chore(deps): remove dspyground from dependencies#80
Conversation
npm overrides don't work for global installs, so the next.js vulnerability warning persists. Since dspyground is optional tooling (not core CLI), remove it as a dependency. Users who need DSPyGround can install it separately: npm install -g dspyground This eliminates the CVE-2025-66478 warning during npm install -g aidevops.
WalkthroughThe PR removes the dspyground dependency from package.json and its Next.js version override, while adding documentation that clarifies DSPyGround is an optional tool installed separately from the aidevops CLI. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. 🧹 Recent nitpick comments
📜 Recent review detailsConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro 📒 Files selected for processing (2)
💤 Files with no reviewable changes (1)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello @marcusquinn, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a persistent Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
🤖 Augment PR SummarySummary: Removes Changes: Updates DSPyGround documentation to clarify it’s an optional tool that’s installed separately when needed. 🤖 Was this summary useful? React with 👍 or 👎 |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request effectively addresses a security vulnerability warning by removing the dspyground dependency. The changes are logical and well-justified: dspyground and its associated overrides are removed from package.json, and the documentation is updated to reflect that it's now an optional, separate installation. This is a clean solution for the issue affecting global installs. I have one minor suggestion to improve the new documentation note.
|
|
||
| DSPyGround is a visual prompt optimization playground powered by the GEPA (Genetic-Pareto Evolutionary Algorithm) optimizer. It provides an intuitive web interface for iterative prompt optimization with real-time feedback and multi-dimensional metrics. | ||
|
|
||
| **Note**: DSPyGround is an optional tool installed separately from the aidevops CLI. Install it when you need visual prompt optimization capabilities. |
There was a problem hiding this comment.
This note is a great addition for clarity. To make it even more helpful for the user, I suggest including the installation command directly within the note. This provides a complete, actionable instruction in one place.
| **Note**: DSPyGround is an optional tool installed separately from the aidevops CLI. Install it when you need visual prompt optimization capabilities. | |
| **Note**: DSPyGround is an optional tool installed separately from the aidevops CLI. You can install it via `npm install -g dspyground`. |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
🔍 Code Quality Report�[0;35m[MONITOR]�[0m Code Review Monitoring Report �[0;34m[INFO]�[0m Latest Quality Status: �[0;34m[INFO]�[0m Recent monitoring activity: 📈 Current Quality Metrics
Generated on: Wed Jan 14 01:59:41 UTC 2026 Generated by AI DevOps Framework Code Review Monitoring |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
1 participant
Summary
dspygroundfrom package.json dependenciesoverridessection (no longer needed)Why
npm
overridesdon't work for global installs (npm install -g), so the next.js CVE-2025-66478 vulnerability warning persists even with the override in place.Since dspyground is optional tooling for prompt optimization (not core CLI functionality), removing it as a dependency eliminates the security warning entirely.
Impact
npm install -g dspygroundnpm run dspy:*scripts still work for local development (they just call thedspygroundCLI)Testing
After merge and release:
npm install -g aidevops # Should no longer show next.js vulnerability warningCloses the vulnerability issue from v2.54.2.
Summary by CodeRabbit
Documentation
Chores
✏️ Tip: You can customize this high-level summary in your review settings.