Skip to content

OCPBUGS-78980: Update @graphql-codegen packages for Node.js 25 compatibility#16240

Open
stefanonardo wants to merge 1 commit into
openshift:mainfrom
stefanonardo:OCPBUGS-78980
Open

OCPBUGS-78980: Update @graphql-codegen packages for Node.js 25 compatibility#16240
stefanonardo wants to merge 1 commit into
openshift:mainfrom
stefanonardo:OCPBUGS-78980

Conversation

@stefanonardo

@stefanonardo stefanonardo commented Apr 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Upgrade @graphql-codegen/cli from v1 to v5 (and related codegen packages) to eliminate the transitive dependency on buffer-equal-constant-time, which uses the SlowBuffer API removed in Node.js 25
  • Upgrade graphql from ^14.0.0 to ^15.0.0 and graphql-tag to ^2.12.6 (required peer deps for codegen v5, while staying compatible with apollo-client@2.x peer range)

Test plan

  • yarn build compiles with 0 errors
  • buffer-equal-constant-time no longer present in yarn.lock
  • yarn generate-graphql produces equivalent generated types (exported type names unchanged)
    🤖 Generated with Claude Code

@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Apr 1, 2026
@openshift-ci-robot

Copy link
Copy Markdown
Contributor

@stefanonardo: This pull request references Jira Issue OCPBUGS-78980, which is invalid:

  • expected the bug to target the "4.22.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

  • Upgrade @graphql-codegen/cli from v1 to v5 (and related codegen packages) to eliminate the transitive dependency on buffer-equal-constant-time, which uses the SlowBuffer API removed in Node.js 25
  • Upgrade graphql from ^14.0.0 to ^16.8.0 and graphql-tag to ^2.12.6 (required peer deps for codegen v5)
  • Pin @types/js-yaml to 3.12.10 to prevent @types/js-yaml@4 (brought in transitively by codegen v5) from being hoisted and overriding the js-yaml v3 types used by the project
  • Add type casts at safeLoad/safeDump call sites to satisfy the stricter @types/js-yaml@3.12.10 return types

Test plan

  • [] yarn build compiles with 0 errors
  • [] buffer-equal-constant-time no longer present in yarn.lock
  • [] yarn generate-graphql produces equivalent generated types (exported type names unchanged)

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot requested review from mareklibra and spadgett April 1, 2026 09:15
@openshift-ci openshift-ci Bot added component/core Related to console core functionality component/dev-console Related to dev-console labels Apr 1, 2026
@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Apr 1, 2026
@openshift-ci openshift-ci Bot added the component/helm Related to helm-plugin label Apr 1, 2026
@openshift-ci-robot

Copy link
Copy Markdown
Contributor

@stefanonardo: This pull request references Jira Issue OCPBUGS-78980, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.22.0) matches configured target version for branch (4.22.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)
Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot added component/knative Related to knative-plugin component/monitoring Related to monitoring component/shared Related to console-shared labels Apr 1, 2026
@openshift-ci-robot

Copy link
Copy Markdown
Contributor

@stefanonardo: This pull request references Jira Issue OCPBUGS-78980, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.22.0) matches configured target version for branch (4.22.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
Details

In response to this:

Summary

  • Upgrade @graphql-codegen/cli from v1 to v5 (and related codegen packages) to eliminate the transitive dependency on buffer-equal-constant-time, which uses the SlowBuffer API removed in Node.js 25
  • Upgrade graphql from ^14.0.0 to ^16.8.0 and graphql-tag to ^2.12.6 (required peer deps for codegen v5)
  • Pin @types/js-yaml to 3.12.10 to prevent @types/js-yaml@4 (brought in transitively by codegen v5) from being hoisted and overriding the js-yaml v3 types used by the project
  • Add type casts at safeLoad/safeDump call sites to satisfy the stricter @types/js-yaml@3.12.10 return types

Test plan

  • yarn build compiles with 0 errors
  • buffer-equal-constant-time no longer present in yarn.lock
  • yarn generate-graphql produces equivalent generated types (exported type names unchanged)

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores

  • Upgraded GraphQL package from v14 to v16 and GraphQL Code Generator toolchain to v5 and v4 versions.

