chore: update Request Network SDK dependencies

[MantisClone]

Towards https://github.com/RequestNetwork/private-issues/issues/134

Changes

Update Request Network SDK dependencies

Summary by CodeRabbit

• New Features

  • Updated dependencies across multiple packages to enhance functionality and performance.

• Bug Fixes

  • Resolved potential issues by upgrading to more stable versions of key dependencies.

• Chores

  • Updated specific dependency versions in @requestnetwork/web-components, @requestnetwork/create-invoice-form, @requestnetwork/invoice-dashboard, and @requestnetwork/payment-widget packages for improved stability and compatibility.

[coderabbitai]

Walkthrough

The pull request includes updates to the package.json files across multiple packages within the @requestnetwork project. These updates primarily involve changes to the dependencies section, where specific package versions have been altered to reflect minor and major version upgrades. The changes include moving from caret versioning to fixed versioning for some dependencies, ensuring that exact versions are used for consistency.

Changes

File Path	Change Summary
package.json	Updated dependency: @requestnetwork/currency from ^0.18.0 to 0.19.0.
packages/create-invoice-form/package.json	Updated dependencies: @requestnetwork/data-format from ^0.19.0 to 0.19.1, @requestnetwork/request-client.js from 0.47.1-next.2043 to 0.50.0.
packages/invoice-dashboard/package.json	Updated dependencies: @requestnetwork/payment-detection from 0.43.1-next.2043 to 0.45.1, @requestnetwork/payment-processor from 0.45.1-next.2043 to 0.48.0, @requestnetwork/request-client.js from 0.47.1-next.2043 to 0.50.0.
packages/payment-widget/package.json	Updated dependencies: @requestnetwork/payment-processor from ^0.47.0 to 0.48.0, @requestnetwork/request-client.js from ^0.50.0 to 0.50.0, @requestnetwork/web3-signature from ^0.8.0 to 0.8.1.

Possibly related PRs

• chore: increase version for V2 release #84: The changes in the package.json for @requestnetwork/create-invoice-form involve version updates, which may relate to dependency management practices similar to the main PR's update of @requestnetwork/currency.
• fix: remove local deps from package.jsons #88: This PR updates the version of the @requestnetwork/create-invoice-form package, indicating a focus on version control across related packages.
• chore: invoice-dashboard 0.6.1 #104: The version increment in the @requestnetwork/invoice-dashboard package's package.json reflects a similar dependency management approach as seen in the main PR.
• chore: increase package size for release #125: This PR also updates the version number for @requestnetwork/create-invoice-form, indicating a consistent practice of version management across related packages.
• chore: increase payment-widget version #145: The version update for @requestnetwork/payment-widget aligns with the main PR's focus on managing package versions, suggesting a broader context of version control within the project.
• chore: upgrade sdk version #187: The version update for @requestnetwork/payment-widget in this PR reflects ongoing version management practices that are consistent with the changes made in the main PR.

Suggested reviewers

• rodrigopavezi
• sstefdev

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between b580e26 and 7b401b4.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• packages/payment-widget/package.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/payment-widget/package.json

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (3)

package.json (1)

30-30: Document the versioning strategy change

The switch from caret (^0.18.0) to fixed (0.19.0) versioning suggests a more strict version control strategy. Consider documenting this change in the repository's documentation.

Consider adding a note in the README or CONTRIBUTING guide about the versioning strategy for Request Network dependencies, especially if this is going to be the standard approach moving forward.

packages/create-invoice-form/package.json (1)

36-37: Consider adopting a consistent versioning strategy

The dependencies mix fixed versions (@requestnetwork/*) with caret versions (other deps). Consider:

1. Using fixed versions for all @RequestNetwork packages to ensure consistent behavior
2. Using caret versions for better future compatibility
3. Document the chosen strategy in the repository

packages/payment-widget/package.json (1)

59-61: Consider documenting the version pinning strategy

The removal of caret versioning (^) indicates a shift towards strict version control. While this provides better stability, it requires more frequent manual updates.

Consider:

1. Documenting this versioning strategy in the repository
2. Setting up automated dependency update workflows (e.g., Dependabot) with appropriate update intervals
3. Adding a CONTRIBUTING.md section about dependency management

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 10fab8b and e5dbd0e.

📒 Files selected for processing (4)

• package.json (1 hunks)
• packages/create-invoice-form/package.json (1 hunks)
• packages/invoice-dashboard/package.json (1 hunks)
• packages/payment-widget/package.json (1 hunks)

🔇 Additional comments (7)

package.json (1)

30-30: Verify version compatibility across workspace packages

The change from ^0.18.0 to 0.19.0 for @requestnetwork/currency needs to be consistent with other Request Network SDK updates mentioned in the summary (like [email protected]).

✅ Verification successful

The previous results show various Request Network dependencies across workspace packages, but we need to:

1. Verify if @requestnetwork/currency is used in other workspace packages
2. Check the actual resolved version in package-lock.json to ensure compatibility

This will help us determine if the version update to 0.19.0 is consistent with the ecosystem.

