Skip to content

♻️ bump sync-server dependencies #5497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Aug 6, 2025
Merged

♻️ bump sync-server dependencies #5497

merged 11 commits into from
Aug 6, 2025

Conversation

matt-fidd
Copy link
Member

@matt-fidd matt-fidd commented Aug 6, 2025
edited
Loading

I'm going to work my way through these again, it's amazing how fast they fall out of date. Package by package this time instead of upgrade level, it's just easier to test and work through.

The major versions here are all just dropping Node 18 which is fine now we've moved to 20.

Only openid-client left to upgrade here, but v6 is a complete API rewrite so it's one for another PR/time.

@matt-fidd matt-fidd added the dependencies Pull requests that update a dependency file label Aug 6, 2025
@actual-github-bot actual-github-bot bot changed the title ♻️ bump sync-server dependencies [WIP] ♻️ bump sync-server dependencies Aug 6, 2025
@netlify Netlify
Copy link

netlify bot commented Aug 6, 2025
edited
Loading

Deploy Preview for actualbudget ready!

Name Link
🔨 Latest commit beba03b
🔍 Latest deploy log https://app.netlify.com/projects/actualbudget/deploys/6892dd8370320c000888989a
😎 Deploy Preview https://deploy-preview-5497.demo.actualbudget.org
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 6, 2025

Bundle Stats — desktop-client

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
21 10.51 MB → 10.51 MB (+140 B) +0.00%
Changeset
File Δ Size
locale/en.json 📈 +140 B (+0.11%) 125.68 kB → 125.82 kB
View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

Asset File Size % Changed
static/js/en.js 125.68 kB → 125.82 kB (+140 B) +0.11%

Smaller

No assets were smaller

Unchanged

Asset File Size % Changed
static/js/index.js 7.87 MB 0%
static/js/de.js 138.95 kB 0%
static/js/en-GB.js 6.38 kB 0%
static/js/es.js 70.7 kB 0%
static/js/fr.js 146.23 kB 0%
static/js/nl.js 100.01 kB 0%
static/js/pl.js 84.56 kB 0%
static/js/pt-BR.js 139.01 kB 0%
static/js/sv.js 64.72 kB 0%
static/js/th.js 189.32 kB 0%
static/js/uk.js 120.22 kB 0%
static/js/indexeddb-main-thread-worker-e59fee74.js 12.94 kB 0%
static/js/workbox-window.prod.es5.js 5.64 kB 0%
static/js/resize-observer.js 18.37 kB 0%
static/js/BackgroundImage.js 122.29 kB 0%
static/js/ReportRouter.js 826.72 kB 0%
static/js/narrow.js 393.99 kB 0%
static/js/wide.js 116.08 kB 0%
static/js/TransactionList.js 10.92 kB 0%
static/js/useAccountPreviewTransactions.js 3.15 kB 0%

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 6, 2025

Bundle Stats — loot-core

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
1 2.26 MB 0%

Changeset

No files were changed

View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

No assets were bigger

Smaller

No assets were smaller

Unchanged

Asset File Size % Changed
kcab.worker.js 2.26 MB 0%

@matt-fidd matt-fidd changed the title [WIP] ♻️ bump sync-server dependencies ♻️ bump sync-server dependencies Aug 6, 2025
@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Aug 6, 2025

Walkthrough

This change updates dependency versions across several package.json files in multiple packages. The main updates include bumping the versions of typescript, @types/node, and better-sqlite3, along with several other dependencies and devDependencies in the sync-server package. Additionally, a change in packages/loot-core/src/mocks/util.ts modifies the mocked fetch implementation to ensure the response body is explicitly a Uint8Array. No changes were made to public or exported entity declarations.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

Suggested labels

:sparkles: merged

Suggested reviewers

  • matt-fidd
📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c621f68 and beba03b.