  • Added type definitions for improved development experience.

  • Refactor

  • Enhanced TypeScript type safety in YAML parsing operations across multiple components.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai

coderabbitai Bot commented Apr 1, 2026

Copy link
Copy Markdown
Contributor

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

Updated GraphQL runtime dependencies and GraphQL Code Generator devDependencies in frontend/package.json.

Changes

Frontend GraphQL dependency upgrades

Layer / File(s) Summary
Runtime GraphQL packages
frontend/package.json
graphql, graphql-tag, and @types/js-yaml version ranges were updated.
Codegen toolchain updates
frontend/package.json
@graphql-codegen/cli, @graphql-codegen/typescript, @graphql-codegen/typescript-graphql-files-modules, and @graphql-codegen/typescript-operations were upgraded to newer major versions.

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The PR includes summary and test plan, but omits most required template sections like root cause, solution details, screenshots, setup, browser conformance, and reviewers. Add the missing template sections and fill in root cause, solution details, test setup/cases, browser checks, screenshots if relevant, and reviewer/assignee info.
✅ Passed checks (14 passed)
Check name Status Explanation
Title check ✅ Passed The title is specific and matches the main change: upgrading GraphQL codegen packages for Node.js 25 compatibility.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR only updates frontend/package.json dependencies; no Ginkgo test files or titles were added or changed, so nothing unstable to flag.
Test Structure And Quality ✅ Passed No Ginkgo/spec test files were changed; the PR only updates Dockerfile/package manifests and yarn.lock, so this check is not applicable.
Microshift Test Compatibility ✅ Passed PR only changes Dockerfile and frontend dependency manifests; no Ginkgo/e2e test additions or MicroShift-sensitive APIs were introduced.
Single Node Openshift (Sno) Test Compatibility ✅ Passed Only frontend/package.json changed; no new Ginkgo e2e tests or SNO-multinode assumptions were added.
Topology-Aware Scheduling Compatibility ✅ Passed Only frontend/package.json changed, and it updates dependencies/scripts; no deployment manifests, operators, or scheduling constraints were introduced.
Ote Binary Stdout Contract ✅ Passed PR only updates frontend dependency metadata; no process-level stdout writes were added, and frontend/setup-tests.js only configures RTL.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed PR only changes frontend/package.json and frontend/yarn.lock; no new Ginkgo/e2e tests or network/IP logic were added.
No-Weak-Crypto ✅ Passed PASS: The PR only bumps GraphQL/YAML dependencies in frontend/package.json; no crypto primitives, custom crypto code, or secret comparisons were added in the touched frontend files.
Container-Privileges ✅ Passed PR only changes frontend/package.json and frontend/yarn.lock; no container/K8s manifests or privilege settings were added.
No-Sensitive-Data-In-Logs ✅ Passed Only dependency metadata changed in frontend/package.json and yarn.lock; no logging statements or sensitive-data exposures were introduced.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
frontend/packages/knative-plugin/src/components/add/brokers/AddBroker.tsx (1)

45-52: ⚠️ Potential issue | 🟠 Major

Fix Promise contract violation: createResources returns null on YAML parse failure, but handleSubmit unconditionally chains .then(), causing a runtime error

When invalid YAML is parsed, createResources returns null at line 51, but the function is typed to return Promise<K8sResourceKind>. This causes handleSubmit to call .then() on null, throwing a synchronous TypeError instead of displaying the validation error.

Change the return type to Promise<K8sResourceKind | null> and replace the promise chain with async/await to handle the null case correctly.

