[js] Pin axios to exact 1.7.7 across all workspaces ## Summary - Adds a root-le#514
Open
github-actions[bot] wants to merge 7 commits intomainfrom
Open
[js] Pin axios to exact 1.7.7 across all workspaces
## Summary
- Adds a root-le#514github-actions[bot] wants to merge 7 commits intomainfrom
github-actions[bot] wants to merge 7 commits intomainfrom
Conversation
Update public `js` sources with the latest code from the [public repository](https://github.com/lightsparkdev/js-sdk) main branch. This typically happens when new versions of the SDK are released and version updates need to be synced. The PR should be merged as soon as possible to avoid updates to webdev overwriting the changes in the js-sdk develop branch. --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Corey Martin <coreyn.martin@gmail.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Lightspark Eng <engineering@lightspark.com> GitOrigin-RevId: e763d6e6bed19b342e4c7b58a3d91a1a2cc8a71c
## Summary - Adds a root-level `resolutions` field in `js/package.json` to force all axios consumers (direct and transitive) to resolve to exactly `1.7.7` - Pins direct deps in ops, site, and uma-bridge from `^1.7.4` to exact `1.7.7` - Eliminates three separate axios versions (1.6.7, 1.6.8, 1.7.7) that were being installed due to transitive deps from `@slack/webhook`, `plaid`, and `wait-on` ## Why Multiple axios versions cause unpredictable hoisting in the `node-modules` linker — different workspaces could end up with different axios versions at runtime depending on install order. Pinning guarantees a single copy. ## Test plan - [x] `yarn why axios` confirms all 6 consumers resolve to `1.7.7` - [x] `yarn deps:check` (manypkg) passes - [x] `yarn install` succeeds - [x] `yarn format` passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> GitOrigin-RevId: fbcfeb70e0b84be5b50e9b383ce04acd7e5af635
Contributor
Author
|
The following public packages have changed files:
There are no existing changesets for this branch. If the changes in this PR should result in new published versions for the packages above please add a changeset. Any packages that depend on the planned releases will be updated and released automatically in a separate PR. Each changeset corresponds to an update in the CHANGELOG for the packages listed in the changeset. Therefore, you should add a changeset for each noteable package change that this PR contains. For example, if a PR adds two features - one feature for packages A and B and one feature for package C - you should add two changesets. One changeset for packages A and B and one changeset for package C, with a description of each feature. The feature description will end up being the CHANGELOG entry for the packages in the changeset. No releases planned. Last updated by commit 0480d15 |
## Summary - Adds a new **Overview** tab as the first tab on the Payouts page, showing a dashboard of payout metrics for the last 7 days - **Status tables**: two side-by-side cards showing payout counts by status (Completed, Processing, Pending, Rejected, Failed) split by platform vs customer payouts - **Stat + chart cards**: three cards combining headline numbers with Origin `LineChart` trend graphs — total payouts sent, total volume (grouped by sending currency), and completion rate - **Backend**: new `grid_payout_overview_stats` GraphQL query with SQLAlchemy aggregation, 10-second memcache TTL - **Refactored** `sla_metrics_cache` into a generic `grid_dashboard_cache` with configurable namespace and TTL, so both SLA metrics and payout overview share the same caching infrastructure ## Test plan - [ ] Navigate to `/grid/payouts` and verify it redirects to the Overview tab - [ ] Verify status tables show correct counts for platform and customer payouts - [ ] Create new payouts and verify they appear in status tables within ~10 seconds - [ ] Verify line charts show 7-day trends including today's data - [ ] Verify volume card shows per-currency breakdown when multiple currencies are used - [ ] Verify loading spinner shows while data is fetching - [ ] Verify completion rate shows 100% on days with no payouts - [ ] Run backend tests: `env -u QUART_CONFIG uv run pytest