chore(deps): remove legacy packages and patch direct findings#742
Conversation
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (1)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
📝 WalkthroughWalkthroughDevelopment dependencies are removed or upgraded, and timeline keyframe creation now uses the platform crypto API instead of the ChangesTooling and keyframe identifiers
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
package.json (1)
81-81: 🔒 Security & Privacy | 🔵 TrivialElectron 39.8.10 is the latest 39.x patch, but 39.x is end-of-support. If this app uses custom protocols or PDF rendering paths, 39.8.10 also has a reported regression there, so plan a move to a supported Electron major rather than staying on 39.x.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@package.json` at line 81, Update the Electron dependency from the end-of-support 39.x line to a currently supported major, selecting a compatible stable version and adjusting any affected custom protocol or PDF rendering code and related tests as needed. Verify the application builds and runs correctly with the new Electron version.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@package.json`:
- Line 81: Update the Electron dependency from the end-of-support 39.x line to a
currently supported major, selecting a compatible stable version and adjusting
any affected custom protocol or PDF rendering code and related tests as needed.
Verify the application builds and runs correctly with the new Electron version.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: 291dbeaa-f0d8-42c5-930f-876e797fbaa9
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (2)
package.jsonsrc/components/video-editor/timeline/hooks/useTimelineSelection.ts
Description
Removes five unused direct packages plus
uuid/types. The soleuuidcall now uses the existingrenderer convention,
globalThis.crypto.randomUUID().Also raises Electron 39.2.7 -> 39.8.10 and Vitest 4.0.16 -> 4.1.10 to clear their direct audit
findings. Active
@fix-webm-duration/fixandpixi-filtersremain.Motivation
Legacy icon/Jimp/PhantomJS/
requesttrees and vulnerable direct versions inflated the install. Thelockfile moves from 1,001 to 772 entries, direct dev dependencies from 59 to 52, and current registry
audit results from 34 findings/3 critical to 15/0 critical.
Type of Change
Related Issue(s)
None found.
Screenshots / Video
Not applicable; there is no UI change.
Testing Guide
npm ci --no-audit --no-fund— full postinstall/native rebuild passeduiohook-napiloaded at ABI 140npx tsc --noEmit --noUnusedLocals falseprobes — passed
npm audit --json— 15 findings remain; no Electron/Vitest finding and no critical findingStrict typecheck retains the existing unused
scalePreviewBorderRadiusonmain(covered by #737).Verification was Windows x64; macOS/Linux packaging and interactive capture remain.
Risk
No production API/schema change; product Vite stays 5.4.21 and IDs remain UUID v4. Electron 39.8.10
closes known findings but 39 is EOL; a supported-major compatibility ladder remains required.
Checklist
Summary by CodeRabbit
Chores
Bug Fixes