feat: upgrade dependencies

[elibosley]

Summary by CodeRabbit

• New Features

  • Introduced a new field extraOrigins for enhanced API origin management.
  • Added a new environment variable PATHS_MY_SERVERS_FB for server backup management.

• Improvements

  • Updated connection status to reflect more accurate connection states.
  • Expanded allowed origins for remote access to include https://google.com and https://test.com.
  • Enhanced API key management with a placeholder string for security.
  • Updated dependency versions for improved functionality and stability.

• Bug Fixes

  • Resolved issues by updating various dependencies across the application.

[coderabbitai]

Walkthrough

The pull request introduces several significant changes across multiple files. The myservers.cfg configuration file updates the connection status, expands allowed origins, and modifies the API key placeholder. The package.json file reflects numerous dependency version upgrades for various packages, indicating improvements in functionality and stability. The vite.config.ts file alters the exclusion patterns for testing configurations, ensuring broader directory exclusions. Additionally, a new environment variable is added to the .env.development file, specifying a path for server backup. These changes collectively enhance the project's configuration, dependency management, and testing setup.

Changes

File	Change Summary
api/dev/states/myservers.cfg	- Updated minigraph from "PRE_INIT" to "ERROR_RETRYING" in [connectionStatus]. - Expanded allowedOrigins to include https://google.com and https://test.com. - Replaced apikey in [remote] with a placeholder. - Added new field extraOrigins under [api] listing https://google.com and https://test.com.
api/package.json	- Updated multiple package versions, including @apollo/client, express, and various @graphql-codegen packages. - Notable updates include graphql, uuid, and several @nestjs packages.
api/vite.config.ts	- Adjusted exclude patterns in the test configuration to use more general glob patterns. - Removed a trailing comma in the setupFiles array.
api/.env.development	- Added new variable PATHS_MY_SERVERS_FB=./dev/Unraid.net/fb_keepalive.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant API
    participant Config

    User->>Config: Request configuration
    Config->>API: Retrieve allowed origins
    API-->>Config: Return updated origins
    Config->>User: Provide updated configuration

Loading

🐰 "In the fields where rabbits roam,
New settings make our burrow home.
With origins wide and keys anew,
We hop along, our joy in view!
Dependencies fresh, our code's delight,
Let's dance in the moon's soft light!" 🌙

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 8887fda and 301c887.

⛔ Files ignored due to path filters (1)

• api/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (4)

• api/.env.development (1 hunks)
• api/dev/states/myservers.cfg (1 hunks)
• api/package.json (3 hunks)
• api/vite.config.ts (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• api/.env.development

🚧 Files skipped from review as they are similar to previous changes (2)

• api/dev/states/myservers.cfg
• api/vite.config.ts

🔇 Additional comments (4)

api/package.json (4)

43-44: Framework updates look compatible.

The NestJS and GraphQL ecosystem updates are minor version bumps within their respective major versions, maintaining compatibility:

• NestJS packages are updated in sync (10.4.7)
• Apollo packages are updated to compatible versions

Also applies to: 52-57

---

151-151: Verify TypeScript compatibility after major updates.

The TypeScript ecosystem updates require attention:

• Major update to @types/node (20.x → 22.x) might require code adjustments
• TypeScript 5.6.3 might introduce stricter type checking

#!/bin/bash
# Run TypeScript compiler in noEmit mode to check for new type errors
echo "Checking for TypeScript errors..."
npx tsc --noEmit

# Search for Node.js-specific API usage that might need updates
echo "Checking Node.js API usage..."
rg "process\.|Buffer\.|require\(" 

Also applies to: 168-169, 174-174

---

103-103: Verify authentication and logging functionality after major version upgrades.

Critical package upgrades that require thorough testing:

• openid-client upgrade from 5.x to 6.x may have breaking changes in authentication flows
• pino-http upgrade from 9.x to 10.x could affect logging behavior

Also applies to: 109-111

---

78-78: Security package updates require careful testing.

The updates to security-critical packages need thorough validation:

• jose (JWT handling): Verify that token generation and validation still work as expected
• express: Test middleware chain and security headers

Also applies to: 94-94

✅ Verification successful

This script will help us:

1. Find JWT imports and usage patterns to understand the jose package usage
2. Locate Express setup and middleware configuration to assess security implications

---

This script will help us:

1. Find the main application setup to understand the security middleware chain
2. Locate security-related configurations
3. Find JWT validation logic to assess the impact of the jose update

---

Based on the search results, I can now generate a final response:

Security package updates appear to be properly integrated with security measures in place

The codebase shows:

• jose package is used for JWT operations with proper validation through jwtVerify() in token validation flows
• Express is used with Fastify/Nest.js which provides security middleware:
  • CORS protection with origin validation
  • Rate limiting implementation
  • Cookie-based security with proper session handling

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for JWT operations that might need review
echo "Checking JWT usage patterns..."
rg -l "jose" | xargs rg "SignJWT|jwtVerify|createRemoteJWKSet"

# Search for express security middleware
echo "Checking express security configuration..."
rg -l "express" | xargs rg "helmet|cors|rateLimit|session"

Length of output: 8278

---

Script:

#!/bin/bash
# Let's search for JWT and express security configurations more specifically
echo "Checking JWT usage..."
rg -A 5 "from ['\"]jose['\"]|import.*jose" 

echo "Checking Express security middleware and configuration..."
rg -A 5 "import.*express|from.*express"
rg -A 5 "app\.use\(" 

Length of output: 2696

---

Script:

#!/bin/bash
# Let's check the application setup and middleware configuration
echo "Checking application setup and middleware..."
rg -A 10 "createApp|fastify\(|express\(\)" 

# Check for security-related middleware and configurations
echo "Checking security configurations..."
rg -A 5 "helmet|cors|security|rate|limit"

# Check for JWT validation logic
echo "Checking JWT validation..."
ast-grep --pattern 'jwtVerify($$$)'

Length of output: 208158

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[elibosley]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[github-actions]

This plugin has been deployed to Cloudflare R2 and is available for testing.
Download it at this URL: https://preview.dl.unraid.net/unraid-api/pr/944/dynamix.unraid.net.staging.plg

[pujitm]

lgtm