Refactor code structure for improved readability and maintainability#69
Refactor code structure for improved readability and maintainability#69sphildreth merged 1 commit intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the project’s JS tooling/auth dependencies (notably Auth.js/NextAuth and Vite) and refreshes the pnpm lockfile to match, aiming to keep the repo aligned with newer upstream releases.
Changes:
- Bump
next-authto5.0.0-beta.30(and corresponding transitive@auth/coreupdates in the lockfile). - Add/pin
vite@7.1.11(plus pnpm overrides) and refresh Vitest-related resolution. - Update
tmpandrollup(including platform Rollup packages) and remove older/deprecated transitive entries.
Reviewed changes
Copilot reviewed 1 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| package.json | Upgrades next-auth, adds vite, and introduces pnpm overrides for vite/tmp. |
| pnpm-lock.yaml | Regenerates dependency graph to reflect new next-auth, vite, tmp, and rollup resolutions/overrides. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
| "next": "16.2.1", | ||
| "next-auth": "5.0.0-beta.29", | ||
| "next-auth": "5.0.0-beta.30", | ||
| "next-themes": "^0.4.6", |
There was a problem hiding this comment.
next-auth v5.0.0-beta.30 pulls in @auth/core@0.41.0, but this repo also directly depends on @auth/core with a ^0.40.0 range (which excludes 0.41.x). This is causing multiple @auth/core versions in the lockfile and can lead to type/runtime mismatches. Consider bumping the direct @auth/core dependency to ^0.41.0 (or removing it if it’s only needed transitively) so the tree converges on a single version.
| "vite": "7.1.11", | ||
| "vite-tsconfig-paths": "^6.1.1", | ||
| "vitest": "4.1.0", | ||
| "web-vitals": "^5.1.0" | ||
| }, | ||
| "pnpm": { | ||
| "overrides": { | ||
| "esbuild": ">=0.25.0", | ||
| "prismjs": ">=1.30.0" | ||
| "prismjs": ">=1.30.0", | ||
| "vite": "7.1.11", | ||
| "tmp": ">=0.2.4" |
There was a problem hiding this comment.
Adding/pinning vite@7.1.11 introduces a Node engine requirement of ^20.19.0 || >=22.12.0 (per the lockfile). The repo doesn’t declare a Node engine in package.json, so developers/CI on older Node versions (e.g. Node 18 per docs) may start failing installs or tests. Consider declaring an explicit engines.node (and aligning Docker/CI/docs) or using a Vite version compatible with the supported Node range.
| "nanoid": "5.1.7", | ||
| "next": "16.2.1", | ||
| "next-auth": "5.0.0-beta.29", | ||
| "next-auth": "5.0.0-beta.30", |
There was a problem hiding this comment.
The PR title suggests a code-structure refactor, but the actual changes here are dependency/version updates (e.g. next-auth, vite, tmp, rollup). Consider updating the PR title to reflect the dependency upgrade scope so it’s easier to track in release notes and git history.
| '@auth/core@0.40.0': | ||
| resolution: {integrity: sha512-n53uJE0RH5SqZ7N1xZoMKekbHfQgjd0sAEyUbE+IYJnmuQkbvuZnXItCU7d+i7Fj8VGOgqvNO7Mw4YfBTlZeQw==} | ||
| peerDependencies: | ||
| '@simplewebauthn/browser': ^9.0.1 | ||
| '@simplewebauthn/server': ^9.0.2 | ||
| nodemailer: ^6.8.0 | ||
| peerDependenciesMeta: | ||
| '@simplewebauthn/browser': | ||
| optional: true | ||
| '@simplewebauthn/server': | ||
| optional: true | ||
| nodemailer: | ||
| optional: true | ||
|
|
||
| '@auth/core@0.41.0': | ||
| resolution: {integrity: sha512-Wd7mHPQ/8zy6Qj7f4T46vg3aoor8fskJm6g2Zyj064oQ3+p0xNZXAV60ww0hY+MbTesfu29kK14Zk5d5JTazXQ==} | ||
| peerDependencies: | ||
| '@simplewebauthn/browser': ^9.0.1 | ||
| '@simplewebauthn/server': ^9.0.2 | ||
| nodemailer: ^6.8.0 | ||
| peerDependenciesMeta: | ||
| '@simplewebauthn/browser': | ||
| optional: true | ||
| '@simplewebauthn/server': | ||
| optional: true | ||
| nodemailer: | ||
| optional: true | ||
|
|
There was a problem hiding this comment.
The lockfile now includes both @auth/core@0.40.0 and @auth/core@0.41.0, which is typically a sign that top-level constraints are preventing deduping. Since next-auth@5.0.0-beta.30 depends on @auth/core@0.41.0, consider updating the direct @auth/core version range in package.json so pnpm can converge on a single version.
| vite@7.1.11: | ||
| resolution: {integrity: sha512-uzcxnSDVjAopEUjljkWh8EIrg6tlzrjFUfMcR1EVsRDGwf/ccef0qQPRyOrROwhrTDaApueq+ja+KLPlzR/zdg==} | ||
| engines: {node: ^20.19.0 || >=22.12.0} | ||
| hasBin: true |
There was a problem hiding this comment.
vite@7.1.11 declares engines: { node: ^20.19.0 || >=22.12.0 }. If this project intends to support earlier Node versions, this upgrade can break local installs and CI runs. Consider documenting/enforcing the minimum Node version (e.g. via package.json engines/CI) before pinning Vite to this release line.
This pull request updates several dependencies in both
package.jsonandpnpm-lock.yamlto newer versions, focusing on keeping the project aligned with the latest releases and ensuring compatibility. The most notable changes are the upgrades tonext-auth,vite, and related packages, as well as updates to therollupandtmppackages.Dependency Updates and Compatibility:
next-authfrom5.0.0-beta.29to5.0.0-beta.30, which includes updated peer dependencies fornext,nodemailer, andreactto support newer versions. [1] [2] [3]viteto version7.1.11across the project, including all related peer dependencies and overrides, ensuring consistency and compatibility for build and test tools. [1] F73c40dbL73R7, [2] [3] [4] [5] [6]tmpto version0.2.5and set an override for it, replacing older versions and aligning with newernoderequirements. [1] F73c40dbL73R7, [2] [3]rollupand all its platform-specific packages from4.59.1to4.60.0, ensuring the latest features and fixes are available for the build process. [1] [2]Cleanup and Removal of Deprecated Packages:
os-tmpdirandrimraf@2.7.1to keep the dependency tree clean and up-to-date. [1] [2]These changes help maintain the project's stability and compatibility with the latest ecosystem updates.