Conversation
RobinTail
added
dependencies
Contributor
📝 WalkthroughWalkthroughRenames public config/metadata keys, moves Zod branding/examples into metadata with new helpers, converts many runtime imports to type-only and updates module specifiers, rewrites the migration ESLint rule with helpers, adjusts CI/Node/tsconfig/build tooling, and replaces manual Promise wrappers with Promise.withResolvers. ChangesPublic API & config renames
Zod branding & metadata helpers
Migration rule & helpers
Import style, module specifiers & tsconfig
Promise.withResolvers refactor
Routing & server behavior
CI/workflows & headers
Examples, tests & small updates
Sequence Diagram(s)sequenceDiagram
participant Client as Client
participant Server as Server (express-zod-api)
participant Router as Routing/initRouting
participant Docs as Documentation
participant Meta as metadata helpers
Client->>Server: HTTP request
Server->>Router: dispatch route (uses recognizeMethodDependentRoutes)
Router->>Router: decide method-vs-path keys (preferMethod)
alt request matches path but wrong method
Router->>Server: enforce/skip 405+Allow based on hintAllowedMethods
end
Docs->>Meta: summarize(endpoint.summary, endpoint.description, trimSummary)
Docs->>Meta: request examples/brand via getExamples/getBrand
Meta-->>Docs: returns examples / brand metadata
Estimated code review effort🎯 4 (Complex) | ⏱️ ~50 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.Comment |
|
coverage: 100.0%. remained the same — make-v28 into master |
1 task
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [eslint](https://eslint.org) ([source](https://redirect.github.com/eslint/eslint)) | [`^9.39.2` → `^10.0.0`](https://renovatebot.com/diffs/npm/eslint/9.39.2/10.0.0) |  |  | | [eslint](https://eslint.org) ([source](https://redirect.github.com/eslint/eslint)) | [`^9.0.0` → `^9.0.0 \|\| ^10.0.0`](https://renovatebot.com/diffs/npm/eslint/9.39.2/10.0.0) |  |  | --- ### Release Notes <details> <summary>eslint/eslint (eslint)</summary> ### [`v10.0.0`](https://redirect.github.com/eslint/eslint/compare/v9.39.2...4e6c4ac042e321da8fc29ce53ed03c86dcaa44a7) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v9.39.2...v10.0.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/RobinTail/express-zod-api). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45NS4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTUuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Robin Tail <robin_tail@me.com>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
# Conflicts: # pnpm-lock.yaml
1 task
RobinTail
commented
Feb 23, 2026
RobinTail
commented
Feb 23, 2026
RobinTail
commented
Feb 23, 2026
1 task
RobinTail
commented
Mar 5, 2026
EOL soon. 22.18 is defined by `tsdown`
1 task
# Conflicts: # pnpm-lock.yaml
# Conflicts: # pnpm-lock.yaml
1 task
This was referenced Apr 24, 2026
1 task
# Conflicts: # compat-test/package.json # express-zod-api/package.json
RobinTail
added a commit
that referenced
this pull request
Apr 30, 2026
4.4 will be supported in #3208 due to Zod's breaking changes revaled in #3355 see #3355 (comment) for details <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Clarified Zod compatibility: support limited to versions below 4.4.0 due to upstream behavior changes; note that broader Zod 4.4+ support will be delivered in a future major release. * **Chores** * Tightened dependency version constraints across packages and updated release notes and README to enforce the stated Zod compatibility boundaries. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: pullfrog[bot] <226033991+pullfrog[bot]@users.noreply.github.com>
This was referenced Apr 30, 2026
# Conflicts: # express-zod-api/package.json # pnpm-workspace.yaml # zod-plugin/package.json
adds xBrand() method to Zod Plugin instead of patching exiting one. due to #3357 --------- Co-authored-by: pullfrog[bot] <226033991+pullfrog[bot]@users.noreply.github.com>
RobinTail
added
enhancement
![pullfrog[bot]](https://avatars.githubusercontent.com/in/1768019?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
No new issues. Reviewed the following changes:
- Renamed
.brand()to.xBrand()in the zod-plugin to avoid conflicting with Zod 4.4's internal branding mechanism, using a simplevalueproperty descriptor instead of the previous getter/setter hack - Widened Zod peer dependency from
~4.3.4to^4.3.4, bumped dev dependency to^4.4.1 - Removed
getBrand()export from zod-plugin (moved to main package'smetadata.ts) - Added
filterNaminginfixReferencesto handle Zod 4.4 no longer emittingmeta({ id })into JSON schema output — falls back to the$defskey name, filtering out auto-generatedschema\d+names - Updated env test and snapshots to reflect Zod 4.4 behavior:
idno longer appears in depiction,z.undefined()properties are no longer optional, cuid regex updated - Updated documentation/README/CHANGELOG to document
.xBrand()and Zod 4.4 compatibility
Prior review feedback:
- Version string mismatch in
zod-plugin/CHANGELOG.md— addressed
Claude Opus | 𝕏
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
express-zod-api/src/endpoint.ts (1)
115-115: ⚡ Quick winAdd required JSDoc tags for the new public
summaryoption (Line 115).
