📦 chore: Update Packages for Security & Remove Unnecessary (#10620)

* 🗑️ chore: Remove @microsoft/eslint-formatter-sarif from dependencies and update ESLint CI workflow - Removed @microsoft/eslint-formatter-sarif from package.json and package-lock.json. - Updated ESLint CI workflow to eliminate SARIF upload logic and related environment variables. * chore: Remove ts-jest from dependencies in jest.config and package files * chore: Update package dependencies to latest versions - Upgraded @rollup/plugin-commonjs from 25.0.2 to 29.0.0 across multiple packages. - Updated rimraf from 5.0.1 to 6.1.2 in packages/api, client, data-provider, and data-schemas. - Added new dependencies: @isaacs/balanced-match and @isaacs/brace-expansion in package-lock.json. - Updated glob from 8.1.0 to 13.0.0 and adjusted related dependencies accordingly. * chore: remove prettier-eslint dependency from package.json * chore: npm audit fix * fix: correct `getBasePath` import
2025-12-16 16:30:15 +01:00 · 2025-11-21 14:53:58 -05:00 · 2025-11-21 14:53:58 -05:00 · 3950b9ee53
commit 3950b9ee53
parent 1814c81888
10 changed files with 184 additions and 1681 deletions
--- a/.github/workflows/eslint-ci.yml
+++ b/.github/workflows/eslint-ci.yml
@ -35,8 +35,6 @@ jobs:

      # Run ESLint on changed files within the api/ and client/ directories.
      - name: Run ESLint on changed files
-        env:
-          SARIF_ESLINT_IGNORE_SUPPRESSED: "true"
        run: |
          # Extract the base commit SHA from the pull_request event payload.
          BASE_SHA=$(jq --raw-output .pull_request.base.sha "$GITHUB_EVENT_PATH")
@ -52,22 +50,10 @@ jobs:
          # Ensure there are files to lint before running ESLint
          if [[ -z "$CHANGED_FILES" ]]; then
            echo "No matching files changed. Skipping ESLint."
-            echo "UPLOAD_SARIF=false" >> $GITHUB_ENV
            exit 0
          fi

-          # Set variable to allow SARIF upload
-          echo "UPLOAD_SARIF=true" >> $GITHUB_ENV
-
          # Run ESLint
          npx eslint --no-error-on-unmatched-pattern \
            --config eslint.config.mjs \
-            --format @microsoft/eslint-formatter-sarif \
-            --output-file eslint-results.sarif $CHANGED_FILES || true
-
-      - name: Upload analysis results to GitHub
-        if: env.UPLOAD_SARIF == 'true'
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: eslint-results.sarif
-          wait-for-processing: true
+            $CHANGED_FILES
--- a/api/server/services/Files/Code/process.js
+++ b/api/server/services/Files/Code/process.js
@ -1,9 +1,9 @@
 const path = require('path');
 const { v4 } = require('uuid');
 const axios = require('axios');
-const { logAxiosError } = require('@librechat/api');
 const { logger } = require('@librechat/data-schemas');
 const { getCodeBaseURL } = require('@librechat/agents');
+const { logAxiosError, getBasePath } = require('@librechat/api');
 const {
  Tools,
  FileContext,
@ -15,7 +15,6 @@ const { filterFilesByAgentAccess } = require('~/server/services/Files/permission
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
 const { convertImage } = require('~/server/services/Files/images/convert');
 const { createFile, getFiles, updateFile } = require('~/models/File');
-const { getBasePath } = require('~/server/utils');