⛔ Files ignored due to path filters (2)
  • upcoming-release-notes/5497.md is excluded by !**/*.md
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (7)
  • package.json (2 hunks)
  • packages/api/package.json (1 hunks)
  • packages/crdt/package.json (1 hunks)
  • packages/desktop-electron/package.json (2 hunks)
  • packages/loot-core/package.json (3 hunks)
  • packages/loot-core/src/mocks/util.ts (1 hunks)
  • packages/sync-server/package.json (1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx}

📄 CodeRabbit Inference Engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Use functional and declarative programming patterns; avoid classes.
Use descriptive variable names with auxiliary verbs (e.g., isLoaded, hasError).
Favor named exports for components and utilities.
Use TypeScript for all code; prefer interfaces over types.
Avoid enums; use objects or maps instead.
Avoid using any or unknown unless absolutely necessary. Look for type definitions in the codebase instead.
Avoid type assertions with as or !; prefer using satisfies.
Use the "function" keyword for pure functions.
Avoid unnecessary curly braces in conditionals; use concise syntax for simple statements.

Files:

  • packages/loot-core/src/mocks/util.ts
🧠 Learnings (27)
📓 Common learnings 
Learnt from: tlesicka
PR: actualbudget/actual#3689
File: packages/desktop-client/src/components/modals/LoadBackupModal.tsx:162-190
Timestamp: 2024-10-25T06:22:33.416Z
Learning: Adding progress indicators for backup operations in the budget application requires updates to the server backend, and may be beyond the scope of a single PR.

Learnt from: matt-fidd
PR: actualbudget/actual#3581
File: packages/loot-core/src/types/models/bank-sync.d.ts:11-21
Timestamp: 2024-11-04T14:14:10.698Z
Learning: In `packages/loot-core/src/types/models/bank-sync.d.ts`, when defining TypeScript types for data received from the server, maintain the field names as they are in the server response, even if they don't follow TypeScript naming conventions.

Learnt from: jfdoming
PR: actualbudget/actual#4147
File: packages/loot-core/src/platform/client/fetch/index.d.ts:44-45
Timestamp: 2025-01-18T03:51:56.741Z
Learning: Query results in `packages/loot-core/src/platform/client/fetch/index.d.ts` are intentionally typed as `any` due to their complex and varied nature (could be numbers, strings, or other types). While this could be improved with stricter types in the future, it requires significant work to properly type all possible Query results.

Learnt from: MikesGlitch
PR: actualbudget/actual#3553
File: packages/desktop-electron/package.json:88-88
Timestamp: 2024-10-04T08:48:55.161Z
Learning: In the `desktop-electron` module, `loot-core`'s essential files are intentionally copied during packaging using `electron-builder`. Therefore, references to `loot-core` in the codebase are expected and should remain, even though the `loot-core` dependency is removed from `package.json`.

Learnt from: tlesicka
PR: actualbudget/actual#3689
File: packages/loot-core/src/server/main.ts:1860-1863
Timestamp: 2024-10-22T08:57:47.316Z
Learning: When duplicating a budget in `packages/loot-core/src/server/main.ts`, `fs.copyFile` can be used to copy `db.sqlite` because it already handles SQL files correctly, making the use of `_copySqlFile` unnecessary.

Learnt from: matt-fidd
PR: actualbudget/actual#3581
File: packages/loot-core/src/server/main.ts:1188-1198
Timestamp: 2024-10-25T00:12:14.939Z
Learning: In `packages/loot-core/src/server/main.ts`, when handling errors, the error properties `error_code` and `error_type` may already be mapped to `code` and `category` before being passed to `handleSyncError`.

Learnt from: matt-fidd
PR: actualbudget/actual#4041
File: packages/loot-core/src/types/util.d.ts:13-16
Timestamp: 2025-01-02T18:25:14.566Z
Learning: In `packages/loot-core/src/types/util.d.ts`, `TransObjectLiteral` remains typed as `any` due to the react-i18next issue (https://github.com/i18next/react-i18next/issues/1483) not being resolved yet.

Learnt from: matt-fidd
PR: actualbudget/actual#3581
File: packages/loot-core/src/client/actions/account.ts:180-194
Timestamp: 2024-11-04T00:34:13.035Z
Learning: In `packages/loot-core/src/client/actions/account.ts`, within the `syncAccounts` function, the batch sync request for SimpleFin accounts handles errors by returning error objects instead of throwing exceptions. Therefore, wrapping this block in a try-catch is unnecessary.

