fix(worker): Fix type error

[brendan-kellam]

In #1092, we added a resolution for path-to-regexp to pin all versions to 8.4.0. The problem is express depended on version 0.1.12, which caused this type error:

[backend] | /app/node_modules/express/lib/router/layer.js:45
[backend] |   this.regexp = pathRegexp(path, this.keys = [], opts);
[backend] |                 ^
[backend] | 2026-04-03T17:02:46.748Z info: [audit-log-pruner] Audit log pruner started. Retaining logs for 180 days.
[backend] |     at app.lazyrouter (/app/node_modules/express/lib/application.js:151:18)
[backend] |     at app.use (/app/node_modules/express/lib/application.js:221:8)
[backend] |     at new Api (file:///app/packages/backend/dist/api.js:23:13)
[backend] |     at file:///app/packages/backend/dist/index.js:68:13

The fix is to add separate resolutions for specifically 0.1.12 and ^8

Summary by CodeRabbit

• Bug Fixes

  • Fixed a TypeError in the worker that prevented proper execution.

• Chores

  • Updated dependency resolutions for enhanced compatibility.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 07393fa7-650b-4771-b7ea-8897dcb55094

📥 Commits

Reviewing files that changed from the base of the PR and between 41bfc3b and b836500.

📒 Files selected for processing (1)

• CHANGELOG.md

---

Walkthrough

Updated Yarn resolutions in package.json to expand path-to-regexp overrides: added a specific pin for path-to-regexp@0.1.12 → 0.1.13 while retaining the existing path-to-regexp@^8 → ^8.4.0. Also added a Fixed entry in CHANGELOG.md referencing a worker TypeError fix.

Changes

Cohort / File(s)	Summary
Dependency Resolutions package.json	Expanded Yarn resolutions for path-to-regexp to include path-to-regexp@0.1.12: 0.1.13 and path-to-regexp@^8: ^8.4.0.
Changelog CHANGELOG.md	Added ### Fixed entry under ## [Unreleased] noting a worker TypeError: pathRegexp is not a function fix (PR #1093).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Possibly related PRs

• chore(deps): bump transitive dependencies #1092 — Also modifies package.json Yarn resolutions for path-to-regexp (related resolution changes for @^8).

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title mentions fixing a type error in a worker, but the actual changes only modify package.json dependency resolutions for path-to-regexp, with no visible type error fixes or worker-related code changes.	Update the title to accurately describe the dependency resolution change, such as 'chore(deps): Add yarn resolution for path-to-regexp versions' or verify the PR scope matches the stated objective.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bkellam/fix-type-error

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

License Audit

⚠️ Status: PASS

Metric	Count
Total packages	2123
Resolved (non-standard)	33
Unresolved	0
Strong copyleft	0
Weak copyleft	27

Weak Copyleft Packages (informational)

Package	Version	License
@img/sharp-libvips-darwin-arm64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-darwin-arm64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-darwin-x64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-darwin-x64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm	1.0.5	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-ppc64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-riscv64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-s390x	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-s390x	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-x64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-x64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-arm64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-arm64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-x64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-x64	1.2.4	LGPL-3.0-or-later
@img/sharp-wasm32	0.33.5	Apache-2.0 AND LGPL-3.0-or-later AND MIT
@img/sharp-wasm32	0.34.5	Apache-2.0 AND LGPL-3.0-or-later AND MIT
@img/sharp-win32-arm64	0.34.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-ia32	0.33.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-ia32	0.34.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-x64	0.33.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-x64	0.34.5	Apache-2.0 AND LGPL-3.0-or-later
axe-core	4.10.3	MPL-2.0
dompurify	3.3.1	(MPL-2.0 OR Apache-2.0)

Resolved Packages (33)

