Upgrade dependencies

[rygine]

Summary

• Upgraded developer tooling (linting, testing, building, etc...)
• Upgraded some developer dependencies
• Upgraded @xmtp/proto

Summary by CodeRabbit

• New Features

  • Updated multiple dependencies across various packages to ensure compatibility and incorporate potential improvements.
  • Enhanced documentation in the SDKs' README files regarding server requirements and bundler configurations.

• Bug Fixes

  • Incremented versions of critical dependencies to address known issues and enhance functionality.

• Chores

  • General maintenance updates to keep project dependencies current across all packages.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 41fe793

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

The pull request includes updates to the package.json files across multiple packages and examples within the project. The updates primarily consist of version increments for various dependencies and development dependencies, including @types/node, happy-dom, rollup, vite, and vitest. Additionally, some changes were made to the SDKs and examples, such as modifications in the App component and the createClient function. These changes aim to ensure compatibility and incorporate potential fixes or improvements across the project.

Changes

File Path	Change Summary
content-types/content-type-group-updated/package.json	Updated @xmtp/proto to ^3.72.0, @types/node to ^20.17.6, happy-dom to ^15.11.6, rollup to ^4.27.3, vite to ^5.4.11, vitest to ^2.1.5.
content-types/content-type-primitives/package.json	Updated @xmtp/proto to ^3.72.0, @types/node to ^20.17.6, happy-dom to ^15.11.6, rollup to ^4.27.3, vite to ^5.4.11, vitest to ^2.1.5.
content-types/content-type-reaction/package.json	Updated @types/node to ^20.17.6, rollup to ^4.27.3, vite to ^5.4.11, vitest to ^2.1.5.
content-types/content-type-read-receipt/package.json	Updated @types/node to ^20.17.6, rollup to ^4.27.3, vite to ^5.4.11, vitest to ^2.1.5.
content-types/content-type-remote-attachment/package.json	Updated @xmtp/proto to ^3.72.0, @types/node to ^20.17.6, happy-dom to ^15.11.6, rollup to ^4.27.3, vite to ^5.4.11, vitest to ^2.1.5.
content-types/content-type-reply/package.json	Updated @xmtp/proto to ^3.72.0, @types/node to ^20.17.6, rollup to ^4.27.3, vite to ^5.4.11.
content-types/content-type-text/package.json	Updated @types/node to ^20.17.6, happy-dom to ^15.11.6, rollup to ^4.27.3, vite to ^5.4.11, vitest to ^2.1.5.
content-types/content-type-transaction-reference/package.json	Updated @types/node to ^20.17.6, happy-dom to ^15.11.6, rollup to ^4.27.3, vite to ^5.4.11, vitest to ^2.1.5.
examples/react-vite-browser-sdk/package.json	Updated @types/react to ^18.3.12, @vitejs/plugin-react to ^4.3.3, and various other dev dependencies.
package.json	Updated multiple dev dependencies including @eslint/compat, @eslint/js, @ianvs/prettier-plugin-sort-imports, @types/node, eslint, globals, turbo, typescript-eslint.
packages/consent-proof-signature/package.json	Updated @xmtp/proto to ^3.72.0, rollup to ^4.27.3, typedoc to ^0.26.11, vite to ^5.4.11, vitest to ^2.1.5.
packages/frames-client/package.json	Updated @xmtp/proto to ^3.72.0, rollup to ^4.27.3, typedoc to ^0.26.11, vite to ^5.4.11, vite-tsconfig-paths to ^5.1.2.
packages/frames-validator/package.json	Updated @xmtp/proto to ^3.72.0, rollup to ^4.27.3, vitest to ^2.1.5.
sdks/browser-sdk/package.json	Updated @xmtp/proto to ^3.72.0, uuid to ^11.0.3, and multiple dev dependencies including rollup, typedoc, vite, and vitest.
sdks/js-sdk/package.json	Updated @xmtp/proto to ^3.72.0, @types/bl to ^5.1.4, @types/node to ^20.17.6, and several other dependencies.
sdks/node-sdk/package.json	Updated @xmtp/proto to ^3.72.0, @types/node to ^20.17.6, rollup to ^4.27.3, uuid to ^11.0.3, vite to ^5.4.11, vite-tsconfig-paths to ^5.1.2, vitest to ^2.1.5.
examples/react-vite-browser-sdk/src/App.tsx	Changed client.address to client.accountAddress.
examples/react-vite-browser-sdk/src/createClient.ts	Removed env parameter from Client.create method call.
sdks/browser-sdk/README.md	Enhanced documentation regarding server response headers and bundler configurations.
sdks/js-sdk/rollup.config.js	Added external dependency "node:crypto" to Rollup configuration.
sdks/node-sdk/README.md	Added requirement for glibc version 3.28 or later in the README.

