2025-07-07 Dependencies Update Report For Symple44 And TopSteel
This report highlights outdated dependencies detected in the Symple44 and TopSteel projects. Regularly updating dependencies is crucial for maintaining the security, stability, and performance of our applications. Outdated packages can introduce vulnerabilities, compatibility issues, and hinder the adoption of new features and improvements. This report provides a detailed overview of the outdated packages, their dependencies, and recommended actions to address them.
📊 Outdated Packages
The following packages have been identified as outdated across various projects, including @erp/web, @erp/config, @erp/api, and @erp/ui. Each entry includes the current version, the available update, and the dependent project(s). Addressing these outdated packages is essential for maintaining the health and security of our applications.
. |  WARN  Unsupported engine: wanted: {"node":">=18.18.0"} (current: {"node":"v18.17.0","pnpm":"8.15.0"})
apps/api |  WARN  Unsupported engine: wanted: {"node":">=18.18.0"} (current: {"node":"v18.17.0","pnpm":"8.15.0"})
@types/dompurify
3.2.0 => Deprecated
Dependent: @erp/web
@next/bundle-analyzer (dev)
15.3.4 => 15.3.5
Dependent: @erp/web
caniuse-lite (dev)
1.0.30001726 => 1.0.30001727
Dependent: @erp/web
eslint-config-next
15.3.4 => 15.3.5
Dependent: @erp/config
jest (dev)
30.0.3 => 30.0.4
Dependents: @erp/api, @erp/web
next
15.3.4 => 15.3.5
Dependent: @erp/web
vite (dev)
7.0.0 => 7.0.2
Dependent: @erp/ui
webpack-bundle-analyzer (dev)
4.10.1 => 4.10.2
Dependent: @erp/web
zod
3.25.67 => 3.25.74
Dependents: @erp/utils, @erp/web
react-hook-form
7.59.0 => 7.60.0
Dependent: @erp/web
@chromatic-com/storybook (dev)
3.2.7 => 4.0.1
Dependent: @erp/ui
@nestjs/throttler
5.2.0 => 6.4.0
Dependent: @erp/api
@storybook/addon-links (dev)
8.6.14 => 9.0.15
Dependent: @erp/ui
@storybook/addon-onboarding (dev)
8.6.14 => 9.0.15
Dependent: @erp/ui
@storybook/react (dev)
8.6.14 => 9.0.15
Dependent: @erp/ui
@storybook/react-vite (dev)
8.6.14 => 9.0.15
Dependent: @erp/ui
@types/express (dev)
4.17.23 => 5.0.3
Dependent: @erp/api
@types/multer (dev)
1.4.13 => 2.0.0
Dependent: @erp/api
@types/node (dev)
22.16.0 => 24.0.10
Dependent: @erp/ui
@types/passport-jwt (dev)
3.0.13 => 4.0.1
Dependent: @erp/api
@types/supertest (dev)
2.0.16 => 6.0.3
Dependent: @erp/api
@vitest/coverage-v8 (dev)
2.1.9 => 3.2.4
Dependent: @erp/ui
@vitest/ui (dev)
2.1.9 => 3.2.4
Dependent: @erp/ui
bcrypt
5.1.1 => 6.0.0
Dependent: @erp/api
helmet
7.2.0 => 8.1.0
Dependent: @erp/api
jsdom (dev)
25.0.1 => 26.1.0
Dependent: @erp/ui
react-error-boundary
4.1.2 => 6.0.0
Dependent: @erp/web
redis
4.7.1 => 5.5.6
Dependent: @erp/api
rollup-plugin-visualizer (dev)
5.14.0 => 6.0.3
Dependent: @erp/ui
storybook (dev)
8.6.14 => 9.0.15
Dependent: @erp/ui
supertest (dev)
6.3.4 => 7.1.1
Dependent: @erp/api
vitest (dev)
2.1.9 => 3.2.4
Dependent: @erp/ui
web-vitals
3.5.2 => 5.0.3
Dependent: @erp/web
vite-bundle-analyzer (dev)
0.11.1 => 1.0.0
Dependent: @erp/ui
Detailed Analysis of Key Dependency Updates
In this section, we will delve into some of the critical dependency updates identified in the report. Understanding the implications of these updates is crucial for making informed decisions about how and when to implement them. We will focus on key packages such as @nestjs/throttler, bcrypt, helmet, redis, and the Storybook suite of tools, as these often involve significant changes or security considerations.