 /**
 * Process OpenAI image files, convert to target format, save and return file metadata.
--- a/client/jest.config.cjs
+++ b/client/jest.config.cjs
@ -41,7 +41,6 @@ module.exports = {
      'jest-file-loader',
  },
  transformIgnorePatterns: ['node_modules/?!@zattoo/use-double-click'],
-  preset: 'ts-jest',
  setupFilesAfterEnv: ['@testing-library/jest-dom/extend-expect', '<rootDir>/test/setupTests.js'],
  clearMocks: true,
 };
--- a/client/package.json
+++ b/client/package.json
@ -147,7 +147,6 @@
    "postcss-loader": "^7.1.0",
    "postcss-preset-env": "^8.2.0",
    "tailwindcss": "^3.4.1",
-    "ts-jest": "^29.4.5",
    "typescript": "^5.3.3",
    "vite": "^6.4.1",
    "vite-plugin-compression2": "^2.2.1",
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -100,7 +100,6 @@
    "@eslint/compat": "^1.2.6",
    "@eslint/eslintrc": "^3.3.1",
    "@eslint/js": "^9.20.0",
-    "@microsoft/eslint-formatter-sarif": "^3.1.0",
    "@playwright/test": "^1.56.1",
    "@types/react-virtualized": "^9.22.0",
    "caniuse-lite": "^1.0.30001741",
@ -122,7 +121,6 @@
    "jest": "^30.2.0",
    "lint-staged": "^15.4.3",
    "prettier": "^3.5.0",
-    "prettier-eslint": "^16.4.2",
    "prettier-plugin-tailwindcss": "^0.6.11",
    "typescript-eslint": "^8.24.0"
  },
--- a/packages/api/package.json
+++ b/packages/api/package.json
@ -48,7 +48,7 @@
    "@babel/preset-react": "^7.18.6",
    "@babel/preset-typescript": "^7.21.0",
    "@rollup/plugin-alias": "^5.1.0",
-    "@rollup/plugin-commonjs": "^25.0.2",
+    "@rollup/plugin-commonjs": "^29.0.0",
    "@rollup/plugin-json": "^6.1.0",
    "@rollup/plugin-node-resolve": "^15.1.0",
    "@rollup/plugin-replace": "^5.0.5",
@ -68,7 +68,7 @@
    "jest-junit": "^16.0.0",
    "librechat-data-provider": "*",
    "mongodb": "^6.14.2",
-    "rimraf": "^5.0.1",
+    "rimraf": "^6.1.2",
    "rollup": "^4.22.4",
    "rollup-plugin-peer-deps-external": "^2.2.4",
    "ts-node": "^10.9.2",
--- a/packages/client/package.json
+++ b/packages/client/package.json
@ -70,7 +70,7 @@
  },
  "devDependencies": {
    "@rollup/plugin-alias": "^5.1.0",
-    "@rollup/plugin-commonjs": "^25.0.2",
+    "@rollup/plugin-commonjs": "^29.0.0",
    "@rollup/plugin-node-resolve": "^15.0.0",
    "@rollup/plugin-replace": "^5.0.5",
    "@rollup/plugin-terser": "^0.4.4",
@ -85,7 +85,7 @@
    "react": "^18.2.0",
    "react-dom": "^18.2.0",
    "react-i18next": "^15.4.0",
-    "rimraf": "^5.0.1",
+    "rimraf": "^6.1.2",
    "rollup": "^4.0.0",
    "rollup-plugin-peer-deps-external": "^2.2.4",
    "rollup-plugin-postcss": "^4.0.2",
--- a/packages/data-provider/package.json
+++ b/packages/data-provider/package.json
@ -50,7 +50,7 @@
    "@babel/preset-typescript": "^7.21.0",
    "@langchain/core": "^0.3.62",
    "@rollup/plugin-alias": "^5.1.0",
-    "@rollup/plugin-commonjs": "^25.0.2",
+    "@rollup/plugin-commonjs": "^29.0.0",
    "@rollup/plugin-json": "^6.1.0",
    "@rollup/plugin-node-resolve": "^15.1.0",
    "@rollup/plugin-replace": "^5.0.5",
@ -63,7 +63,7 @@
    "jest": "^30.2.0",
    "jest-junit": "^16.0.0",
    "openapi-types": "^12.1.3",
-    "rimraf": "^5.0.1",
+    "rimraf": "^6.1.2",
    "rollup": "^4.22.4",
    "rollup-plugin-peer-deps-external": "^2.2.4",
    "rollup-plugin-typescript2": "^0.35.0",
--- a/packages/data-schemas/package.json
+++ b/packages/data-schemas/package.json
@ -38,7 +38,7 @@
  "homepage": "https://librechat.ai",
  "devDependencies": {
    "@rollup/plugin-alias": "^5.1.0",
-    "@rollup/plugin-commonjs": "^25.0.2",
+    "@rollup/plugin-commonjs": "^29.0.0",
    "@rollup/plugin-json": "^6.1.0",
    "@rollup/plugin-node-resolve": "^15.1.0",
    "@rollup/plugin-replace": "^5.0.5",
@ -51,7 +51,7 @@
    "jest": "^30.2.0",
    "jest-junit": "^16.0.0",
    "mongodb-memory-server": "^10.1.4",
-    "rimraf": "^5.0.1",
+    "rimraf": "^6.1.2",
    "rollup": "^4.22.4",
    "rollup-plugin-peer-deps-external": "^2.2.4",
    "rollup-plugin-typescript2": "^0.35.0",