Possibly related PRs

• Update Node SDK #694: The changes in the Node SDK update include modifications to the package.json file that are directly related to the updates made in the main PR, particularly the version updates for @xmtp/proto and other dependencies.
• Upgrade node bindings #709: This PR also updates the @xmtp/node-bindings dependency in the package.json, which aligns with the dependency updates in the main PR.
• Update Node SDK #715: Similar to the previous PRs, this one updates the @xmtp/node-bindings dependency, reflecting ongoing maintenance and version updates that are consistent with the changes in the main PR.
• Refactor signing in browser and node SDKs #718: This PR introduces a refactor of the signing functionality in both the browser and node SDKs, which includes changes to how the Client class handles signatures and accounts, aligning with the updates in the main PR regarding dependency management and functionality enhancements.

🐰 In the code, we hop and play,
Updating packages every day!
With versions fresh, we leap with glee,
Ensuring all runs smoothly, you see!
Dependencies dance, a joyful sight,
In our code garden, everything's bright! 🌼

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[cloudflare-workers-and-pages]

Deploying xmtp-js-docs with    Cloudflare Pages

Latest commit:	63e5276
Status:	⚡️  Build in progress...

View logs

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (3)

examples/react-vite-browser-sdk/src/createClient.ts (1)

Line range hint 1-23: Consider enhancing error handling for SDK initialization

While the code handles encryption key validation, it might benefit from additional error handling around client creation, especially since this is example code that others might reference.

Consider wrapping the client creation in a try-catch block:

 export const createClient = async (walletKey: string) => {
   const encryptionKeyHex = import.meta.env.VITE_ENCRYPTION_KEY;
   if (!encryptionKeyHex) {
     throw new Error("VITE_ENCRYPTION_KEY must be set in the environment");
   }
   const encryptionBytes = toBytes(encryptionKeyHex);
   const wallet = createWallet(walletKey);
   const signer: Signer = {
     getAddress: () => wallet.account.address,
     signMessage: async (message: string) => {
       const signature = await wallet.signMessage({
         message,
       });
       return toBytes(signature);
     },
   };
-  const client = await Client.create(signer, encryptionBytes);
-  return client;
+  try {
+    const client = await Client.create(signer, encryptionBytes);
+    return client;
+  } catch (error) {
+    throw new Error(`Failed to initialize XMTP client: ${error.message}`);
+  }
 };

sdks/browser-sdk/README.md (2)

29-33: Enhance the headers documentation with context and examples

While the header configurations are correct, consider adding:

1. An explanation of why these headers are required (likely related to WASM and SharedArrayBuffer support)
2. More guidance on the Next.js path pattern configuration:
   • Examples of common path patterns
   • When to use specific patterns (e.g., for specific routes vs. all routes)

Also applies to: 43-63

---

69-85: Expand bundler configuration documentation

The WASM bundling section could be improved by adding:

1. Configuration examples for other popular bundlers (webpack, Rollup)
2. Common troubleshooting steps or issues
3. A brief explanation of why @xmtp/wasm-bindings needs to be excluded from optimization

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between a3c3bf0 and 41fe793.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (16)

