upgrade create-agents-template#2832
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
|
TL;DR — Bumps all Key changes
Summary | 3 files | 1 commit | base:
All five
|
There was a problem hiding this comment.
Straightforward version bump of all 5 @inkeep/* packages from ^0.58.5 → ^0.59.4 in the create-agents-template. All package references are consistent across both package.json files, and the lockfile update is proportional to the version change. No issues found.
There was a problem hiding this comment.
PR Review Summary
(0) Total Issues | Risk: Low
This is a straightforward dependency upgrade for create-agents-template, bumping all @inkeep/* packages from 0.58.5 to 0.59.4.
Changes Summary
| Package | Old Version | New Version |
|---|---|---|
@inkeep/agents-api |
^0.58.5 | ^0.59.4 |
@inkeep/agents-core |
^0.58.5 | ^0.59.4 |
@inkeep/agents-manage-ui |
^0.58.5 | ^0.59.4 |
@inkeep/agents-sdk |
^0.58.5 | ^0.59.4 |
@inkeep/agents-cli |
^0.58.5 | ^0.59.4 |
Lockfile Analysis
The large lockfile diff (+3139/-2527 lines) is expected given this is a minor version bump across 5 packages with cascading transitive dependencies. Notable resolved version changes:
- next: 16.1.6 → 16.2.1
- hono: 4.12.7 → 4.12.9
- TypeScript: 5.9.3 → 6.0.2 (now correctly resolving
^6.0.2from package.json) - turbo: 2.8.16 → 2.8.20
- tailwindcss: 4.2.1 → 4.2.2
- kysely: 0.28.11 → 0.28.14
What's Included
The 0.58.5 → 0.59.4 upgrade includes:
- SSO features (0.59.0): SSO configuration, auth method management, domain-filtered login flows
- Security fixes: Multiple patches including authorization bypass fixes, API key leakage prevention, tenant scoping hardening
- Bug fixes and improvements across patch versions
Observations (Informational)
💭 MongoDB transitive dependency: The upgrade introduces [email protected] as a new transitive dependency via @better-auth/mongo-adapter. This is an optional peer dependency and expected given the @better-auth version bump from 1.4.x to 1.5.x.
💭 TypeScript lockfile alignment: The lockfile previously pinned TypeScript 5.9.3 despite package.json specifying ^6.0.2. This PR correctly resolves the mismatch. The template already expected TypeScript 6.x.
✅ APPROVE
Summary: Clean dependency upgrade following the expected pattern. All @inkeep/* packages are aligned to the same version (0.59.4), lockfile changes are proportional to the upgrade scope, and no breaking changes to the template's API surface. This upgrade brings security improvements and new features that benefit template users.
Reviewers (2)
| Reviewer | Returned | Main Findings | Consider | While You're Here | Inline Comments | Pending Recs | Discarded |
|---|---|---|---|---|---|---|---|
pr-review-devops |
4 | 0 | 0 | 0 | 0 | 0 | 4 |
pr-review-breaking-changes |
3 | 0 | 0 | 0 | 0 | 0 | 3 |
| Total | 7 | 0 | 0 | 0 | 0 | 0 | 7 |
Note: All findings were informational observations appropriate for a dependency upgrade PR. No actionable issues identified.
Discarded (7)
| Location | Issue | Reason Discarded |
|---|---|---|
pnpm-lock.yaml |
TypeScript lockfile alignment concern | Not an issue - lockfile now correctly resolves ^6.0.2 as specified in package.json |
pnpm-lock.yaml |
MongoDB added as transitive dependency | Expected behavior from @better-auth upgrade, not a concern |
pnpm-lock.yaml |
Large lockfile churn | Expected and proportional to dependency upgrade scope |
package.json |
Caret ranges for @inkeep deps | Pre-existing pattern, lockfile committed with template mitigates |
package.json |
TypeScript 6.x breaking changes | Already specified in package.json on main, not introduced by this PR |
package.json |
0.59.0 SSO features may need config | Informational - standard template usage unaffected |
package.json |
Security improvements bundled | Positive observation, not an issue |
No description provided.