Proposed fix
-  const createResources = (
+  const createResources = async (
     formValues: AddBrokerFormYamlValues,
     actions: FormikHelpers<AddBrokerFormYamlValues>,
-  ): Promise<K8sResourceKind> => {
+  ): Promise<K8sResourceKind | null> => {
@@
-  const handleSubmit = (
+  const handleSubmit = async (
     values: AddBrokerFormYamlValues,
     actions: FormikHelpers<AddBrokerFormYamlValues>,
   ) => {
-    return createResources(values, actions)
-      .then(() => {
-        handleRedirect(values.formData.project.name, perspective, perspectiveExtension, navigate);
-      })
-      .catch((err) => {
-        actions.setStatus({ submitError: err.message });
-      });
+    try {
+      const broker = await createResources(values, actions);
+      if (!broker) {
+        return;
+      }
+      handleRedirect(values.formData.project.name, perspective, perspectiveExtension, navigate);
+    } catch (err) {
+      actions.setStatus({
+        submitError: err instanceof Error ? err.message : String(err),
+      });
+    }
   };
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@frontend/packages/knative-plugin/src/components/add/brokers/AddBroker.tsx`
around lines 45 - 52, The createResources function currently returns null on
YAML parse failure which violates its Promise<K8sResourceKind> contract; update
createResources to return Promise<K8sResourceKind | null> (ensure it always
returns a Promise that resolves to null on parse error) and keep the YAML
parse/metadata logic that calls safeLoad and actions.setStatus; then update
handleSubmit to stop using unconditional .then() chaining on createResources —
convert handleSubmit to async/await, await createResources, check for a null
result and abort early (displaying the validation error) before proceeding with
further logic, so no .then() is invoked on null.
frontend/packages/knative-plugin/src/utils/create-channel-utils.ts (1)

169-174: ⚠️ Potential issue | 🟠 Major

Guard against malformed default-ch-config ConfigMap during render

Line 26 parses cluster config without error handling. A missing, malformed, or structurally incomplete default-ch-config will throw during render and break the Add flow instead of falling back to EVENTING_IMC_KIND. Additionally, lines 29–30 don't fully guard .kind property access with optional chaining, so unexpected config structures also cause crashes.

The codebase pattern (seen in AddBroker.tsx) shows this error handling is expected. Wrap the parse and property access in try/catch, properly type the config shape, and ensure the fallback is reachable.

Proposed fix
   if (configMap && defaultConfiguredChannelLoaded) {
-    const cfg = safeLoad(configMap.data?.['default-ch-config']) as Record<string, any>;
-
-    defaultConfiguredChannel = _.hasIn(cfg?.namespaceDefaults, namespace)
-      ? cfg?.namespaceDefaults[namespace].kind
-      : cfg?.clusterDefault.kind;
+    try {
+      const cfg = safeLoad(configMap.data?.['default-ch-config']) as
+        | {
+            namespaceDefaults?: Record<string, { kind?: string }>;
+            clusterDefault?: { kind?: string };
+          }
+        | undefined;
+
+      defaultConfiguredChannel =
+        (_.hasIn(cfg?.namespaceDefaults, namespace)
+          ? cfg?.namespaceDefaults?.[namespace]?.kind
+          : cfg?.clusterDefault?.kind) || EVENTING_IMC_KIND;
+    } catch {
+      defaultConfiguredChannel = EVENTING_IMC_KIND;
+    }
   }
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@frontend/packages/knative-plugin/src/utils/create-channel-utils.ts` around
lines 169 - 174, The parsing and property access for the ConfigMap
`configMap.data['default-ch-config']` (used when
`defaultConfiguredChannelLoaded` is true) must be guarded: wrap the `safeLoad`
call and subsequent access to `cfg.namespaceDefaults[namespace].kind` /
`cfg.clusterDefault.kind` in a try/catch, validate `cfg` against an expected
shape (e.g., optional `namespaceDefaults` object and a `clusterDefault.kind`
string) before reading properties, use optional chaining for all `.kind`
accesses, and on any error or malformed structure set `defaultConfiguredChannel`
to the fallback `EVENTING_IMC_KIND` so the Add flow does not crash; update
references in this block (variables `cfg`, `defaultConfiguredChannel`,
`configMap`, `namespace`, `default-ch-config`) accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@frontend/package.json`:
- Line 187: The dependency upgrade to "graphql": "^16.8.0" in package.json is
incompatible with existing peer ranges of apollo-client@2.6.8 and
subscriptions-transport-ws@0.9.16; either downgrade/pin "graphql" to a 14.x
range (e.g., ^14.0.0) to satisfy those peers or upgrade/migrate off
apollo-client (Apollo Client v3+) and subscriptions-transport-ws (or swap to
graphql-ws) to versions that declare compatibility with graphql@16; update
package.json accordingly and run npm/yarn install to verify peer conflicts are
resolved.