• content-types/content-type-group-updated/package.json (1 hunks)
• content-types/content-type-primitives/package.json (1 hunks)
• content-types/content-type-remote-attachment/package.json (1 hunks)
• content-types/content-type-reply/package.json (1 hunks)
• examples/react-vite-browser-sdk/package.json (1 hunks)
• examples/react-vite-browser-sdk/src/App.tsx (1 hunks)
• examples/react-vite-browser-sdk/src/createClient.ts (1 hunks)
• packages/consent-proof-signature/package.json (1 hunks)
• packages/frames-client/package.json (2 hunks)
• packages/frames-validator/package.json (2 hunks)
• sdks/browser-sdk/README.md (1 hunks)
• sdks/browser-sdk/package.json (1 hunks)
• sdks/js-sdk/package.json (2 hunks)
• sdks/js-sdk/rollup.config.js (1 hunks)
• sdks/node-sdk/README.md (1 hunks)
• sdks/node-sdk/package.json (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• examples/react-vite-browser-sdk/src/App.tsx

🚧 Files skipped from review as they are similar to previous changes (10)

• content-types/content-type-group-updated/package.json
• content-types/content-type-primitives/package.json
• content-types/content-type-remote-attachment/package.json
• content-types/content-type-reply/package.json
• packages/consent-proof-signature/package.json
• packages/frames-client/package.json
• packages/frames-validator/package.json
• sdks/browser-sdk/package.json
• sdks/js-sdk/package.json
• sdks/node-sdk/package.json

🔇 Additional comments (9)

examples/react-vite-browser-sdk/src/createClient.ts (1)

21-21: Verify SDK changes and update documentation if needed

The removal of the env parameter from Client.create appears to be related to the @xmtp/browser-sdk upgrade. This change in the API signature could affect other implementations.

Let's verify the changes and documentation:

✅ Verification successful

Based on the search results, I can now provide a conclusive response about the API changes:

Client.create API change is a documented breaking change

The removal of the env parameter from Client.create is a documented breaking change in both browser-sdk and node-sdk. According to the changelogs:

• Client.create was refactored to accept a Signer instead of account address
• Client creation now automatically handles registration and identity
• A new disableAutoRegister option was added to ClientOptions

The changes in the example are correct and align with the SDK's latest API design.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for breaking changes in SDK and verify documentation
# Look for other instances of Client.create to ensure consistent updates
# and check for documentation/migration guides

# Search for other Client.create usage patterns
rg -A 2 "Client\.create" 

# Look for README or migration guide
fd -g "README*" -g "MIGRATION*" -g "CHANGELOG*"

Length of output: 17516

examples/react-vite-browser-sdk/package.json (4)

25-26: LGTM: Build tool updates

The updates to build tools (@vitejs/plugin-react, autoprefixer, vite) are minor version bumps and should maintain compatibility.

Also applies to: 31-31

---

27-28: Review breaking changes in postcss-preset-env

The update to postcss-preset-env (9.x -> 10.x) is a major version bump that may include breaking changes.

#!/bin/bash
# Description: Check for breaking changes in postcss-preset-env

# Check release notes for breaking changes
echo "Checking postcss-preset-env changes between 9.x and 10.x"
gh api repos/csstools/postcss-plugins/releases | jq -r '.[] | select(.tag_name | startswith("postcss-preset-env-10")) | .body'

---

23-24: Verify TypeScript version compatibility

The TypeScript ecosystem updates (@types/react, @types/react-dom, typescript) should be verified for compatibility with the React version in use.

#!/bin/bash
# Description: Check TypeScript and @types compatibility

# Check TypeScript release notes for breaking changes
echo "Checking TypeScript changes between 5.5.3 and 5.6.3"
gh api repos/microsoft/TypeScript/releases | jq -r '.[] | select(.tag_name | startswith("v5.")) | .body'

# Verify @types versions match React version
npm info react@^18.3.1 version
npm info @types/react@^18.3.12 version

Also applies to: 30-30

---

13-15: Verify compatibility between Web3 dependencies

The updates to Web3-related packages (@rainbow-me/rainbowkit, @wagmi/core, wagmi) are interconnected. While these are minor version bumps, it's important to verify compatibility.

