Skip to content

chore: update all dependencies to latest (Jun 4, 2026), pin Node 24.16.0#18

Merged
billyribeiro-ux merged 10 commits into
mainfrom
claude/update-dependencies-stack-docs-nffxp
Jun 4, 2026
Merged

chore: update all dependencies to latest (Jun 4, 2026), pin Node 24.16.0#18
billyribeiro-ux merged 10 commits into
mainfrom
claude/update-dependencies-stack-docs-nffxp

Conversation

@billyribeiro-ux

@billyribeiro-ux billyribeiro-ux commented Jun 4, 2026

Copy link
Copy Markdown
Owner

Summary

Updates every package, library, and dependency across all stacks to its latest stable release as of June 4, 2026, with Node.js pinned to 24.16.0 everywhere (Dockerfiles, CI, and engines fields). Versions were resolved against the live npm registry, Packagist, crates.io, Docker Hub, and GitHub — not guessed.

A new stack.md documents the full technology stack and pinned versions.

Changes

Manifests (latest stable):

  • frontend/package.json — React 19, Vite 8, TypeScript 6, ESLint 10, TanStack Query, Radix, etc.
  • frontend-svelte/package.json — Svelte 5, SvelteKit 2, @sveltejs/vite-plugin-svelte 7
  • signaling/, sfu/, recorder/ package.json — Express 5, mediasoup 3.20.2, uuid 14, ioredis, pino…
  • backend/composer.json — Laravel 13, PHP ^8.5, Cashier 16, Scout 11, Pest 4, PHPUnit 13, spatie 8…
  • signaling-rs/Cargo.toml — redis 1, jsonwebtoken 10, reqwest 0.13

Node pinned to 24.16.0: all 5 Dockerfiles, every CI node-version, and every engines.node (>=24.16.0).

Infra / runtime: PHP 8.5, Postgres 18, Redis 8, Jaeger 1.76, Ubuntu 24.04 LTS, plus all GitHub Actions bumped to latest majors (checkout v6, setup-node v6, build-push v7, slack-github-action v3 with its updated input format, etc.).

Lockfiles: regenerated frontend/sfu/signaling locks; added locks for recorder (its Dockerfile uses npm ci) and frontend-svelte.

Docs: README, docs/ARCHITECTURE.md, DEPLOYMENT_GUIDE.md version references updated; added stack.md. (docs/TECH_STACK_AUDIT.md left untouched — it's a point-in-time audit narrative.)

⚠️ Major-version upgrades that may need code follow-up

These crossed major boundaries (declarations bumped per "latest, no exception"; app code not yet refactored):

  • ESLint 8 → 10 — flat config (eslint.config.js) migration may be needed
  • TypeScript 5 → 6
  • PHP 8.3 → 8.5 + Laravel deps (Cashier 15→16, Scout 10→11, predis 2→3, php-jwt 6→7, spatie permission 6→8 / activitylog 4→5 / query-builder 6→7, PHPUnit 11→13, Pest 3→4, Larastan 2→3) — run composer update + tests
  • Rust redis 0.29→1, jsonwebtoken 9→10, reqwest 0.12→0.13
  • uuid 13 → 14 (Node); slack-github-action v1 → v3 (input format updated in workflow)

https://claude.ai/code/session_01AMiTSxG8rB8FU8QgJ3Fnhs

Generated by Claude Code

claude added 10 commits June 4, 2026 14:15
@claude
chore: update all dependencies to latest (Jun 4, 2026), pin Node 24.16.0
831aeec 
- Bump every package across all stacks to latest stable as of 2026-06-04
  (React, Svelte, Node services, Laravel/PHP backend, Rust signaling)
- Pin Node.js to 24.16.0 everywhere: Dockerfiles, CI, package engines
- Update PHP to 8.5, Postgres 18, Redis 8, Jaeger 1.76, Ubuntu 24.04 LTS
- Update GitHub Actions to latest major versions
- Regenerate npm lockfiles; add locks for recorder & frontend-svelte
- Add stack.md documenting the full technology stack and versions
@claude
feat: install Svelte+Rust MCP, migration plan, backend-rs B0 + svelte F0
f2ba14b 
Tooling:
- Add project-scoped .mcp.json registering the official Svelte MCP server
  (@sveltejs/mcp) and the Rust MCP server (rust-mcp-server: clippy/fmt/check)
- Add MIGRATION_PLAN.md: L7 plan to move the entire frontend to Svelte 5/
  SvelteKit and rewrite the Laravel backend in Rust (Axum/Tokio/sqlx),
  with an MCP audit-as-you-go gate and a strangler-fig cutover

Backend B0 (backend-rs/): Cargo workspace, Axum app skeleton — typed config,
JSON tracing, Prometheus /metrics, lazy sqlx PgPool, health probes, RFC 7807
error type, graceful shutdown. cargo fmt + clippy -D warnings clean.

