chore(deps): batch update dependencies to latest#1338
Merged
Conversation
yahyafakhroji
added a commit
that referenced
this pull request
Jul 10, 2026
## Problem **E2E Smoke** has been failing intermittently across PRs (e.g. [run on #1338](https://github.com/datum-cloud/cloud-portal/actions/runs/29062376687/job/86269152684)): ``` Service Account new page › renders the create UI (not RestrictedState) for a permitted user AssertionError: Timed out retrying after 10000ms: Expected to find element: `[data-e2e="organization-card-personal"]`, but never found it. at cypress/support/e2e.ts ← the shared getPersonalOrgId command ``` The failing assertion is in the shared `getPersonalOrgId` command — the **cascade root** that nearly every smoke/regression spec depends on — so a single missing hook fails the whole suite. ## Root cause The onboarding **"unified org"** work made organizations typeless. `organization.adapter.ts` now returns an `undefined` `type` for them: ```ts /** Legacy org types only — unified orgs omit type or send empty values. */ function normalizeOrganizationType(type: unknown): Organization['type'] | undefined { return type === 'Personal' || type === 'Standard' ? type : undefined; } ``` …and the org card derives its hook from that type: ```tsx data-e2e={ org.type ? `organization-card-${org.type.toLowerCase()}` : 'organization-card' } ``` So a typeless org renders `data-e2e="organization-card"`, never `-personal`. The tests still waited on `organization-card-personal` and timed out. ## Fix This **completes a migration the team already started** — `cypress/e2e/regression/organisations.cy.ts` and `cypress/support/e2e.ts:737` already use the `[data-e2e^="organization-card"]` prefix selector (as documented in the regression spec's selector reference). It was just missed in these spots: - **`getPersonalOrgId`** + smoke render test → identify the personal org by its stable `personal-org-…` **resource name** (`cy.contains` on the id badge), independent of the removed type. This is the suite's own invariant (`/^personal-org-[a-z0-9]+$/`). - **`createStandardOrg`** + auth regression → wait for any card variant via `[data-e2e^="organization-card"]`. No app code or dependency changes — test-only. ## Scope & validation - Local: `prettier` ✓, `eslint` ✓, `typecheck` ✓ (pre-commit gate green). - These specs run against the live **staging** backend with CI secrets, so they can't be executed locally — **CI on this PR is the real validation**. Since the failure was intermittent (the type appears to populate asynchronously in staging), keying off the resource name rather than the type also removes that flake source. - Unrelated to the Renovate batch in #1338 — this pre-existing E2E drift affects `main` and all open PRs.
Consolidates the open Renovate PRs into a single branch. graphql v17 (#1316) is intentionally excluded — @0no-co/graphql.web (urql) and graphql-ws only peer-support graphql ^16, so v17 is held until they add ^17. Runtime / tooling: - node.js 24.16.0 -> 24.18.0 (.nvmrc, .tool-versions) (#1325) - cypress-vite 1.10.0 -> 1.10.2 (dev) (#1323) CI actions (SHA-pinned): - actions/checkout v6 -> v7.0.0 (#1326, supersedes digest PR #1295) - actions/setup-node v4 -> v6.4.0 (#1327) - actions/download-artifact v4 -> v8.0.1 (#1328) - datum-cloud/actions v1.14.0 -> v1.20.0 (#1324) Local observability (docker-compose): - prom/prometheus v3.11.3 -> v3.13.0 (#1277) - grafana/grafana 13.0.1 -> 13.1.0 (#1285)
a7da5c5 to
6c21dba
Compare
🧪 Test Summary
📎 ArtifactsVideos and screenshots from failed E2E tests: |
gaghan430
previously approved these changes
Jul 10, 2026
Fixes the Snyk High-severity "Uncaught Exception" advisory in the transitive @opentelemetry/propagator-jaeger@2.8.0, pulled in by @opentelemetry/sdk-node (pinned to 2.8.0). Lockstep SDK bump rather than a lone override (which would split core across 2.8/2.9): - @opentelemetry/auto-instrumentations-node ^0.77.0 -> ^0.78.0 - @opentelemetry/exporter-metrics-otlp-http ^0.219.0 -> ^0.220.0 - @opentelemetry/exporter-trace-otlp-http ^0.219.0 -> ^0.220.0 - @opentelemetry/sdk-node ^0.219.0 -> ^0.220.0 - @opentelemetry/sdk-trace-base ^2.8.0 -> ^2.9.0 propagator-jaeger now resolves to 2.9.0 (0 instances of 2.8.0 remain). The residual core@2.8.0 is @sentry/node's own nested OTel copy (no propagator-jaeger, unrelated to this advisory). typecheck + build pass.
🧪 Test Summary
📎 ArtifactsVideos and screenshots from failed E2E tests: |
mattdjenkinson
approved these changes
Jul 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Consolidates the open Renovate dependency PRs into a single branch, each verified against the actual latest version and checked for compatibility, plus a Snyk-flagged security fix. Also includes the E2E selector fix merged via #1339 (required for the suite to pass against the unified-org model).
Included updates
All GitHub Action bumps remain SHA-pinned with a
# vXcomment.Security fix (Snyk)
Resolves the High-severity "Uncaught Exception" advisory in the transitive
@opentelemetry/propagator-jaeger@2.8.0. It's pulled in by@opentelemetry/sdk-node(pinned to2.8.0), so the fix is a lockstep OpenTelemetry SDK bump rather than a lone override (which would split@opentelemetry/coreacross 2.8/2.9):propagator-jaegernow resolves to 2.9.0 (0 instances of 2.8.0 remain). The residual@opentelemetry/core@2.8.0in the lockfile belongs to@sentry/node's own nested OTel copy (sdk-trace-baseonly, no propagator-jaeger) — a separate isolated tree Sentry pins internally, unrelated to this advisory.Intentionally held back
graphqlv16 → v17 (fix(deps): update dependency graphql to v17 #1316) — the runtime GraphQL client stack does not support v17 yet:@0no-co/graphql.web(backsurql/@urql/core) peer-supports^14 || ^15 || ^16, andgraphql-ws@6.0.8supports^15.10.1 || ^16. Neither declares^17. Holding until the urql/graphql-ws ecosystem adds v17.Verification
bun install→ lockfile updated (cypress-vite+ the OpenTelemetry subtree;graphqluntouched at 16.14.1)bun run typecheck→ PASSbun run build→ PASSprettier --checkon changed files → cleanOnce merged
These Renovate PRs can be closed: #1277, #1285, #1295, #1323, #1324, #1325, #1326, #1327, #1328.