fix(deps): pin next via overrides to dedupe duplicate install#937
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe ChangesDependency Override Configuration
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2fe765b4a4
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| addListener<K extends keyof AgentRelayEvents>( | ||
| event: K, | ||
| handler: (...args: AgentRelayEvents[K]) => void | Promise<void> | ||
| ): () => void { |
There was a problem hiding this comment.
addListener currently types every handler as returning void | Promise<void>, which makes the documented beforeAgentSpawn patch pattern fail type-checking (e.g. relay.addListener('beforeAgentSpawn', () => ({ args: [...] })) produces TS2322). This effectively breaks the new hook for TypeScript consumers unless they cast around the API, and async patch handlers (Promise<SpawnPatch>) are blocked for the same reason. Please type beforeAgentSpawn as BeforeAgentSpawnHandler (or add event-specific overloads) so patch-returning handlers compile as intended.
Useful? React with 👍 / 👎.
@posthog/next declares next as a peer dep with range >=13.0.0. After Dependabot bumped web's next to 15.5.18, npm auto-installed a second copy of next@15.5.14 at the root to satisfy that peer, creating two distinct NextRequest types and breaking Deploy Web (SST) and Preview Web (SST) on every PR with a TypeScript mismatch in web/middleware.ts. Add a root override pinning next to 15.5.18 so there's a single hoisted install everywhere. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
willwashburn
force-pushed
the
fix/deploy-next-version-skew
branch
from
2fe765b to
9601c64
Compare
Six months stale (0.1.0 from 2026-03-06, 0.4.61 from 2026-05-21). Public API surface used by web (`PostHogProvider`, `postHogMiddleware`, `PostHogPageView`) is unchanged. The scoped override added in #937 holds, so `next` remains pinned to 15.5.18 across the workspace. Verified locally: `npm ci` produces a single `next@15.5.18`, and `cd web && npx next build` succeeds (75 static pages, typecheck clean). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Six months stale (0.1.0 from 2026-03-06, 0.4.61 from 2026-05-21). Public API surface used by web (`PostHogProvider`, `postHogMiddleware`, `PostHogPageView`) is unchanged. The scoped override added in #937 holds, so `next` remains pinned to 15.5.18 across the workspace. Also rebuild the lockfile from a known-good pre-#937 base to restore Linux platform binaries (`@tailwindcss/oxide-linux-*`, `@img/sharp-linux-*`) that got stripped when #937's lockfile regen ran on darwin-arm64 — npm bug #4828. Without these entries, `npm ci` on CI's Linux runners fails to install the native bindings and `next build` errors with "Cannot find native binding" from @tailwindcss/oxide. Verified locally: `npm ci` produces a single `next@15.5.18` plus all platform binaries for darwin/linux/win32, and `cd web && npx next build` succeeds (75 static pages, typecheck clean). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2 participants
Summary
mainsince 2026-05-19, and Preview Web (SST) fails on every PR, both with the same TypeScript error inweb/middleware.ts:web'snextto15.5.18, but@posthog/next(hoisted to root) declaresnext: >=13.0.0as a peer dep. npm auto-installed a second copy ofnext@15.5.14at the root to satisfy that peer, so the workspace ended up with two distinctNextRequesttypes — middleware importsnext/serverfromweb/node_modules/nextand passes it topostHogMiddlewarewhich expects root-next/node_modules's type."@posthog/next": { "next": "15.5.18" }. This pins thenextthat npm auto-installs for@posthog/next's peer dep to matchweb's version, so the duplicate collapses. Localnpm ci && cd web && npx next buildsucceeds.Why a scoped override and not a top-level one
A flat
"next": "15.5.18"works today with@posthog/next@0.1.0, but starts leaking a duplicatenextagain once@posthog/nextis bumped to its 0.4.x line (#TBD). The scoped form targets the actual source of the duplicate —@posthog/next's peer auto-install — and remains correct after the upgrade.Test plan
npm ciproduces a singlenext@15.5.18(find ... node_modules/next/package.json)cd web && npx next buildsucceeds (75 static pages generated, typecheck passes)Deploy Web (SST)succeeds on mergePreview Web (SST)succeeds on this PRFollowup (not in this PR)
TooManyCachePolicieslimit — looks like the "Remove stale preview environments" workflow isn't keeping up. Worth a separate look once this lands.🤖 Generated with Claude Code