@nestjs/throttler (5.2.0 => 6.4.0): This update for the @nestjs/throttler package, which is dependent on @erp/api, warrants careful review. Throttling is a critical aspect of API security, and changes in this package could impact rate limiting and overall application resilience. It’s important to examine the release notes for version 6.4.0 to identify any breaking changes, new features, or security enhancements. Testing the updated package in a staging environment is highly recommended before deploying to production.
bcrypt (5.1.1 => 6.0.0): The bcrypt package is used for password hashing, a fundamental security practice. A major version update from 5.1.1 to 6.0.0, with a dependency on @erp/api, often indicates significant changes, potentially including security patches, performance improvements, or API modifications. Reviewing the migration guide and release notes for bcrypt 6.0.0 is essential to ensure a smooth transition and to avoid any disruptions to authentication processes. Particular attention should be paid to changes in hashing algorithms or salt generation methods.
helmet (7.2.0 => 8.1.0): The helmet package is a crucial middleware for securing HTTP headers in web applications. This update, dependent on @erp/api, likely includes enhancements to security policies and may introduce new header configurations. It is important to review the release notes for helmet 8.1.0 to understand the changes and ensure they align with the application's security requirements. Additionally, testing the updated middleware in a controlled environment can help identify any unexpected behavior or compatibility issues.
redis (4.7.1 => 5.5.6): Redis is used for caching and real-time data storage, making its reliability and performance critical. The update from version 4.7.1 to 5.5.6, with a dependency on @erp/api, may include performance improvements, new features, or bug fixes. It is important to review the release notes to understand these changes and their potential impact on the application. Testing the updated Redis client in a staging environment can help ensure compatibility and identify any necessary configuration adjustments.
Storybook Suite (@storybook/addon-links, @storybook/addon-onboarding, @storybook/react, @storybook/react-vite, storybook) (8.6.14 => 9.0.15): The Storybook suite of packages has seen a significant update, moving from version 8.6.14 to 9.0.15, with dependencies on @erp/ui. This major version update likely includes new features, performance improvements, and potentially breaking changes. Storybook is a critical tool for UI development and testing, so it’s essential to thoroughly review the migration guide and release notes. The update may affect how stories are written, configured, or rendered. Testing the updated Storybook environment is crucial to ensure a seamless transition for developers and designers.
Understanding the specifics of these key dependency updates is vital for maintaining a robust and secure application ecosystem. Each package update brings its own set of considerations, and a proactive approach to reviewing and testing these changes is essential.
Addressing Engine Warnings
The report includes warnings about unsupported engine versions: WARN Unsupported engine: wanted: {"node":">=18.18.0"} (current: {"node":"v18.17.0","pnpm":"8.15.0"}). This indicates that our current Node.js version (v18.17.0) does not meet the requirement of some packages (>=18.18.0). To resolve this, we need to update the Node.js version in our environment. Upgrading Node.js is essential for ensuring compatibility with the latest packages and leveraging the performance improvements and security patches included in newer Node.js releases. This upgrade should be planned and executed carefully to minimize disruption and ensure all applications function correctly with the new Node.js version. It's also important to consider the compatibility of other tools and libraries within our projects that may be affected by the Node.js upgrade.
🎯 Recommended Actions
To effectively manage these dependency updates, it is crucial to follow a structured approach. The following actions are recommended to ensure a smooth and secure update process:
- Check for Breaking Changes in New Versions: Before initiating any updates, thoroughly review the release notes and migration guides for each package. Pay close attention to any breaking changes that may require code modifications or configuration adjustments. Identifying these changes early can prevent unexpected issues during the update process. Breaking changes can range from API modifications to changes in configuration options, so a detailed review is essential for each package.
- Run
pnpm update --latestfor Minor Updates: For minor version updates and patch releases, use thepnpm update --latestcommand. This command updates packages to the latest compatible versions within the defined version range, ensuring you receive the latest bug fixes and improvements without introducing major changes. Running this command regularly helps keep dependencies up-to-date and reduces the risk of encountering known issues. However, even minor updates should be tested in a non-production environment before deploying to production. - Test Locally Before Merging: Before merging any dependency updates into the main branch, thoroughly test the changes in a local development environment. This includes running unit tests, integration tests, and end-to-end tests to ensure that the updates do not introduce any regressions or compatibility issues. Local testing allows for quick identification and resolution of problems before they impact other developers or the production environment. Additionally, manual testing of key features and workflows is recommended to ensure a comprehensive evaluation of the updates.
- Plan Major Updates: Major version updates often include significant changes and may require substantial code modifications. Plan these updates carefully, considering the potential impact on the application and the resources required for the update. Major updates should be scheduled during off-peak hours and should be accompanied by a detailed rollback plan in case issues arise. Communication with stakeholders about the planned updates and potential disruptions is also crucial. A phased approach to major updates, where changes are rolled out gradually, can help mitigate risks and ensure a smoother transition.
By following these steps, we can ensure that our dependency updates are managed effectively, minimizing risks and maximizing the benefits of staying current with the latest package versions. Regular dependency updates are a crucial part of maintaining a secure and stable application environment.
Generated automatically by GitHub Actions