---

Version update to @requestnetwork/[email protected] appears compatible

The dependency update is consistent with the ecosystem:

• The currency package is used across multiple components (payment-widget, invoice-dashboard, shared utils)
• Other Request Network dependencies are on compatible versions ([email protected], [email protected])
• The switch from ^0.18.0 to 0.19.0 aligns with the fixed versioning used by other dependencies

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check version consistency across workspace packages

# Find all package.json files in workspace packages
echo "Checking @requestnetwork dependencies across all packages..."
fd package.json packages/ shared/ -x jq -r '.dependencies | select(. != null) | with_entries(select(.key | startswith("@requestnetwork"))) | to_entries[] | "\(.key): \(.value)"'

Length of output: 636

---

Script:

#!/bin/bash
# Check if @requestnetwork/currency is used in other workspace packages
echo "Checking for @requestnetwork/currency usage in workspace packages..."
rg "@requestnetwork/currency" packages/ shared/ -l

# Check the version constraints in package-lock.json
echo -e "\nChecking package-lock.json for @requestnetwork/currency resolution..."
jq -r '.. | select(.name? == "@requestnetwork/currency") | {name, version}' package-lock.json

Length of output: 620

packages/create-invoice-form/package.json (1)

37-37: Verify breaking changes in request-client.js major version upgrade

The upgrade from 0.47.1-next.2043 to 0.50.0 is a significant jump that might include breaking changes.

Let's check the changelog and related dependencies:

✅ Verification successful

The previous results show that multiple packages are using request-client.js at version 0.50.0, suggesting a coordinated upgrade. Let's analyze the actual usage patterns to understand the impact of the upgrade.

---

Version upgrade appears safe to proceed

The analysis shows that the upgrade to request-client.js 0.50.0 is already coordinated across multiple packages:

• payment-widget and invoice-dashboard are already using version 0.50.0
• The usage patterns are consistent across packages, primarily using Types, Utils, and RequestNetwork initialization
• The initialization patterns show standard configuration that hasn't changed significantly
• All dependent packages are being upgraded together, maintaining version consistency

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for breaking changes and related dependencies

# Search for changelog files
echo "Searching for changelog files..."
fd -i changelog

# Check for other Request Network dependencies that might need synchronized updates
echo "Checking for other Request Network dependencies..."
rg "@requestnetwork/" -A 1 -g "package.json"

# Look for migration guides or upgrade documentation
echo "Searching for migration guides..."
rg -i "migration|upgrade|breaking.?changes" -g "*.md"

Length of output: 3110

---

Script:

#!/bin/bash
# Let's check for any usage patterns of request-client.js to understand potential breaking changes

# Search for imports and usage of request-client.js
echo "Checking request-client.js usage patterns..."
rg "from ['|\"]@requestnetwork/request-client\.js['|\"]" -B 1 -A 3

# Check package-lock.json for version history
echo "Checking package-lock.json for version history..."
rg '"@requestnetwork/request-client\.js"' -A 5 package-lock.json

# Look for any configuration or initialization patterns
echo "Checking RequestNetwork initialization patterns..."
ast-grep --pattern 'new RequestNetwork($$$)'

Length of output: 8047

packages/payment-widget/package.json (2)

59-61: Verify compatibility between Request Network SDK packages

The updates show significant version changes and a shift from flexible to strict versioning:

• Moving from pre-release (next.2088) to stable release
• Major version jumps (0.47 → 0.49, 0.49.1 → 0.50.0)
• Removal of caret versioning

Let's verify the compatibility and check for breaking changes:

#!/bin/bash
# Description: Check for breaking changes in the changelog and verify package compatibility

# Check for breaking changes in changelogs or release notes
echo "Checking for breaking changes in recent releases..."
for pkg in "payment-processor" "request-client.js" "web3-signature"; do
  echo "=== Checking $pkg ==="
  # Look for BREAKING CHANGE or similar keywords in recent commits
  gh api graphql -f query='
  {
    repository(owner: "RequestNetwork", name: "requestnetwork") {
      releases(first: 5, orderBy: {field: CREATED_AT, direction: DESC}) {
        nodes {
          tagName
          description
        }
      }
    }
  }' | jq -r '.data.repository.releases.nodes[] | select(.description | contains("BREAKING") or contains("breaking"))'
done

# Check if these versions are used consistently across the monorepo
echo "Checking version consistency across packages..."
fd -t f "package.json" -x grep -l "@requestnetwork/payment-processor\|@requestnetwork/request-client.js\|@requestnetwork/web3-signature"

---

60-60: Verify the stability of the new request-client.js version

Moving from a pre-release version (^0.49.1-next.2088) to a stable version (0.50.0) is a significant change.

Let's verify the stability of this release:

✅ Verification successful

Version 0.50.0 appears to be consistently used across packages

The verification shows that version 0.50.0 of @requestnetwork/request-client.js is consistently used across multiple packages in the repository, suggesting it's a stable and coordinated upgrade. All packages that use this dependency (create-invoice-form, payment-widget, and invoice-dashboard) are aligned on the same version, which indicates a deliberate and well-planned version bump rather than an unstable change.

