.0.1 by @​dependabot in https://github.com/pinojs/pino/pull/1960
• build(deps): bump pino-std-serializers from 6.2.2 to 7.0.0 by @​dependabot in https://github.com/pinojs/pino/pull/1957
• build(deps-dev): bump tsd from 0.30.7 to 0.31.0 by @​dependabot in https://github.com/pinojs/pino/pull/1937
• build(deps): bump actions/dependency-review-action from 3 to 4 by @​dependabot in https://github.com/pinojs/pino/pull/1894
• build(deps): bump pnpm/action-setup from 2.4.0 to 3.0.0 by @​dependabot in https://github.com/pinojs/pino/pull/1913
• Drop yarn support and update pnpm by @​mcollina in https://github.com/pinojs/pino/pull/1972
• build(deps): bump thread-stream from 2.7.0 to 3.0.0 by @​dependabot in https://github.com/pinojs/pino/pull/1959

New Contributors

• @​nagyszabi made their first contribution in https://github.com/pinojs/pino/pull/1949
• @​haines made their first contribution in https://github.com/pinojs/pino/pull/1961
• @​emmyakin made their first contribution in https://github.com/pinojs/pino/pull/1971

Full Changelog: pinojs/pino@v9.0.0...v9.1.0

v9.0.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[deepsource-io]

Here's the code health analysis summary for commits c4bb26a..437ab75. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[codecov]

The main change in this commit is the update of the 'pino' package from version 8 to version 9 in both package.json and pnpm-lock.yaml files. This is a major version change. It's important to ascertain that none of the breaking changes or deprecations affect our codebase. Make sure to thoroughly test all parts of the application that use 'pino' after this change.

[codecov]

The 'pino' package is updated to its latest major release, v9. Ensure to consult the changelogs and migration guide of the 'pino' library as major upgrades involve breaking changes.

[codecov]

Here also 'pino' is updated to v9 in the shared package. Do the same verifications regarding breaking changes.

[codecov]

This 'pino' version change in pnpm-lock.yaml confirms 'pino' v9.0.0 is used instead of v8.19.0. Please ensure to run 'pnpm install' for updating the lock file corresponding to package.json changes.

[codecov]

The 'pino' dependency for the shared package is also updated in the pnpm-lock file. If you encounter issues, checking for compatibility may be necessary.

[codecov]

The new SHA512 hash corresponding to the 'pino' v9.0.0 version is updated. This is automatically managed by the package manager and does not require any actions.

[codecov]

The code changes mainly revolve around upgrading the pino package version from 8.19.0 and 8.18.0 to the latest 9.0.0 version across multiple files. These changes are fine if the new version does not introduce breaking changes that would affect the current system. Always ensure backward compatibility unless the system is prepared for the breaking changes.

[codecov]

You've updated the version of the 'pino' package from '^8.21.0' to '^9.0.0'. Ensure that these changes are compatible with the rest of the application by thorough testing, specifically for any breaking changes introduced by the new version.

[codecov]

You've upgraded pino logging library from version 8.18.0 to 9.0.0. Note that whenever we upgrade dependencies to a new major version, we should analyse the breaking changes introduced in that version to estimate the potential impact on our application. Review the library's changelog or release notes for any breaking changes. Also, run all the tests to make sure those updates do not break the application.

[codecov]

Here once again the pino version is being updated. Ensure that this change aligns with the shift in version for other packages as well, and hasn't results in any versioning conflicts.

[codecov]

The new version of pino (version 9.0.0) is specified here. Make sure that this new version does not break anything in the code base, thoroughly test the updates.

[codecov]

Here the previous versions of pino (8.20.0 and 8.21.0) have been removed. Please validate that no part of the application was specifically dependent on the old version of pino, and make necessary adjustments if that's the case.

[codecov]

You've made a significant version jump from Pino v8 to v9. Pino v9 has several breaking changes as compared to v8, so it would be advisable to check if any of your existing functionality which relies on Pino logging is negatively affected. A comprehensive test suite would be very helpful in this context.

[codecov]

You've updated Pino to v9.0.0. Ensure that all breaking changes are properly accounted for in your application, and check the official Pino documentation for details on breaking changes.

[codecov]

You've updated Pino in your shared package as well. Make sure that this does not cause any incompatibility issues with other packages or applications using your shared package.

[codecov]

Also, ensure that you're updating the lockfile correctly. The previous version seemed to be 8.21.0, which isn't the same as in your package.json. This might suggest some inconsistencies in how dependencies are being managed.

[codecov]

You've updated the Pino version in your lock file. This is good as it ensures that the correct dependency versions are installed. However, ensure all packages which depend on Pino also support this new version.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 9.74%. Comparing base (c4bb26a) to head (437ab75).