Learnt from: MatissJanis
PR: actualbudget/actual#4108
File: tsconfig.json:22-22
Timestamp: 2025-01-08T20:54:04.680Z
Learning: Jest testing framework is used in multiple packages (api, crdt, loot-core) while desktop-client uses Vitest. Both Jest and Vitest types should be kept in the root tsconfig.json.

Learnt from: tlesicka
PR: actualbudget/actual#3689
File: packages/loot-core/src/server/backups.web.ts:141-162
Timestamp: 2024-10-25T06:04:25.867Z
Learning: In `packages/loot-core/src/server/backups.web.ts`, the `removeAllBackups` function should remove backups sequentially to prevent database errors. Parallel execution in this context should be avoided.

Learnt from: matt-fidd
PR: actualbudget/actual#4141
File: packages/loot-core/src/server/aql/schema/index.ts:145-145
Timestamp: 2025-01-12T20:26:15.249Z
Learning: In the schema definitions in `packages/loot-core/src/server/aql/schema/index.ts`, field definitions should follow the existing pattern using only the common properties (`type`, `default`, `required`, `ref`) for consistency.
📚 Learning: typescript configuration and entry points for the @actual-app/components package will be added when ... 
Learnt from: MatissJanis
PR: actualbudget/actual#4169
File: packages/component-library/package.json:16-23
Timestamp: 2025-01-16T19:28:56.310Z
Learning: TypeScript configuration and entry points for the actual-app/components package will be added when the package is ready to be published as a real NPM package, as it's not needed while the package is used only internally within the monorepo.

Applied to files:

  • packages/crdt/package.json
  • package.json
  • packages/loot-core/package.json
  • packages/api/package.json
  • packages/desktop-electron/package.json
  • packages/sync-server/package.json
📚 Learning: in the actual budget project, avoid suggesting documentation of typescript version requirements for ... 
Learnt from: MatissJanis
PR: actualbudget/actual#5118
File: .cursor/rules/typescript.mdc:23-26
Timestamp: 2025-06-06T21:31:28.667Z
Learning: In the Actual Budget project, avoid suggesting documentation of TypeScript version requirements for individual features in coding guidelines since the project maintains current TypeScript versions and doesn't plan on downgrading.

Applied to files:

  • packages/crdt/package.json
  • package.json
  • packages/api/package.json
  • packages/desktop-electron/package.json
  • packages/sync-server/package.json
📚 Learning: jest testing framework is used in multiple packages (api, crdt, loot-core) while desktop-client uses... 
Learnt from: MatissJanis
PR: actualbudget/actual#4108
File: tsconfig.json:22-22
Timestamp: 2025-01-08T20:54:04.680Z
Learning: Jest testing framework is used in multiple packages (api, crdt, loot-core) while desktop-client uses Vitest. Both Jest and Vitest types should be kept in the root tsconfig.json.

Applied to files:

  • packages/crdt/package.json
  • package.json
  • packages/loot-core/package.json
  • packages/api/package.json
  • packages/desktop-electron/package.json
  • packages/sync-server/package.json
📚 Learning: in `packages/loot-core/src/types/util.d.ts`, `transobjectliteral` remains typed as `any` due to the ... 
Learnt from: matt-fidd
PR: actualbudget/actual#4041
File: packages/loot-core/src/types/util.d.ts:13-16
Timestamp: 2025-01-02T18:25:14.566Z
Learning: In `packages/loot-core/src/types/util.d.ts`, `TransObjectLiteral` remains typed as `any` due to the react-i18next issue (https://github.com/i18next/react-i18next/issues/1483) not being resolved yet.

Applied to files:

  • packages/crdt/package.json
  • package.json
  • packages/loot-core/package.json
📚 Learning: applies to **/*.{ts,tsx} : use typescript for all code; prefer interfaces over types.... 
Learnt from: CR
PR: actualbudget/actual#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-07-18T18:01:31.195Z
Learning: Applies to **/*.{ts,tsx} : Use TypeScript for all code; prefer interfaces over types.

Applied to files:

  • packages/crdt/package.json
  • package.json
  • packages/desktop-electron/package.json
📚 Learning: the project follows an incremental approach to typescript strict mode migration. during the conversi... 
Learnt from: jfdoming
PR: actualbudget/actual#5060
File: packages/loot-core/typings/window.ts:1-1
Timestamp: 2025-05-25T19:03:39.815Z
Learning: The project follows an incremental approach to TypeScript strict mode migration. During the conversion from .d.ts to .ts files, temporary `// ts-strict-ignore` directives are acceptable to keep PRs manageable in size, with the intention to address strict mode violations in future PRs.