summary?: stringis a new optional property in a public constructor contract, so it should include@descand@defaulttags per repo rules.Proposed fix
description?: string; + /** `@desc` A short human-readable endpoint summary */ + /** `@default` undefined */ summary?: string;As per coding guidelines:
{express-zod-api,migration,zod-plugin}/src/**/*.ts: “All properties of publicly available entities (exposed viaindex.ts) must have JSDoc documentation with@desc,@default(required for optional properties), and@example(required for literal types)”.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@express-zod-api/src/endpoint.ts` at line 115, Add JSDoc for the new public optional property "summary?: string" in the Endpoint constructor contract: add an `@desc` that briefly explains what summary represents and an `@default` that documents the default value (e.g., undefined or empty string) since the property is optional; update the JSDoc block above the property (or the constructor parameter JSDoc) where "summary" is declared so it follows the repo rule requiring `@desc` and `@default` for public optional properties.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@express-zod-api/src/documentation-helpers.ts`:
- Around line 669-672: The trimSummary function must guard non-positive and
small limits: if limit <= 0 return an empty string; if limit === 1 return the
single-character ellipsis "…"; otherwise keep the existing logic but only apply
summary.slice(0, limit - 1) + "…" when limit > 1 and summary length exceeds
limit. Update the trimSummary implementation to check limit <= 0 and limit === 1
before slicing so the result never exceeds the requested limit (refer to the
trimSummary function name).
---
Nitpick comments:
In `@express-zod-api/src/endpoint.ts`:
- Line 115: Add JSDoc for the new public optional property "summary?: string" in
the Endpoint constructor contract: add an `@desc` that briefly explains what
summary represents and an `@default` that documents the default value (e.g.,
undefined or empty string) since the property is optional; update the JSDoc
block above the property (or the constructor parameter JSDoc) where "summary" is
declared so it follows the repo rule requiring `@desc` and `@default` for public
optional properties.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 1df5ced9-e5f2-42b4-a703-99b39fe5eacd
⛔ Files ignored due to path filters (4)
express-zod-api/tests/__snapshots__/documentation.spec.ts.snapis excluded by!**/*.snapexpress-zod-api/tests/__snapshots__/env.spec.ts.snapis excluded by!**/*.snapexpress-zod-api/tests/__snapshots__/zts.spec.ts.snapis excluded by!**/*.snappnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (31)
AGENTS.mdCHANGELOG.mdREADME.mdSECURITY.mdcompat-test/package.jsoneslint.config.jsexample/example.documentation.yamlexpress-zod-api/package.jsonexpress-zod-api/src/deep-checks.tsexpress-zod-api/src/diagnostics.tsexpress-zod-api/src/documentation-helpers.tsexpress-zod-api/src/documentation.tsexpress-zod-api/src/endpoint.tsexpress-zod-api/src/integration.tsexpress-zod-api/src/json-schema-helpers.tsexpress-zod-api/src/routing-walker.tsexpress-zod-api/src/routing.tsexpress-zod-api/src/upload-schema.tsexpress-zod-api/src/zts.tsexpress-zod-api/tests/builtin-logger.spec.tsexpress-zod-api/tests/env.spec.tsexpress-zod-api/tests/routing-walker.spec.tsexpress-zod-api/tests/upload-schema.spec.tsissue952-test/symbols.tspackage.jsonpnpm-workspace.yamlzod-plugin/CHANGELOG.mdzod-plugin/README.mdzod-plugin/src/augmentation.tszod-plugin/src/runtime.tszod-plugin/tests/runtime.spec.ts
💤 Files with no reviewable changes (2)
- example/example.documentation.yaml
- issue952-test/symbols.ts
✅ Files skipped from review due to trivial changes (11)
- express-zod-api/tests/routing-walker.spec.ts
- express-zod-api/tests/upload-schema.spec.ts
- express-zod-api/src/json-schema-helpers.ts
- SECURITY.md
- express-zod-api/tests/builtin-logger.spec.ts
- express-zod-api/src/diagnostics.ts
- zod-plugin/CHANGELOG.md
- compat-test/package.json
- express-zod-api/src/zts.ts
- CHANGELOG.md
- express-zod-api/src/integration.ts
🚧 Files skipped from review as they are similar to previous changes (5)
- eslint.config.js
- pnpm-workspace.yaml
- package.json
- express-zod-api/package.json
- express-zod-api/src/documentation.ts
Comment on lines
+669
to
+672
| export const trimSummary = (summary?: string, limit = 50) => | ||
| !summary || summary.length <= limit | ||
| ? summary | ||
| : summary.slice(0, limit - 1) + "…"; |
Contributor
There was a problem hiding this comment.