Also applies to: 20-20

✅ Verification successful

Based on the execution results, I can now provide a final response:

Web3 dependencies are compatible and safe to update

The version updates for @rainbow-me/rainbowkit (2.1.3 → 2.2.0), @wagmi/core (2.11.7 → 2.14.6), and @tanstack/react-query (5.51.1 → 5.60.5) are all compatible:

• @rainbow-me/rainbowkit 2.2.0 requires wagmi ^2.9.0 and @tanstack/react-query >=5.0.0, which are satisfied by the updated versions
• The @tanstack/react-query updates (5.51.1 → 5.60.5) contain only bug fixes and improvements with no breaking changes
• All version bumps are within the same major version, following semver

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for breaking changes and compatibility issues in the updated packages

# Check release notes for breaking changes
echo "Checking @rainbow-me/rainbowkit changes between 2.1.3 and 2.2.0"
gh api repos/rainbow-me/rainbowkit/releases | jq -r '.[] | select(.tag_name | startswith("v2.")) | .body'

echo "Checking @tanstack/react-query changes between 5.51.1 and 5.60.5"
gh api repos/TanStack/query/releases | jq -r '.[] | select(.tag_name | startswith("v5.")) | .body'

# Verify peer dependency requirements
npm info @rainbow-me/rainbowkit@^2.2.0 peerDependencies
npm info wagmi@^2.12.33 peerDependencies

Length of output: 22425

sdks/node-sdk/README.md (1)

15-15: 🛠️ Refactor suggestion

Verify the glibc requirement and provide more context

The addition of this system requirement needs verification and more context:

1. Ubuntu 24.04 is not yet released as of April 2024
2. The requirement for glibc 3.28+ seems unusually high and could significantly limit adoption

Let's verify if this requirement is actually needed:

Consider enhancing the documentation:

1. Add an explanation of why this high glibc version is required
2. List alternative distributions that meet this requirement
3. Document the impact on existing users
4. Consider adding a compatibility matrix

 - `glibc` 3.28+ (i.e. Ubuntu 24.04 or later)
+- `glibc` 3.28+ (required for [explain feature/dependency])
+  - Compatible with: [list other distributions]
+  - If you can't upgrade, please see [workaround/alternative]

sdks/js-sdk/rollup.config.js (2)

Line range hint 1-99: Build configuration structure is well-organized

The Rollup configuration follows best practices with:

• Clear separation of build targets (ES, CJS, d.ts, browser, bundler)
• Proper source map generation
• Environment-specific resolution via the .browser and .bundler extensions
• Appropriate plugin usage for each build target

---

11-11: Verify crypto module handling across different build targets

The addition of "node:crypto" alongside the existing "crypto" external dependency requires careful consideration:

1. The node: prefix is Node.js-specific and might not be compatible with browser environments
2. Having both "node:crypto" and "crypto" as externals could lead to inconsistent module resolution

Let's verify the crypto module usage across the codebase:

Consider:

1. Using conditional exports in package.json to handle different environments
2. Implementing environment-specific crypto implementations using the existing .browser and .bundler resolution mechanism

✅ Verification successful

Based on the search results, I can now generate a final response as we have sufficient information about how crypto is used across the codebase.

Both node:crypto and crypto externals are correctly configured

The codebase shows a consistent pattern where:

1. Node.js specific imports use node:crypto prefix: import { webcrypto } from "node:crypto"
2. The crypto implementation is properly abstracted in src/encryption/crypto.ts which handles the Node.js case
3. All other files import from this abstraction layer: import { crypto } from "@/encryption"

Having both externals in the Rollup config is correct because:

• "node:crypto" handles the Node.js environment
• "crypto" handles other environments where the module might be available without the prefix

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check how crypto is imported/used across the codebase

# Check for crypto imports
echo "Checking crypto imports:"
rg -A 2 "import.*crypto" --type ts

# Check for dynamic crypto imports
echo -e "\nChecking dynamic crypto imports:"
rg -A 2 "require.*crypto" --type ts

# Check for Node.js-specific imports
echo -e "\nChecking Node.js-specific imports:"
rg -A 2 "node:crypto" --type ts

Length of output: 20259

sdks/browser-sdk/README.md (1)

Line range hint 1-85: Documentation updates align well with dependency changes

The documentation changes appropriately reflect the dependency upgrades mentioned in the PR objectives, particularly the Vite configuration updates and WASM bundling instructions.

🧰 Tools

🪛 Markdownlint

89-89: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)