Applied to files:

  • package.json
📚 Learning: in the `desktop-electron` module, `loot-core`'s essential files are intentionally copied during pack... 
Learnt from: MikesGlitch
PR: actualbudget/actual#3553
File: packages/desktop-electron/package.json:88-88
Timestamp: 2024-10-04T08:48:55.161Z
Learning: In the `desktop-electron` module, `loot-core`'s essential files are intentionally copied during packaging using `electron-builder`. Therefore, references to `loot-core` in the codebase are expected and should remain, even though the `loot-core` dependency is removed from `package.json`.

Applied to files:

  • package.json
  • packages/loot-core/package.json
  • packages/desktop-electron/package.json
  • packages/sync-server/package.json
📚 Learning: in `packages/desktop-electron/index.ts`, `process.env.lootcorescript` is correctly assigned a string... 
Learnt from: MikesGlitch
PR: actualbudget/actual#3553
File: packages/desktop-electron/server.ts:7-13
Timestamp: 2024-10-04T09:05:56.329Z
Learning: In `packages/desktop-electron/index.ts`, `process.env.lootCoreScript` is correctly assigned a string value based on the `isDev` flag.

Applied to files:

  • package.json
  • packages/loot-core/package.json
  • packages/api/package.json
  • packages/desktop-electron/package.json
  • packages/sync-server/package.json
📚 Learning: applies to **/*.{ts,tsx} : avoid using `any` or `unknown` unless absolutely necessary. look for type... 
Learnt from: CR
PR: actualbudget/actual#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-07-18T18:01:31.195Z
Learning: Applies to **/*.{ts,tsx} : Avoid using `any` or `unknown` unless absolutely necessary. Look for type definitions in the codebase instead.

Applied to files:

  • package.json
📚 Learning: applies to **/*.{ts,tsx} : avoid type assertions with `as` or `!`; prefer using `satisfies`.... 
Learnt from: CR
PR: actualbudget/actual#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-07-18T18:01:31.195Z
Learning: Applies to **/*.{ts,tsx} : Avoid type assertions with `as` or `!`; prefer using `satisfies`.

Applied to files:

  • package.json
📚 Learning: write concise, technical typescript code.... 
Learnt from: CR
PR: actualbudget/actual#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-07-18T18:01:31.195Z
Learning: Write concise, technical TypeScript code.

Applied to files:

  • package.json
  • packages/api/package.json
📚 Learning: applies to **/*.{ts,tsx} : favor named exports for components and utilities.... 
Learnt from: CR
PR: actualbudget/actual#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-07-18T18:01:31.195Z
Learning: Applies to **/*.{ts,tsx} : Favor named exports for components and utilities.

Applied to files:

  • package.json
📚 Learning: query results in `packages/loot-core/src/platform/client/fetch/index.d.ts` are intentionally typed a... 
Learnt from: jfdoming
PR: actualbudget/actual#4147
File: packages/loot-core/src/platform/client/fetch/index.d.ts:44-45
Timestamp: 2025-01-18T03:51:56.741Z
Learning: Query results in `packages/loot-core/src/platform/client/fetch/index.d.ts` are intentionally typed as `any` due to their complex and varied nature (could be numbers, strings, or other types). While this could be improved with stricter types in the future, it requires significant work to properly type all possible Query results.

Applied to files:

  • packages/loot-core/package.json
  • packages/loot-core/src/mocks/util.ts
📚 Learning: when duplicating a budget in `packages/loot-core/src/server/main.ts`, `fs.copyfile` can be used to c... 
Learnt from: tlesicka
PR: actualbudget/actual#3689
File: packages/loot-core/src/server/main.ts:1860-1863
Timestamp: 2024-10-22T08:57:47.316Z
Learning: When duplicating a budget in `packages/loot-core/src/server/main.ts`, `fs.copyFile` can be used to copy `db.sqlite` because it already handles SQL files correctly, making the use of `_copySqlFile` unnecessary.

Applied to files:

  • packages/loot-core/package.json
  • packages/loot-core/src/mocks/util.ts
📚 Learning: the file `packages/loot-core/src/shared/rules.ts` is not yet translated, so internationalization usi... 
Learnt from: lelemm
PR: actualbudget/actual#3891
File: packages/loot-core/src/shared/rules.ts:209-212
Timestamp: 2024-11-26T13:07:02.794Z
Learning: The file `packages/loot-core/src/shared/rules.ts` is not yet translated, so internationalization using the `t()` function is not required here.

Applied to files:

  • packages/loot-core/package.json
📚 Learning: in `packages/loot-core/src/server/backups.web.ts`, during backup creation, only the `.latest.` backu... 
Learnt from: tlesicka
PR: actualbudget/actual#3689
File: packages/loot-core/src/server/backups.web.ts:112-118
Timestamp: 2024-10-27T11:27:58.922Z
Learning: In `packages/loot-core/src/server/backups.web.ts`, during backup creation, only the `.latest.` backup requires copying the `metadata.json` file; other backups do not need to include `metadata.json`.

Applied to files:

  • packages/loot-core/package.json
  • packages/loot-core/src/mocks/util.ts
  • packages/sync-server/package.json
📚 Learning: in `packages/loot-core/src/types/models/bank-sync.d.ts`, when defining typescript types for data rec... 
Learnt from: matt-fidd
PR: actualbudget/actual#3581
File: packages/loot-core/src/types/models/bank-sync.d.ts:11-21
Timestamp: 2024-11-04T14:14:10.698Z
Learning: In `packages/loot-core/src/types/models/bank-sync.d.ts`, when defining TypeScript types for data received from the server, maintain the field names as they are in the server response, even if they don't follow TypeScript naming conventions.

Applied to files:

  • packages/loot-core/package.json
  • packages/loot-core/src/mocks/util.ts
  • packages/sync-server/package.json
📚 Learning: in the schema definitions in `packages/loot-core/src/server/aql/schema/index.ts`, field definitions ... 
Learnt from: matt-fidd
PR: actualbudget/actual#4141
File: packages/loot-core/src/server/aql/schema/index.ts:145-145
Timestamp: 2025-01-12T20:26:15.249Z
Learning: In the schema definitions in `packages/loot-core/src/server/aql/schema/index.ts`, field definitions should follow the existing pattern using only the common properties (`type`, `default`, `required`, `ref`) for consistency.

Applied to files:

  • packages/loot-core/package.json
📚 Learning: in `packages/loot-core/src/server/accounts/transaction-rules.ts`, the `stage` property can have lega... 
Learnt from: UnderKoen
PR: actualbudget/actual#3365
File: packages/loot-core/src/types/models/rule.d.ts:4-4
Timestamp: 2024-10-02T08:45:11.136Z
Learning: In `packages/loot-core/src/server/accounts/transaction-rules.ts`, the `stage` property can have legacy values `'cleanup'` and `'modify'`, which are converted to `'pre'`. The type remains `string` to accommodate these values and ensure correct usage.

Applied to files:

  • packages/loot-core/package.json
📚 Learning: in this repository we use minimatch v10, which provides the matcher as a named export; the correct i... 
Learnt from: MatissJanis
PR: actualbudget/actual#5147
File: .github/scripts/count-points.mjs:1-2
Timestamp: 2025-06-13T16:22:22.928Z
Learning: In this repository we use minimatch v10, which provides the matcher as a named export; the correct import form is `import { minimatch } from 'minimatch'`, not a default import.

Applied to files:

  • packages/loot-core/package.json
  • packages/api/package.json
  • packages/sync-server/package.json
📚 Learning: in `packages/loot-core/src/platform/server/fs/index.web.ts`, errors are already handled in other loc... 
Learnt from: tlesicka
PR: actualbudget/actual#3689
File: packages/loot-core/src/platform/server/fs/index.web.ts:319-340
Timestamp: 2024-10-25T05:04:40.902Z
Learning: In `packages/loot-core/src/platform/server/fs/index.web.ts`, errors are already handled in other locations, so additional error handling in `copyFile` is unnecessary.