Additional details and impacted files

@@          Coverage Diff          @@
##            main   #1919   +/-   ##
=====================================
  Coverage   9.74%   9.74%           
=====================================
  Files        133     133           
  Lines       9730    9730           
  Branches     128     132    +4     
=====================================
  Hits         948     948           
  Misses      8782    8782           

Flag	Coverage Δ		*Carryforward flag
cli	0.00% <ø> (ø)
connection	25.66% <ø> (ø)
database	9.70% <ø> (ø)
gateway	41.48% <ø> (ø)
mcots	0.00% <ø> (ø)
nps	0.00% <ø> (ø)		Carriedforward from c4bb26a
patch	86.08% <ø> (ø)
schema	0.00% <ø> (ø)		Carriedforward from c4bb26a
shard	41.47% <ø> (ø)
shared	13.44% <ø> (ø)
shared-packets	0.00% <ø> (ø)

*This pull request uses carry forward flags. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher

🚮 Removed packages: npm/pino@8.21.0

View full report↗︎

[codecov]

CodecovAI submitted a new review for 9914a3b

[codecov]

You have upgraded pino to its 9.0.0 version. Make sure this change does not cause any inconsistency or version conflict with other dependencies or sub-dependencies.

[codecov]

CodecovAI submitted a new review for 58f0c15

[codecov]

The 'thread-stream' library has also been updated from version 2.4.1 to 2.7.0. It's important to understand the implications of this version upgrade as well.

[codecov]

It seems that the older version of 'thread-stream' has been completely replaced with the new one based on the lockfile. If there were any known issues with the older version, this should resolve them.

[codecov]

CodecovAI submitted a new review for 58f0c15

[codecov]

'thread-stream' has been updated to version 2.7.0. Make sure to test and ensure no significant changes in this updated package adversely impacts your application.

[codecov]

As the 'thread-stream' has been updated to a new version, the old version information is correctly removed.

[codecov]

CodecovAI submitted a new review for 6f5eb91

[codecov]

An update was made to the SHA512 hash resolving the pino package. This change was expected and is correct, as the hash corresponds to the precise version of the package being pulled.

[codecov]

CodecovAI submitted a new review for 6f5eb91

[codecov]

The integrity hash has been updated, which suggests a successful update of 'pino' to version 9.0.0. This includes a complete download which ensures the package is not tampered with.

[codecov]

CodecovAI submitted a new review for 8ce2487

[codecov]

Information about the old version of pino is removed here. Make sure no essential dependencies were lost in this change.

[codecov]

'thread-stream@2.6.0' dependency has been removed. If it's a deprecated version, it's generally okay to remove it. However, please ensure these changes won't affect the functioning of your code.

[codecov]

CodecovAI submitted a new review for 8ce2487

[codecov]

'pino@8.20.0' details removed here. Given that the application no longer uses this version of 'pino', this seems to be an appropriate change.

[codecov]

CodecovAI submitted a new review for 8ce2487

[codecov]

Previously used pino@8.20.0 package with its dependencies has been removed. Please make sure the removal of these dependencies does not affect other packages that still might be using them.

[codecov]

Removal of the '/thread-stream@2.6.0' dependency may affect packages that might still be using it. If other packages that still require this version, consider refraining this change.

[codecov]

CodecovAI submitted a new review for 8ce2487

[codecov]

The packages /pino@8.20.0 and /thread-stream@2.6.0 are no longer available after these changes. If any other part of the project is still dependent on these, it could potentially cause breaking changes.

[codecov]

This removal shows that the version of 'thread-stream' has been changed. It may impact how 'pino' works - investigate any changes to this dependency as well.

[codecov]

CodecovAI submitted a new review for 3645c3d

[codecov]

It appears that several dependencies that were related to 'pino' v8.21.0, aren't present for 'pino' v9.0.0. Make sure to check the updated 'pino' documentation to be aware of any dropped dependencies and how that could affect your application.

[codecov]

CodecovAI submitted a new review for 194704e

[codecov]

These dependency removals are a result of the 'pino' update. Ensure that removing these dependencies doesn't affect any functionality. If any functionality is affected, you might need to manually add them.

[codecov]

CodecovAI submitted a new review for 194704e

[codecov]

Removal of the old version of 'pino' from the pnpm-lock.yaml file is good to keep it clean and up-to-date, but be aware of any dependencies relying on the old version.

[codecov]

'thread-stream@2.6.0' dependency is also removed with this update, and its dependencies along with it. Again, make sure this doesn't impact your current codebase.

[codecov]

CodecovAI submitted a new review for fac540b

[codecov]

The detailed information for the previous version (8.21.0) of pino is still present. If 9.0.0 is the preferred version, consider removing these details to maintain consistency.

[codecov]

CodecovAI submitted a new review for e34ea0f

[codecov]

'pino' package is removed and updated in the lock file. This action suggests that the packages have been updated correctly.

[codecov]

CodecovAI submitted a new review for 030351b

[codecov]

'thread-stream' version is removed from your projects. If any of your packages were depending on this version, you might face issues.

[codecov]

Removals of dependencies in pino@8.20.0 are also significant, especially if other components in the project directly/indirectly depended on these dependencies.

[codecov]

Try to resist removing dependencies such as 'real-require' in 'thread-stream@2.6.0' unless you're absolutely sure they're not needed anywhere else in the codebase as it may cause unexpected breakage.

[codecov]

CodecovAI submitted a new review for 030351b

[codecov]

Please confirm if it's okay to remove all dependencies of the older version of pino. If some dependencies are still required, they should be shift to new version or kept with older version of pino.

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[codecov]

CodecovAI submitted a new review for dbd3f68

[codecov]

Please confirm 'pino-pretty' version 11.0.0 is compatible with 'pino' version 9.0.0. Although not every single major update will result in issues with dependent libraries, when it does occur it can cause unexpected behaviour.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud