Skip to content

fix: Bump python & javascript dependencies#9827

Open
asheshv wants to merge 7 commits intomasterfrom
fix/bump-python-js-dependencies
Open

fix: Bump python & javascript dependencies#9827
asheshv wants to merge 7 commits intomasterfrom
fix/bump-python-js-dependencies

Conversation

@asheshv
Copy link
Copy Markdown
Contributor

@asheshv asheshv commented Apr 6, 2026
edited by coderabbitai bot
Loading

Summary

  • Update Python dependencies: google-auth-oauthlib 1.3.0 → 1.3.1, sphinxcontrib-youtube 1.4.1 → 1.5.0, fixtures 4.3.1 → 4.3.2, and fix missing newlines at EOF
  • Replace deprecated @babel/plugin-proposal-* packages with their @babel/plugin-transform-* equivalents
  • Remove unused @types/classnames dependency

Summary by CodeRabbit

  • Chores
    • Updated pinned dependencies: google-auth-oauthlib, sphinxcontrib-youtube, fixtures
    • Replaced Babel "proposal" plugins with "transform" variants across build/config
    • Removed an unused type package and tightened a UI dependency version constraint
    • Ensured trailing newlines in requirements files
    • Extended CI test matrix with a PostGIS dimension and aligned installed packages

@asheshv @claude
fix: Bump python & javascript dependencies
15b3259 
Update Python dependencies:
- google-auth-oauthlib 1.3.0 → 1.3.1
- sphinxcontrib-youtube 1.4.1 → 1.5.0
- fixtures 4.3.1 → 4.3.2
- Add missing newline at end of requirements files

Update JavaScript dependencies:
- Replace deprecated @babel/plugin-proposal-* packages with
  @babel/plugin-transform-* equivalents
- Remove unused @types/classnames dependency
- Update yarn.lock

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 6, 2026
edited
Loading

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • ✅ Review completed - (🔄 Check again to review again)

Walkthrough

Bumped several Python/tooling dependency pins, replaced Babel proposal plugins with transform equivalents across web configs and package.json, adjusted web/package.json deps, and extended the GitHub Actions matrix to add a postgisver dimension and parameterized PostGIS install.

Changes

Cohort / File(s) Summary
Top-level Python deps
requirements.txt		 Bumped google-auth-oauthlib 1.3.0 → 1.3.1; ensured trailing newline.
Tooling Python deps
tools/requirements.txt		 Bumped sphinxcontrib-youtube 1.4.1 → 1.5.0; added trailing newline.
Web regression deps
web/regression/requirements.txt		 Bumped fixtures 4.3.1 → 4.3.2.
Babel / ESLint / Webpack configs
web/.eslintrc.js, web/babel.config.json, web/webpack.config.js		 Replaced @babel/plugin-proposal-* and @babel/proposal-* entries with @babel/plugin-transform-* equivalents for class properties and object rest/spread in ESLint, Babel config, and webpack babel-loader.
Web package manifest
web/package.json		 Swapped proposal-prefixed Babel packages to transform-prefixed counterparts, removed @types/classnames, and changed react-frame-component from ^5.2.6~5.2.6.
CI workflow matrix
.github/workflows/run-python-tests-epas.yml		 Added postgisver matrix dimension (default 34), excluded {pgver:18,postgisver:34}, explicitly added {os: ubuntu-22.04, pgver:18, postgisver:36} and {os: windows-latest, pgver:18, postgisver:36}, and parameterized Linux apt package to edb-as${{ matrix.pgver }}-postgis${{ matrix.postgisver }}.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and accurately summarizes the main objective of the changeset: bumping both Python and JavaScript dependencies across multiple files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/bump-python-js-dependencies