Applied to files:

  • packages/loot-core/src/mocks/util.ts
📚 Learning: in `packages/loot-core/src/server/backups.web.ts`, developers prefer to keep the error handling for ... 
Learnt from: tlesicka
PR: actualbudget/actual#3689
File: packages/loot-core/src/server/backups.web.ts:203-207
Timestamp: 2024-10-24T05:09:44.115Z
Learning: In `packages/loot-core/src/server/backups.web.ts`, developers prefer to keep the error handling for cloud storage uploads inline rather than extracting it into a separate function. Avoid suggesting this refactoring in future reviews.

Applied to files:

  • packages/loot-core/src/mocks/util.ts
📚 Learning: in `packages/loot-core/src/platform/server/fs/index.web.ts`, the `getmodifiedtime` function is not u... 
Learnt from: tlesicka
PR: actualbudget/actual#3689
File: packages/loot-core/src/platform/server/fs/index.web.ts:377-385
Timestamp: 2024-10-24T04:33:06.425Z
Learning: In `packages/loot-core/src/platform/server/fs/index.web.ts`, the `getModifiedTime` function is not used on the web platform.

Applied to files:

  • packages/loot-core/src/mocks/util.ts
📚 Learning: in `packages/loot-core/src/server/main.ts`, when handling errors, the error properties `error_code` ... 
Learnt from: matt-fidd
PR: actualbudget/actual#3581
File: packages/loot-core/src/server/main.ts:1188-1198
Timestamp: 2024-10-25T00:12:14.939Z
Learning: In `packages/loot-core/src/server/main.ts`, when handling errors, the error properties `error_code` and `error_type` may already be mapped to `code` and `category` before being passed to `handleSyncError`.

Applied to files:

  • packages/loot-core/src/mocks/util.ts
  • packages/sync-server/package.json
📚 Learning: in `packages/loot-core/src/server/accounts/rules.test.ts`, prefer explicit action definitions over r... 
Learnt from: jfdoming
PR: actualbudget/actual#3641
File: packages/loot-core/src/server/accounts/rules.test.ts:524-536
Timestamp: 2024-10-12T19:13:25.005Z
Learning: In `packages/loot-core/src/server/accounts/rules.test.ts`, prefer explicit action definitions over refactoring similar actions into loops or helper functions, even when actions are similar.

Applied to files:

  • packages/loot-core/src/mocks/util.ts
📚 Learning: in `packages/loot-core/src/client/actions/account.ts`, within the `syncaccounts` function, the batch... 
Learnt from: matt-fidd
PR: actualbudget/actual#3581
File: packages/loot-core/src/client/actions/account.ts:180-194
Timestamp: 2024-11-04T00:34:13.035Z
Learning: In `packages/loot-core/src/client/actions/account.ts`, within the `syncAccounts` function, the batch sync request for SimpleFin accounts handles errors by returning error objects instead of throwing exceptions. Therefore, wrapping this block in a try-catch is unnecessary.

Applied to files:

  • packages/loot-core/src/mocks/util.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Build Docker image (alpine)
🔇 Additional comments (15)
packages/crdt/package.json (1)

26-27: TypeScript 5.9 bump – just make sure CI stays green
Nothing in this package.json suggests incompatibilities with the new compiler, and the repo is already on TS ≥ 5.8. If the full build/test matrix passes, this change is good to go.

packages/api/package.json (2)

27-27: Major upgrade to better-sqlite3 – validate native binary compatibility
better-sqlite3@12 ships new pre-built binaries and drops Node 18. For Node 20 CLI usage that’s fine, but for Electron (custom V8) builds you may need a fresh electron-rebuild.

  1. Run the sync-server and API integration tests on all platforms.
  2. Confirm the dist/migrations step still picks up the .node binary in build/Release (directory structure is unchanged but double-check).

34-35: TS 5.9 bump is benign here
Matches the workspace root version – no action required.

packages/desktop-electron/package.json (2)

107-108: TypeScript 5.9 – no concerns
The build pipeline already compiles against TS 5.x; bump looks fine.

93-94: No prebuilds directory in better-sqlite3@12.2.0—no filter update needed
The better-sqlite3 npm package v12.2.0 does not ship a prebuilds folder in its published distribution (it relies on prebuild-install at install time), so there’s nothing additional to exclude. The existing file filter already covers all shipped binaries; no changes are required.