In `@frontend/packages/helm-plugin/src/catalog/providers/useHelmCharts.tsx`:
- Around line 54-56: The YAML-to-JSON parsing currently asserts the result has
entries without runtime checks; after calling safeLoad(yaml) (variable json) and
before calling setHelmCharts, validate that json is an object and json.entries
is present and of the expected shape (e.g., non-null/defined), and if not throw
a descriptive Error (e.g., "Helm index missing entries") so the Promise rejects
and your existing .catch() handling runs; update the logic around safeLoad,
json, and setHelmCharts to perform this runtime check rather than relying solely
on the HelmChartEntries type assertion.

---

Outside diff comments:
In `@frontend/packages/knative-plugin/src/components/add/brokers/AddBroker.tsx`:
- Around line 45-52: The createResources function currently returns null on YAML
parse failure which violates its Promise<K8sResourceKind> contract; update
createResources to return Promise<K8sResourceKind | null> (ensure it always
returns a Promise that resolves to null on parse error) and keep the YAML
parse/metadata logic that calls safeLoad and actions.setStatus; then update
handleSubmit to stop using unconditional .then() chaining on createResources —
convert handleSubmit to async/await, await createResources, check for a null
result and abort early (displaying the validation error) before proceeding with
further logic, so no .then() is invoked on null.

In `@frontend/packages/knative-plugin/src/utils/create-channel-utils.ts`:
- Around line 169-174: The parsing and property access for the ConfigMap
`configMap.data['default-ch-config']` (used when
`defaultConfiguredChannelLoaded` is true) must be guarded: wrap the `safeLoad`
call and subsequent access to `cfg.namespaceDefaults[namespace].kind` /
`cfg.clusterDefault.kind` in a try/catch, validate `cfg` against an expected
shape (e.g., optional `namespaceDefaults` object and a `clusterDefault.kind`
string) before reading properties, use optional chaining for all `.kind`
accesses, and on any error or malformed structure set `defaultConfiguredChannel`
to the fallback `EVENTING_IMC_KIND` so the Add flow does not crash; update
references in this block (variables `cfg`, `defaultConfiguredChannel`,
`configMap`, `namespace`, `default-ch-config`) accordingly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: ab0d5d20-5a5f-4f4e-ad32-1e29595b5635

📥 Commits

Reviewing files that changed from the base of the PR and between 3d26f42 and 0061900.

⛔ Files ignored due to path filters (1)
  • frontend/yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (15)
  • frontend/package.json
  • frontend/packages/console-shared/src/components/editor/yaml-download-utils.ts
  • frontend/packages/console-shared/src/hooks/useResourceSidebarSamples.ts
  • frontend/packages/dev-console/src/components/deployments/EditDeployment.tsx
  • frontend/packages/helm-plugin/src/catalog/providers/useHelmCharts.tsx
  • frontend/packages/helm-plugin/src/components/forms/HelmChartRepository/CreateHelmChartRepository.tsx
  • frontend/packages/helm-plugin/src/components/forms/install-upgrade/HelmChartVersionDropdown.tsx
  • frontend/packages/helm-plugin/src/components/forms/install-upgrade/HelmInstallUpgradePage.tsx
  • frontend/packages/helm-plugin/src/components/forms/url-chart/HelmURLChartInstallPage.tsx
  • frontend/packages/knative-plugin/src/components/add/brokers/AddBroker.tsx
  • frontend/packages/knative-plugin/src/utils/create-channel-utils.ts
  • frontend/packages/vsphere-plugin/src/components/persist.ts
  • frontend/public/components/edit-yaml.tsx
  • frontend/public/components/monitoring/alertmanager/alertmanager-utils.tsx
  • frontend/public/components/monitoring/receiver-forms/alert-manager-receiver-forms.tsx
📜 Review details
🧰 Additional context used
📓 Path-based instructions (1)
**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