The lack of recent commits mentioning this package and absence of breaking change documentation suggests this is a routine version update that has been properly tested across the dependent packages.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the stability of request-client.js v0.50.0

# Check the release timeline and adoption
echo "Checking release timeline..."
gh api graphql -f query='
{
  repository(owner: "RequestNetwork", name: "requestnetwork") {
    release(tagName: "v0.50.0") {
      publishedAt
      description
    }
  }
}' | jq -r '.data.repository.release'

# Check for recent issues or bugs reported
echo "Checking for recent issues..."
gh api graphql -f query='
{
  repository(owner: "RequestNetwork", name: "requestnetwork") {
    issues(first: 10, states: OPEN, orderBy: {field: CREATED_AT, direction: DESC}) {
      nodes {
        title
        body
        createdAt
      }
    }
  }
}' | jq -r '.data.repository.issues.nodes[] | select(.title | contains("0.50.0") or contains("request-client"))'

Length of output: 1186

---

Script:

#!/bin/bash
# Let's try a different approach to verify the package stability

# Check package.json files for version usage patterns
echo "Checking version usage across packages..."
fd -t f package.json -x cat {} \; | grep -A 1 '"@requestnetwork/request-client.js":'

# Check git history for recent changes related to this dependency
echo -e "\nChecking recent commits mentioning this package..."
git log --since="3 months ago" --grep="request-client" --pretty=format:"%h %as %s"

# Check for any breaking changes or migration guides in docs
echo -e "\nChecking for migration guides or breaking changes..."
fd -t f -e md | xargs grep -l -i "breaking.* change\|migration\|upgrade" 2>/dev/null

# Look for test files that might indicate integration testing
echo -e "\nChecking for related test files..."
fd -t f -e test.ts -e test.js -e spec.ts -e spec.js | grep -i "request-client"

Length of output: 1013

packages/invoice-dashboard/package.json (3)

40-42: Good transition from pre-release to stable versions

Moving from -next.2043 pre-release versions to stable releases is a positive change that improves reliability and maintainability.

---

40-42: Verify version alignment across packages

Let's ensure these dependency versions are aligned with other packages in the monorepo to maintain consistency.

#!/bin/bash
# Description: Check version alignment across packages

echo "Checking version alignment across packages..."
fd package.json -x jq -r 'select(.dependencies != null) | 
  .dependencies | with_entries(select(.key | startswith("@requestnetwork"))) | 
  to_entries[] | "\(.key): \(.value)"' {} \;

---

40-42: Verify breaking changes in major version updates

The significant version jumps (e.g., payment-processor 0.45 → 0.49) could introduce breaking changes. Let's verify the changelogs and ensure compatibility.

✅ Verification successful

Based on the code usage analysis, I can now generate a final response:

Dependency updates appear safe to proceed

The codebase uses these packages in a stable manner:

• @requestnetwork/request-client.js is primarily used for its Types and Utils exports
• @requestnetwork/payment-processor is used for specific payment functions
• @requestnetwork/payment-detection has no direct usage found in the codebase

The transition from pre-release versions to stable releases is a positive change, and the usage patterns suggest these are type-safe imports that are unlikely to be affected by breaking changes in minor version updates.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for breaking changes in the updated dependencies

# Fetch release notes for payment-processor between 0.45.1 and 0.49.0
echo "Checking @requestnetwork/payment-processor changes..."
gh api repos/RequestNetwork/requestnetwork/releases \
  --jq '.[] | select(.tag_name >= "v0.45.1" and .tag_name <= "v0.49.0") | {version: .tag_name, body: .body}'

# Fetch release notes for request-client.js between 0.47.1 and 0.50.0
echo "Checking @requestnetwork/request-client.js changes..."
gh api repos/RequestNetwork/requestnetwork/releases \
  --jq '.[] | select(.tag_name >= "v0.47.1" and .tag_name <= "v0.50.0") | {version: .tag_name, body: .body}'

Length of output: 743

---

Script:

#!/bin/bash
# Let's try a different approach to check for breaking changes
# First, let's check the usage of these packages in the codebase

# Check how payment-processor is used
echo "=== Payment Processor Usage ==="
rg --type ts --type js "@requestnetwork/payment-processor" -B 2 -A 2

echo -e "\n=== Request Client Usage ==="
rg --type ts --type js "@requestnetwork/request-client.js" -B 2 -A 2

echo -e "\n=== Payment Detection Usage ==="
rg --type ts --type js "@requestnetwork/payment-detection" -B 2 -A 2

# Let's also check package-lock.json for any peer dependency requirements
echo -e "\n=== Checking package-lock.json for dependency requirements ==="
fd package-lock.json --exec jq -r '.packages | 
  .["node_modules/@requestnetwork/payment-processor"], 
  .["node_modules/@requestnetwork/request-client.js"],
  .["node_modules/@requestnetwork/payment-detection"] | 
  select(. != null) | 
  {name: .name, version: .version, peerDependencies: .peerDependencies}'

Length of output: 4254

[rodrigopavezi]

looks good 👍