Package	Version	Original	Resolved	Source
@img/sharp-wasm32	0.33.5	Apache-2.0 AND LGPL-3.0-or-later AND MIT	Apache-2.0 AND LGPL-3.0-or-later AND MIT	valid SPDX compound expression
@img/sharp-wasm32	0.34.5	Apache-2.0 AND LGPL-3.0-or-later AND MIT	Apache-2.0 AND LGPL-3.0-or-later AND MIT	valid SPDX compound expression
@img/sharp-win32-arm64	0.34.5	Apache-2.0 AND LGPL-3.0-or-later	Apache-2.0 AND LGPL-3.0-or-later	valid SPDX compound expression
@img/sharp-win32-ia32	0.33.5	Apache-2.0 AND LGPL-3.0-or-later	Apache-2.0 AND LGPL-3.0-or-later	valid SPDX compound expression
@img/sharp-win32-ia32	0.34.5	Apache-2.0 AND LGPL-3.0-or-later	Apache-2.0 AND LGPL-3.0-or-later	valid SPDX compound expression
@img/sharp-win32-x64	0.33.5	Apache-2.0 AND LGPL-3.0-or-later	Apache-2.0 AND LGPL-3.0-or-later	valid SPDX compound expression
@img/sharp-win32-x64	0.34.5	Apache-2.0 AND LGPL-3.0-or-later	Apache-2.0 AND LGPL-3.0-or-later	valid SPDX compound expression
@react-grab/cli	0.1.23	UNKNOWN	MIT	MIT LICENSE file found inside published npm tarball; not declared in package.json license field but present in tarball (copyright 2025 Aiden Bai)
@react-grab/cli	0.1.29	UNKNOWN	MIT	MIT LICENSE file found inside published npm tarball (https://registry.npmjs.org/@react-grab/cli/-/cli-0.1.29.tgz); not declared in package.json license field (copyright 2025 Aiden Bai)
@react-grab/mcp	0.1.29	UNKNOWN	MIT	MIT LICENSE file found inside published npm tarball (https://registry.npmjs.org/@react-grab/mcp/-/mcp-0.1.29.tgz); not declared in package.json license field (copyright 2025 Aiden Bai)
@sentry/cli	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	npm registry (confirmed valid SPDX identifier; Functional Source License v1.1 with MIT fallback after 2 years)
@sentry/cli-darwin	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	npm registry (confirmed valid SPDX identifier; Functional Source License v1.1 with MIT fallback after 2 years)
@sentry/cli-linux-arm	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	npm registry (confirmed valid SPDX identifier; Functional Source License v1.1 with MIT fallback after 2 years)
@sentry/cli-linux-arm64	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	npm registry (confirmed valid SPDX identifier; Functional Source License v1.1 with MIT fallback after 2 years)
@sentry/cli-linux-i686	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	npm registry (confirmed valid SPDX identifier; Functional Source License v1.1 with MIT fallback after 2 years)
@sentry/cli-linux-x64	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	npm registry (confirmed valid SPDX identifier; Functional Source License v1.1 with MIT fallback after 2 years)
@sentry/cli-win32-arm64	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	npm registry (confirmed valid SPDX identifier; Functional Source License v1.1 with MIT fallback after 2 years)
@sentry/cli-win32-i686	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	npm registry (confirmed valid SPDX identifier; Functional Source License v1.1 with MIT fallback after 2 years)
@sentry/cli-win32-x64	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	npm registry (confirmed valid SPDX identifier; Functional Source License v1.1 with MIT fallback after 2 years)
codemirror-lang-elixir	4.0.0	UNKNOWN	Apache-2.0	npm registry (top-level license field on package metadata)
dompurify	3.3.1	(MPL-2.0 OR Apache-2.0)	(MPL-2.0 OR Apache-2.0)	valid SPDX compound expression (dual-licensed; Apache-2.0 option available)
element-source	0.0.3	UNKNOWN	MIT	MIT LICENSE file found inside published npm tarball (https://registry.npmjs.org/element-source/-/element-source-0.0.3.tgz); not declared in package.json license field (copyright 2026 Aiden Bai)
json-schema	0.4.0	(AFL-2.1 OR BSD-3-Clause)	(AFL-2.1 OR BSD-3-Clause)	valid SPDX compound expression
lezer-elixir	1.1.2	UNKNOWN	Apache-2.0	npm registry (top-level license field on package metadata)
map-stream	0.1.0	UNKNOWN	MIT	npm registry (license field in package metadata)
memorystream	0.3.1	UNKNOWN	MIT	GitHub repository LICENSE file (https://github.com/JSBizon/node-memorystream)
pause-stream	0.0.11	["MIT","Apache2"]	MIT AND Apache-2.0	extracted from license array; confirmed dual MIT/Apache-2.0 via GitHub LICENSE file (https://github.com/dominictarr/pause-stream)
posthog-js	1.345.5	SEE LICENSE IN LICENSE	Apache-2.0	GitHub repository LICENSE file (https://github.com/PostHog/posthog-js)
type-fest	0.7.1	(MIT OR CC0-1.0)	(MIT OR CC0-1.0)	valid SPDX compound expression
type-fest	0.20.2	(MIT OR CC0-1.0)	(MIT OR CC0-1.0)	valid SPDX compound expression
type-fest	5.3.1	(MIT OR CC0-1.0)	(MIT OR CC0-1.0)	valid SPDX compound expression
valid-url	1.0.9	UNKNOWN	MIT	GitHub repository LICENSE file (https://github.com/ogt/valid-url)
victory-vendor	36.9.2	MIT AND ISC	MIT AND ISC	valid SPDX compound expression