  • frontend/packages/helm-plugin/src/components/forms/install-upgrade/HelmInstallUpgradePage.tsx
  • frontend/packages/console-shared/src/hooks/useResourceSidebarSamples.ts
  • frontend/packages/helm-plugin/src/components/forms/install-upgrade/HelmChartVersionDropdown.tsx
  • frontend/packages/console-shared/src/components/editor/yaml-download-utils.ts
  • frontend/packages/helm-plugin/src/catalog/providers/useHelmCharts.tsx
  • frontend/packages/helm-plugin/src/components/forms/url-chart/HelmURLChartInstallPage.tsx
  • frontend/packages/vsphere-plugin/src/components/persist.ts
  • frontend/packages/helm-plugin/src/components/forms/HelmChartRepository/CreateHelmChartRepository.tsx
  • frontend/public/components/monitoring/receiver-forms/alert-manager-receiver-forms.tsx
  • frontend/packages/dev-console/src/components/deployments/EditDeployment.tsx
  • frontend/public/components/monitoring/alertmanager/alertmanager-utils.tsx
  • frontend/packages/knative-plugin/src/components/add/brokers/AddBroker.tsx
  • frontend/package.json
  • frontend/packages/knative-plugin/src/utils/create-channel-utils.ts
  • frontend/public/components/edit-yaml.tsx
🔇 Additional comments (11)
frontend/packages/helm-plugin/src/components/forms/install-upgrade/HelmChartVersionDropdown.tsx (1)

128-128: LGTM — type assertion with runtime safety in place.

The cast to { entries: HelmChartEntries } is appropriate here. Optional chaining on json?.entries downstream (lines 134, 144, 147) provides adequate runtime protection if the YAML structure deviates unexpectedly.

frontend/packages/helm-plugin/src/components/forms/HelmChartRepository/CreateHelmChartRepository.tsx (1)

94-94: LGTM — well-protected type assertion.

The cast to HelmChartRepositoryType is safely wrapped in try/catch, and downstream access uses optional chaining on metadata?.namespace. Error handling properly surfaces YAML parse failures to the user.

frontend/packages/console-shared/src/components/editor/yaml-download-utils.ts (1)

5-16: LGTM — defensive coercion with graceful fallback.

The String(data) coercion handles the BlobPart union type safely. If a non-string Blob or BufferSource were passed, the safeLoad would fail and the catch block gracefully falls back to k8s-object.yaml. All current call sites pass strings anyway, so this is purely defensive.

frontend/public/components/monitoring/alertmanager/alertmanager-utils.tsx (2)

47-47: LGTM — appropriate type assertion.

The cast to AlertmanagerConfig is correctly wrapped in try/catch. Parse errors are surfaced via the error message return path.


58-58: LGTM — explicit type handling for union parameter.

Good defensive handling of the object | string union. The _.isObject() check ensures proper YAML serialization for objects while String(yaml) handles the string case explicitly rather than relying on implicit coercion.

frontend/public/components/monitoring/receiver-forms/alert-manager-receiver-forms.tsx (1)

546-546: LGTM — pragmatic type assertion for destructuring.

Using Record<string, any> is appropriate here since we're only extracting the global property. The try/catch properly handles malformed YAML, and undefined global is acceptable downstream.

frontend/public/components/edit-yaml.tsx (4)

77-79: LGTM — template loading with expected type.