Likely an incorrect or invalid review comment.

package.json (2)

57-58: Node 22 type definitions on a Node 20 runtime
@types/node@22 exposes APIs (e.g., fs.rmSync options) that are absent in Node 20. This can create false confidence at compile-time. Consider pinning to ^20 or add a note justifying the mismatch.

81-82: TS 5.9 root upgrade – 👍
Keeps workspace tooling in sync.

packages/loot-core/package.json (2)

27-28: better-sqlite3@12 – ensure matching type stubs
Runtime upgraded but @types/better-sqlite3 remains at 7.6.x. If the API surface hasn’t changed this is harmless; if compilation starts warning, bump stubs to 8.x (latest).

75-76: TS 5.9 bump – fine
No additional issues spotted.

packages/loot-core/src/mocks/util.ts (1)

71-71: LGTM - Improves type compatibility for Response constructor.

The explicit Uint8Array wrapper ensures strict type compatibility with the Response constructor, which is likely needed due to the TypeScript and better-sqlite3 version updates in this PR.

packages/sync-server/package.json (5)

45-45: Minor version updates look good.

The minor version updates for pluggy-sdk, @babel/core, @types packages, and TypeScript appear reasonable and should maintain backward compatibility.

Also applies to: 50-50, 53-53, 56-57, 59-60, 65-65

64-64: Verify supertest v7 compatibility in sync-server tests

Test files importing supertest:

  • packages/sync-server/src/secrets.test.js
  • packages/sync-server/src/app-sync.test.ts
  • packages/sync-server/src/app-admin.test.js

Please run the full test suite against supertest v7 and confirm that all request(app)…expect(...) calls still work as expected. Update any chaining or API usages if you encounter breaking changes.

32-32: Action Required: Confirm Node.js ≥18 and bcrypt v6 API Usage

bcrypt v6 drops support for Node.js ≤16, retains hashSync/compareSync (but deprecates them), and introduces ES syntax changes. Please verify:

  • packages/sync-server/package.json
    • engines.node is set to >=18
  • Synchronous calls still work as expected in:
    • packages/sync-server/src/accounts/password.js
    • packages/sync-server/src/account-db.js

Optional: consider migrating to the async hash/compare methods to avoid blocking the event loop.

33-33: better-sqlite3 v12 Usage Verified
All detected calls to new Database(), .exec(), and wrapper methods in packages/sync-server/src use core APIs that remain unchanged in v12. No deprecated or removed methods are in use.

• packages/sync-server/src/db.js – imports and instantiates Database
• packages/sync-server/src/sync-simple.js – calls db.exec(sql)

Please ensure your deployment environments meet the Node.js version requirement for better-sqlite3 v12 (Node ≥12).

39-39: express-rate-limit v8 compatibility verified

All occurrences of express-rate-limit in packages/sync-server use the default export and supported v8 options:

  • packages/sync-server/src/app.ts:
    • import on line 7
    • middleware on line 31 with windowMs, max, legacyHeaders, standardHeaders

These options and the default export signature remain valid in v8. No changes required.

✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai generate unit tests to generate unit tests for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

This was referenced Aug 6, 2025
Open
Draft
@matt-fidd matt-fidd merged commit 136ad05 into actualbudget:master Aug 6, 2025
26 checks passed
@matt-fidd matt-fidd deleted the deps/sync-server branch August 6, 2025 06:00
Johnn27 pushed a commit to Johnn27/actual that referenced this pull request Aug 12, 2025
@matt-fidd
♻️ bump sync-server dependencies (actualbudget#5497)
0e527ca 
* bcrypt 5.0.2 -> 6.0.0

* supertest 6.3.4 -> 7.1.4

* pluggy-sdk 0.70.1 -> 0.74.0

* types

* better-sqlite3 11.10.0 -> 12.2.0

* express-rate-limit 7.5.0 -> 8.0.1

* babel/core 7.27.1 -> 7.28.0

* typescript 5.8.3 -> 5.9.2

* node types

* note

* typechecker
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jfdoming jfdoming jfdoming approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file ✨ merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matt-fidd @jfdoming