sparkcore/graphql/objects/grid_dashboard/tests/test_grid_payout_overview_stats.py -v` <img width="1366" height="753" alt="Screenshot 2026-03-31 at 2 23 05 PM" src="https://github.com/user-attachments/assets/783120df-3576-4d88-91fd-5f5987a6263d" /> 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> GitOrigin-RevId: 72a966c68f12e3c24ed270626abc9b4b1bc80bcc
## Summary - Upgrade Yarn 4.5.0 → 4.13.0 (feature introduced in 4.10.0) - Enable `npmMinimalAgeGate: 720` (12 hours) to block resolution of recently-published npm packages, mitigating typosquatting, account takeover, and dependency confusion attacks - Preapprove `@lightsparkdev/*` packages via `npmPreapprovedPackages` so internal workspace dependencies are unaffected Mirrors lightsparkdev/spark#5955 for the webdev JS monorepo. ## Test plan - [x] `yarn config get npmMinimalAgeGate` returns `720` - [x] `yarn config get npmPreapprovedPackages` returns `["@lightsparkdev/*"]` - [x] `yarn install` succeeds with all current lockfile packages (all >12h old) - [x] `yarn --version` returns `4.13.0` - [x] Pre-commit hooks pass (install + format) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> GitOrigin-RevId: ab033a03d7899b8c962e396f9e175b3f08f2fded
## Summary Merges the `gql-codegen` turbo invocation into the main checks turbo run, allowing it to execute in parallel with `format`, `circular-deps`, `package:checks`, and the `^build` dependencies that `lint`/`test` need. Also adds explicit `gql-codegen` as a `dependsOn` for `lint`, `test`, `types`, and `circular-deps` in turbo.json to ensure correctness — these tasks need the generated files from codegen. **Before:** ``` yarn deps:check && turbo gql-codegen && turbo run lint format test circular-deps package:checks ``` gql-codegen (~56s) blocks everything — format, circular-deps, package:checks all wait. **After:** ``` yarn deps:check && turbo run gql-codegen lint format test circular-deps package:checks ``` Turbo schedules all tasks optimally. Tasks that need codegen (lint, test, types, circular-deps) explicitly depend on it in turbo.json. Tasks that don't (format, package:checks) start immediately. ## Local benchmarks (interleaved, 10 pairs) Fair A/B comparison — each pair runs sequential then parallel back-to-back under identical cache conditions: | Pair | Sequential | Parallel | Saved | |------|-----------|----------|-------| | 1 | 3m 58s | 3m 31s | 26s | | 2 | 3m 57s | 3m 15s | 42s | | 3 | 4m 28s | 3m 36s | 51s | | 4 | 3m 58s | 2m 51s | 1m 07s | | 5 | 3m 41s | 3m 01s | 40s | | 6 | 3m 36s | 2m 36s | 59s | | 7 | 3m 28s | 2m 35s | 52s | | 8 | 4m 06s | 3m 08s | 58s | | 9 | 3m 50s | 3m 03s | 47s | | 10 | 3m 44s | 2m 59s | 44s | | **mean** | **3m 52s** | **3m 03s** | **49s (21%)** | | **median** | **3m 57s** | **3m 03s** | **51s** | **Parallel wins 10/10 pairs.** Also more consistent (1m range vs 1m 33s). ## CI validation (2 runs on 8-core ARM) | Metric | Sequential baseline | Parallel | |--------|-------------------|----------| | yarn checks | 3m 35s | 2m 43s | | check job | 5m 25s | 4m 21s | ## Test plan - [x] `yarn checks` passes in CI - [x] gql generated code check still passes - [x] Verified via `--dry` that lint/test/types/circular-deps depend on gql-codegen in correct workspaces - [x] Verified via verbose build that ops:gql-codegen completes before ops:lint starts - [x] Local interleaved benchmark: 10/10 pairs faster, mean 49s saved 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> GitOrigin-RevId: 311c089549739aea21310be574d328069eef79ae
GitOrigin-RevId: 956a78dde007ff4fd85723fd55b7a9e6d39546ee
## Summary - Increases `npmMinimalAgeGate` in `.yarnrc.yml` from 720 minutes (12 hours) to 1440 minutes (24 hours) - This raises the minimum time-since-publish safety gate for npm packages to 24 hours ## Test plan - [x] `yarn install` succeeds with the new config value - [x] Formatting checks pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> GitOrigin-RevId: 7df42c1fcc23f73b5a31f8cf6ae892740e9f34d2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If this change should result in new package versions please add a changeset before merging. You can do so by clicking the link provided by changeset bot below.