The cast to K8sResourceKind aligns with the function's return type and the subsequent metadata access. YAML templates are controlled inputs, so parse failures here indicate a bug in the template itself.


339-339: LGTM — defensive type assertion.

Good error handling pattern — returns 'unknown' if parsing fails, preventing cascading errors.


381-381: LGTM — validation function with try/catch.

The cast result is unused since this is purely a validity check. Clean pattern.


598-598: LGTM — user input parsing with proper error handling.

The cast to Record<string, any> is appropriate before the validate() call, and the try/catch surfaces parse errors to the user via handleError.

frontend/packages/dev-console/src/components/deployments/EditDeployment.tsx (1)

49-49: LGTM — well-guarded type assertion.

The cast to K8sResourceKind is properly wrapped in try/catch, and the subsequent deploymentRes?.metadata?.namespace check uses optional chaining for runtime safety. Error feedback is correctly surfaced to the form status.

Comment thread frontend/package.json Outdated
"gherkin-lint": "^4.1.3",
"git-url-parse": "^11.4.0",
"graphql": "^14.0.0",
"graphql": "^16.8.0",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's verify the package.json file and check line 187 and surrounding context
head -n 200 frontend/package.json | tail -n 30

Repository: openshift/console

Length of output: 999


🏁 Script executed:

#!/bin/bash
# Get the full dependency list for apollo and graphql packages
grep -E "(graphql|apollo|subscriptions-transport)" frontend/package.json

Repository: openshift/console

Length of output: 910


🏁 Script executed:

#!/bin/bash
# Check the client.ts file to confirm Apollo 2 usage
cat -n frontend/public/graphql/client.ts | head -n 50

Repository: openshift/console

Length of output: 1847


🏁 Script executed (no clone):

#!/bin/bash
# Check Apollo Client 2.6.8 peer dependencies from npm registry
curl -s https://registry.npmjs.org/apollo-client/2.6.8 | jq '.peerDependencies, .peerDependenciesMeta' 2>/dev/null || echo "Failed to fetch from npm"

Length of output: 95


🏁 Script executed (no clone):

#!/bin/bash
# Also check subscriptions-transport-ws compatibility
curl -s https://registry.npmjs.org/subscriptions-transport-ws/0.9.16 | jq '.peerDependencies, .peerDependenciesMeta' 2>/dev/null || echo "Failed to fetch from npm"

Length of output: 106


🏁 Script executed:

#!/bin/bash
# Check if there are any reported issues or comments about graphql 16 compatibility in the codebase
find . -name "*.md" -o -name "*.txt" | xargs grep -l "graphql.*16\|apollo.*graphql" 2>/dev/null | head -5

Repository: openshift/console

Length of output: 43


GraphQL 16 incompatible with Apollo Client 2 peer dependencies

Line 187 upgrades graphql to ^16.8.0, but apollo-client@2.6.8 declares peer dependency graphql@^14.0.0 (max), and subscriptions-transport-ws@0.9.16 declares graphql@^14.0.2 (max). This runtime configuration violates those peer ranges and will cause compatibility issues at runtime.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@frontend/package.json` at line 187, The dependency upgrade to "graphql":
"^16.8.0" in package.json is incompatible with existing peer ranges of
apollo-client@2.6.8 and subscriptions-transport-ws@0.9.16; either downgrade/pin
"graphql" to a 14.x range (e.g., ^14.0.0) to satisfy those peers or
upgrade/migrate off apollo-client (Apollo Client v3+) and
subscriptions-transport-ws (or swap to graphql-ws) to versions that declare
compatibility with graphql@16; update package.json accordingly and run npm/yarn
install to verify peer conflicts are resolved.

