Dependency updates

[dlabrecq]

Dependency updates

Summary by Sourcery

Update project dependencies and dependency-checking script across the workspace.

Enhancements:

• Adjust the check:dependencies:all script to run dependency checks in the root and all workspaces.
• Bump various @formatjs, eslint-plugin-formatjs, react-intl, Cypress, and related type packages to newer patch versions across the repo.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR updates several dependencies across the monorepo (primarily FormatJS, React typings, react-intl, Cypress) and adjusts the root dependency check script to run both at the root and within all workspaces.

File-Level Changes

Change	Details	Files
Adjust root dependency check script to run checks at both the root and workspace levels.	Modify the npm script so that dependency checks are executed once at the root and then again for all workspaces using npm exec. Ensure dependency update workflows now cover both top-level and workspace package.json files.	package.json
Upgrade shared tooling and type definition dependencies at the repo root.	Bump multiple @formatjs packages to their next patch/minor versions. Update React type definitions (@types/react and @types/react-dom) to newer versions, keeping them in sync with React 18 usage. Increment eslint-plugin-formatjs to the latest patch release. Regenerate package-lock.json to reflect all updated dependency versions.	package.json package-lock.json
Update react-intl and Cypress versions in app packages to the latest patch releases.	Bump react-intl to the next patch version in all three app packages to stay aligned with shared i18n tooling. Upgrade Cypress in the on-premise app to the latest patch version. Ensure app-level package-lock entries (captured in the root lockfile) match the new dependency versions.	apps/koku-ui-onprem/package.json apps/koku-ui-hccm/package.json apps/koku-ui-ros/package.json package-lock.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gemini-code-assist]

Summary of Changes

Hello @dlabrecq, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on routine dependency maintenance, ensuring that the project's various applications and their underlying packages are up-to-date. These updates help in maintaining compatibility, incorporating the latest features, and addressing any potential security vulnerabilities or bug fixes present in older versions. The changes primarily involve minor version increments across several key libraries and their transitive dependencies.

Highlights

• Dependency Updates: Updated react-intl from 8.0.10 to 8.0.11 across koku-ui-hccm, koku-ui-onprem, and koku-ui-ros applications.
• Cypress Update: The cypress development dependency in koku-ui-onprem was updated from 15.8.1 to 15.8.2.
• FormatJS Ecosystem Updates: Several @formatjs related packages, including @formatjs/cli, @formatjs/ecma402-abstract, @formatjs/fast-memoize, @formatjs/icu-messageformat-parser, @formatjs/intl, @formatjs/intl-localematcher, and eslint-plugin-formatjs, received minor version bumps.
• Transitive Dependency Updates: Key transitive dependencies such as @cypress/request, qs, @types/react, csstype, and intl-messageformat were updated to their latest compatible versions, with a specific nested qs entry being removed from package-lock.json.
• Script Enhancement: The check:dependencies:all script in the root package.json was modified to include a check for root dependencies before checking workspace dependencies.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The change to check:dependencies:all now runs the root check:dependencies before the workspace-wide command; double-check this ordering is intentional and that running both in sequence (rather than only workspaces) matches how you expect the command to be used in CI and locally.
• The downgrade of @types/react from ^18.3.26 to ^18.2.64 and @types/react-dom from ^18.3.7 to ^18.3.1 is unusual compared to other dependency bumps; please confirm these version changes are intentional and still compatible with your React version.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The change to `check:dependencies:all` now runs the root `check:dependencies` before the workspace-wide command; double-check this ordering is intentional and that running both in sequence (rather than only workspaces) matches how you expect the command to be used in CI and locally.
- The downgrade of `@types/react` from `^18.3.26` to `^18.2.64` and `@types/react-dom` from `^18.3.7` to `^18.3.1` is unusual compared to other dependency bumps; please confirm these version changes are intentional and still compatible with your React version.

## Individual Comments

### Comment 1
<location> `package.json:21` </location>
<code_context>
     "build:onprem": "npm run -w @koku-ui/koku-ui-ros build:onprem && npm run -w @koku-ui/koku-ui-hccm build:onprem && npm run -w @koku-ui/koku-ui-onprem build",
     "check:dependencies": "npx npm-check-updates",
-    "check:dependencies:all": "npm exec --workspaces -- npm run check:dependencies",
+    "check:dependencies:all": "npm run check:dependencies; npm exec --workspaces -- npm run check:dependencies",
     "check:dependencies:update": "npx npm-check-updates -u",
     "clean": "npm exec --workspaces -- npm run clean",
</code_context>

<issue_to_address>
**suggestion (bug_risk):** Consider using `&&` instead of `;` so the workspace check only runs if the root check succeeds.

With `;`, the workspace `npm exec --workspaces -- npm run check:dependencies` still runs even if the initial `npm run check:dependencies` fails, which can obscure the real failure and add noisy output to CI logs. Using `&&` would ensure the workspace check only runs when the root check succeeds, which is usually what you want for a "check" script.

```suggestion
    "check:dependencies:all": "npm run check:dependencies && npm exec --workspaces -- npm run check:dependencies",
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request updates various dependencies across the project. While most updates are straightforward patch and minor version bumps, there's a critical inconsistency in the updates for @types/react and @types/react-dom in the root package.json. The versions specified in package.json conflict with what's in package-lock.json, which could lead to unpredictable dependency resolution. I've provided a suggestion to align these versions and ensure consistency.

[gemini-code-assist]

There are inconsistencies in the dependency versions for @types/react and @types/react-dom, likely from resolving previously yanked package versions.

• @types/react: package.json is updated to ^18.2.64, but package-lock.json has resolved it to version 18.3.27. These versions are incompatible, and npm install would not produce the current lockfile from this package.json.
• @types/react-dom: package.json is updated to ^18.3.1 (from a yanked version), but the package-lock.json entry for node_modules/@types/react-dom still points to the old, yanked version 18.3.7.

These inconsistencies can lead to unpredictable builds. It would be best to resolve these conflicts. I suggest aligning the package.json versions with the likely intended versions and then regenerating the lock file.

For @types/react, using ^18.3.27 would match the version in the lock file. For @types/react-dom, ^18.3.1 seems correct, but the lock file needs to be updated consistently.

Suggested change

	"@types/react": "^18.2.64",
	"@types/react-dom": "^18.3.1",
	"@types/react": "^18.3.27",
	"@types/react-dom": "^18.3.1",

[dlabrecq]

rebuilt lock file

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.64%. Comparing base (007909c) to head (5987a57).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4821   +/-   ##
=======================================
  Coverage   86.64%   86.64%           
=======================================
  Files         482      482           
  Lines        9231     9231           
  Branches     2237     2240    +3     
=======================================
  Hits         7998     7998           
  Misses       1162     1162           
  Partials       71       71           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.