Frontend F0 (frontend-svelte/): migrate to adapter-node + SSR; cookie-based
BFF auth (hooks.server.ts, server API client, httpOnly session), runes auth
context (getter-based, SSR-safe), login form action + guarded dashboard.
svelte-check: 0 errors/0 warnings; all components pass svelte-autofixer.
@claude
feat(backend/frontend): B1 Rust auth + F1 Svelte auth shell
81efe52 
Backend B1 (backend-rs):
- domain User model + client-safe UserResponse projection
- sqlx repositories (runtime queries) for users + Sanctum-compatible
  personal_access_tokens (id|plaintext, SHA-256 at rest, constant-time compare)
- argon2id password hashing with transparent legacy-bcrypt verification+rehash
- AuthUser bearer extractor; /v1/auth register|login|logout|me|profile
- garde request validation; 0001_auth.sql migrations (users/orgs/members/PATs)
- gates: cargo fmt + clippy -D warnings clean; 3 unit tests pass

Frontend F1 (frontend-svelte):
- registration route (form action + zod) via BFF register(); links to login
- BFF api client gains register()
- svelte-check 0/0; components pass svelte-autofixer
@claude
feat(backend): B2 rooms + workspaces + organizations (CRUD + authz)
70ea176 
- domain Room/RoomStatus, Workspace, Organization models
- sqlx repos: rooms (list/count/public/find/create/update/delete),
  workspaces (find/list/create), organizations (memberships, list_for_user)
- org-membership authorization helpers (ensure_member / load_authorized)
- endpoints: /v1/rooms (CRUD + live/upcoming/public), /v1/workspaces,
  /v1/organizations; garde validation via From<garde::Report> on AppError
- 0002_rooms.sql migration (workspaces, workspace_members, rooms + enums)
- gates: cargo fmt + clippy -D warnings clean; tests pass
@claude
feat(frontend): F2 rooms UI — list + create (BFF, load + form actions)
cb5eb43 
- BFF client: listRooms/listWorkspaces/listOrganizations/createWorkspace/createRoom
- /rooms list page (authenticated load, status badges, empty state)
- /rooms/new: org/workspace-aware create flow (creates a workspace first if
  none exists, then the room) via named form actions + zod validation
- dashboard quick links
- svelte-check 0/0; new components pass svelte-autofixer
@claude
feat(backend): B3a chat + alerts (room-scoped CRUD)
817b3d5 
- shared http::guard (ensure_member / room_authorized); rooms.rs refactored onto it
- chat: GET/POST /v1/rooms/{id}/messages, DELETE /v1/messages/{id} (soft delete)
- alerts: GET/POST /v1/rooms/{id}/alerts, DELETE /v1/alerts/{id}
- domain ChatMessage/Alert (serde/sqlx rename for 'type'), repos, 0003 migration
- type/priority normalization; garde validation; org-membership authz
- gates: cargo fmt + clippy -D warnings clean
@claude
feat(backend): B3b analytics endpoints
d737c38 
- /v1/analytics/dashboard (room/workspace counts for the caller's orgs)
- /v1/analytics/rooms/{id} (participant + message stats; room-authorized)
- /v1/analytics/organization/{id} (room counts by status; member-only)
- db::analytics aggregation queries
- gates: cargo fmt + clippy -D warnings clean
@claude
feat(backend): B2.5 room lifecycle + signaling control-plane
dbd41b3 
- signaling: HS256 client-token mint + SFU control-plane client (reqwest),
  reusing signaling-rs idioms; teardown calls are best-effort (logged, non-fatal)
- room lifecycle: POST /v1/rooms/{room_id}/{start,end,join,leave,moderate},
  GET .../participants; mints per-participant signaling tokens on join
- sessions + participants repos/tables (0004 migration); reconnect-safe join
- room status transitions (mark_live/mark_ended); DELETE = soft-cancel
  (preserves history/recordings — never hard-delete)
- standardized /v1/rooms/{room_id} path param across all groups; added a
  router-conflict test so matchit issues fail in CI, not at runtime
- AppState gains a shared reqwest client + signaling/jwt config
- gates: cargo fmt + clippy -D warnings clean; 4 tests pass
@claude
feat(frontend): F2.5 live WebRTC room wired to the API
6c9ec52 
- split routes: /rooms/{id} = SSR detail page, /rooms/{id}/live = client-only room
- BFF proxies: POST /rooms/{id}/join (exchanges session cookie for a signaling
  token, never exposing the API token to JS) and POST /rooms/{id}/leave
- live room fetches its signaling token on mount, then connects via the existing
  framework-agnostic SignalingClient/MediaClient driven by Svelte 5 runes
- modernized $app/stores -> $app/state; waits for 'authenticated' before join
  (fixes the Phase-0 race); keepalive leave on unload
- BFF client gains getRoom/joinRoom/leaveRoom (+204 handling); signalingUrl helper
- svelte-check 0/0 (433 files); new components pass svelte-autofixer
@claude
feat(frontend): F3 account settings — profile edit
186f5cb 
- /settings -> /settings/profile redirect; /settings/profile (load + form action)
- edit name/display_name/avatar_url/timezone via BFF updateProfile (PUT /v1/auth/profile)
- SessionUser + BFF mapping gain timezone; dashboard links to settings
- svelte-check 0/0 (440 files); component passes svelte-autofixer
@billyribeiro-ux billyribeiro-ux merged commit 348d1c2 into main Jun 4, 2026
5 of 10 checks passed
@billyribeiro-ux billyribeiro-ux deleted the claude/update-dependencies-stack-docs-nffxp branch June 4, 2026 18:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@billyribeiro-ux @claude