Guard non-positive limits in trimSummary.
At Line 670, limit <= 0 can still produce a non-empty result, which breaks the “does not exceed the limit” contract.
Suggested patch
-export const trimSummary = (summary?: string, limit = 50) =>
- !summary || summary.length <= limit
- ? summary
- : summary.slice(0, limit - 1) + "…";
+export const trimSummary = (summary?: string, limit = 50) => {
+ if (!summary || summary.length <= limit) return summary;
+ if (limit <= 0) return "";
+ return limit === 1 ? "…" : summary.slice(0, limit - 1) + "…";
+};🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@express-zod-api/src/documentation-helpers.ts` around lines 669 - 672, The
trimSummary function must guard non-positive and small limits: if limit <= 0
return an empty string; if limit === 1 return the single-character ellipsis "…";
otherwise keep the existing logic but only apply summary.slice(0, limit - 1) +
"…" when limit > 1 and summary length exceeds limit. Update the trimSummary
implementation to check limit <= 0 and limit === 1 before slicing so the result
never exceeds the requested limit (refer to the trimSummary function name).
# Conflicts: # pnpm-lock.yaml
Complements #3364
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
package.json (1)
6-8: Add explicitengines.nodeconstraint for native TypeScript execution.Lines 6 and 8 execute
.tsfiles directly withnode. The rootpackage.jsonlacks anengines.nodefield, which means contributors on Node 20 or older will encounter runtime failures. Add an explicit constraint aligned with your CI test matrix.Suggested patch
{ "private": true, "type": "module", + "engines": { + "node": ">=22.19.0" + }, "scripts": {🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@package.json` around lines 6 - 8, The package.json is missing an engines.node constraint while prebuild and pretest scripts run .ts files directly with node; add an "engines": { "node": "<semver-constraint>" } entry to package.json (matching your CI test matrix, e.g., the minimum Node version that supports native TS execution used in CI) so contributors on older Node versions won't fail; update the semver to align with CI and ensure any README/contributor docs reflect the required Node version.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@package.json`:
- Around line 6-8: The package.json is missing an engines.node constraint while
prebuild and pretest scripts run .ts files directly with node; add an "engines":
{ "node": "<semver-constraint>" } entry to package.json (matching your CI test
matrix, e.g., the minimum Node version that supports native TS execution used in
CI) so contributors on older Node versions won't fail; update the semver to
align with CI and ensure any README/contributor docs reflect the required Node
version.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: c571205f-e5f9-4138-93b4-da3850f8a373
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (1)
package.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Koko Da Doll (aka Rasheeda Williams) was a 35-year-young Black trans woman, performance artist, singer, and star
of the acclaimed documentary Kokomo City. Born in College Park, Georgia, she was based in Atlanta and
became a prominent voice for transgender visibility and the rights of Black trans women.
She was a talented rap artist who released two singles: "Trick" (2020) and "Bulletproof" (2022).
A song she created was featured on the TV show The Chi in 2023, showcasing her artistic talents beyond her advocacy work.
Koko was one of four Black trans women featured in the groundbreaking documentary Kokomo City, directed by D. Smith. The film premiered at the 2023 Sundance Film Festival and won both the NEXT Innovator Award and NEXT Audience
Award. It also received the Berlinale Panorama Audience Award.
In the film, Koko spoke openly about her experiences as a sex worker and the challenges faced by Black trans women. She discussed doing sex work to avoid homelessness for her mother, sister, and herself.
After the Sundance première, Koko wrote on Instagram:
She hoped that her participation in the film would help save lives and create more opportunities for young trans women.
On April 18, 2023, at around 11pm, Koko Da Doll was found dead with a gunshot wound on a sidewalk near Holmes Shopping
Plaza in Southwest Atlanta. She was 35 years old.
A 17-year-old suspect was arrested on April 27, 2023, on suspicion of murder, aggravated assault, and possession of a firearm in the commission of a felony. Atlanta police indicated that a hate crime investigation was ongoing.
Koko was the 13th trans person killed in the United States in 2023. Following her death, Kokomo City was dedicated to her memory. She was honored during the In Memoriam segment at the 2023 BET Awards.
The New York Times described her as someone who "brims with vitality, ambition, and insight" — a woman who fought tooth and nail for her life and self-worth.
Her tragic death serves as a stark reminder of the ongoing violence and discrimination faced by trans women in America.
AP News · AL.com · TDoR
👩🏽🍳 Cooking...
Promise.withResolvers()#3268typescript-eslintfor TypeScript 6 support #3287undici8 #3294wrongMethodBehavior—>hintAllowedMethods#3299methodLikeRouteBehavior—>recognizeMethodDependentRoutes#3300hasSummaryFromDescription—>hasSummary#3302noContent—>noBodySchema#3303shortDescription—>summary,hasSummary—>summarizer(fn) #3310Summary by CodeRabbit
New Features
Documentation
Chores
Tests