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@asheshv @claude
fix: Use PostGIS 35 for EPAS 18 in CI workflow
0c16add 
EPAS 18 ships with edb-as18-postgis35 instead of postgis34.
Add a postgisver matrix variable to support mixed versions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
coderabbitai[bot]
coderabbitai bot reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/run-python-tests-epas.yml:
- Around line 36-39: The matrix.include entry does not override the base matrix
so the invalid combination pgver: 18 + postgisver: 34 remains and include items
lack matrix.os; fix by either adding an explicit matrix.exclude entry for
{pgver: 18, postgisver: 34} to remove that invalid combo or by changing the base
lists so postgisver: 34 is not listed for pgver 18, and update every
matrix.include object to include os (so matrix.os is defined for runs-on: ${{
matrix.os }}); reference the matrix keys (matrix.include, pgver, postgisver,
matrix.os) and ensure the exclude or corrected include removes the
edb-as18-postgis34 request.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d813ac47-f376-4708-9dd5-6043aefb5fd1

📥 Commits

Reviewing files that changed from the base of the PR and between 15b3259 and 0c16add.

📒 Files selected for processing (1)
  • .github/workflows/run-python-tests-epas.yml

asheshv added 2 commits April 7, 2026 10:35
@asheshv
fix: Add exclude+include for EPAS 18 PostGIS matrix to fix empty runs-on
4b3ca5d 
The previous include entry for pgver 18 with postgisver 35 did not match
any existing matrix combination (postgisver 34 != 35), so GitHub Actions
created a new entry without an os value, causing runs-on to evaluate to ''.

Use exclude to remove pgver 18 / postgisver 34 combos, then include with
explicit os to re-add them with postgisver 35.
@asheshv
fix: Pin the 'react-frame-component' to '~5.2.6'.
b3b65c6
coderabbitai[bot]
coderabbitai bot reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@web/package.json`:
- Line 73: The package.json currently lists build-time Babel packages in
dependencies; move "@babel/plugin-transform-class-properties" (and also
"@babel/preset-react" if present) from "dependencies" into "devDependencies" so
they are only installed for development/builds and not shipped in production;
update the package.json to remove those entries from dependencies and add them
under devDependencies using the same versions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ae0513e6-4b4a-4f60-882d-0c5ea82c79a9

📥 Commits

Reviewing files that changed from the base of the PR and between 4b3ca5d and b3b65c6.

⛔ Files ignored due to path filters (1)
  • web/yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (1)
  • web/package.json

web/package.json Outdated
},
"dependencies": {
"@babel/plugin-proposal-class-properties": "^7.10.4",
"@babel/plugin-transform-class-properties": "^7.28.6",
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Babel plugin should be in devDependencies, not dependencies.

@babel/plugin-transform-class-properties is a build-time Babel transpilation plugin. It's only needed during compilation and should not be shipped as a runtime dependency. Placing it in dependencies unnecessarily increases the install footprint for production deployments.

Proposed fix: Move to devDependencies 
  "devDependencies": {
    "@babel/core": "^7.28.3",
    "@babel/eslint-parser": "^7.28.6",
    "@babel/eslint-plugin": "^7.26.10",
    "@babel/plugin-syntax-jsx": "^7.16.0",
+   "@babel/plugin-transform-class-properties": "^7.28.6",
    "@babel/plugin-transform-object-rest-spread": "^7.28.6",
    ...
  },
  "dependencies": {
-   "@babel/plugin-transform-class-properties": "^7.28.6",
    "@babel/preset-react": "^7.27.1",
    ...
  }

Note: @babel/preset-react on line 74 also appears to be in dependencies rather than devDependencies. Consider moving it as well for consistency.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@web/package.json` at line 73, The package.json currently lists build-time
Babel packages in dependencies; move "@babel/plugin-transform-class-properties"
(and also "@babel/preset-react" if present) from "dependencies" into
"devDependencies" so they are only installed for development/builds and not
shipped in production; update the package.json to remove those entries from
dependencies and add them under devDependencies using the same versions.

asheshv added 3 commits April 7, 2026 19:11
@asheshv
chore: bumped the postgis version to 3.6 for the EPAS feature test gi…
91646ff 
…thub workflow
@asheshv
chore: Moving '@babel/plugin-transform-class-properties' to devDepend…
7ab87ce 
…encies section as suggested by CodeRabbit
@asheshv
chore: Adding '.worktree' in git ignore list.
ea900b1 
Though - it's unrelated change, I would need that for future work.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@asheshv