@stefanonardo stefanonardo force-pushed the OCPBUGS-78980 branch 2 times, most recently from 0702518 to 827b5ae Compare April 1, 2026 11:48
@rhamilto

rhamilto commented Apr 1, 2026

Copy link
Copy Markdown
Member

/assign @logonoff

@stefanonardo

Copy link
Copy Markdown
Contributor Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Apr 1, 2026

Copy link
Copy Markdown
Contributor
✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@stefanonardo

Copy link
Copy Markdown
Contributor Author

/hold

@openshift-ci openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 2, 2026
@stefanonardo stefanonardo changed the title OCPBUGS-78980: Update @graphql-codegen packages for Node.js 25 compatibility [WIP] OCPBUGS-78980: Update @graphql-codegen packages for Node.js 25 compatibility Apr 2, 2026
@openshift-ci openshift-ci Bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Apr 2, 2026
@jhadvig

jhadvig commented May 18, 2026

Copy link
Copy Markdown
Member

@stefanonardo could you please rebase this one 🙏

@jhadvig

jhadvig commented Jun 30, 2026

Copy link
Copy Markdown
Member

Thanks @stefanonardo 👍
Added a few comments. Also description says "Add type casts at safeLoad/safeDump call sites to satisfy the stricter @types/js-yaml@3.12.10 return types", but no such changes exist in the 3 changed files. Either those changes were dropped in a force-push, or the description is stale. Should be corrected?

@stefanonardo

Copy link
Copy Markdown
Contributor Author

@jhadvig you're right, I'm updating the description

@stefanonardo

Copy link
Copy Markdown
Contributor Author

/test backend

Comment thread frontend/package.json Outdated
"@types/immutable": "^3.8.3",
"@types/jest": "^30.0.0",
"@types/js-yaml": "^3.12.7",
"@types/js-yaml": "3.12.10",

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we pinning us to a specific version ?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actualy there is no reason to update this. When I wrote this PR we didn't have this entry in package.json

import { useUserPreference } from './useUserPreference';

export interface ClusterProperties {
interface ClusterProperties {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are unexporting this interface? No objection just seems irrelevant to the overall change.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

frontend job was failing because this export was unused

@stefanonardo stefanonardo force-pushed the OCPBUGS-78980 branch 2 times, most recently from 7e638a7 to 839ea4f Compare June 30, 2026 11:04
@openshift-ci openshift-ci Bot added the component/backend Related to backend label Jun 30, 2026
@stefanonardo stefanonardo force-pushed the OCPBUGS-78980 branch 2 times, most recently from 770f63a to bdf978a Compare June 30, 2026 13:37
@stefanonardo

Copy link
Copy Markdown
Contributor Author

/test backend

1 similar comment
@stefanonardo

Copy link
Copy Markdown
Contributor Author

/test backend

@stefanonardo stefanonardo force-pushed the OCPBUGS-78980 branch 3 times, most recently from 5ec1b91 to 057bc78 Compare June 30, 2026 14:16
@stefanonardo

Copy link
Copy Markdown
Contributor Author

/retest

@stefanonardo

Copy link
Copy Markdown
Contributor Author

/test backend

…ibility

The console build fails on Node.js 25 because @graphql-codegen/cli@1.x
transitively depends on buffer-equal-constant-time, which uses the removed
SlowBuffer API. Upgrading to codegen v5 eliminates this dependency chain.
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@stefanonardo: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@jhadvig jhadvig added the plugin-api-approved Indicates a PR with plugin API changes has been approved by an API reviewer label Jul 1, 2026

@jhadvig jhadvig left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@jhadvig jhadvig added approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. labels Jul 1, 2026
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jhadvig, stefanonardo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jhadvig

jhadvig commented Jul 1, 2026

Copy link
Copy Markdown
Member

/verified by CI

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Jul 1, 2026
@openshift-ci-robot

Copy link
Copy Markdown
Contributor

@jhadvig: This PR has been marked as verified by CI.

Details

In response to this:

/verified by CI

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. component/backend Related to backend component/core Related to console core functionality component/dev-console Related to dev-console component/helm Related to helm-plugin component/knative Related to knative-plugin component/monitoring Related to monitoring component/shared Related to console-shared jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. plugin-api-approved Indicates a PR with plugin API changes has been approved by an API reviewer verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants