Bump @lokalise/connector-api-contracts from 1.8.0 to 1.29.2 #250

coderabbitai · 2026-03-09T07:54:11Z

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail pkg='@lokalise/connector-api-contracts' echo '== npm metadata comparison ==' for v in 1.8.0 1.29.2; do echo echo "-- ${pkg}@${v} --" npm view "${pkg}@${v}" \ version \ _npmUser \ maintainers \ repository \ peerDependencies \ dependencies \ engines \ dist.tarball \ dist.integrity \ --json done echo echo '== local manifest / lockfile references ==' fd '^(package\.json|package-lock\.json|npm-shrinkwrap\.json|pnpm-lock\.yaml|yarn\.lock)$' -x sh -c ' file="$1" echo echo "-- ${file} --" rg -n "@lokalise/connector-api-contracts|@lokalise/api-contracts|@lokalise/fastify-api-contracts|@lokalise/node-core|zod" "$file" || true ' sh {} echo echo 'Expected result:' echo '- 1.29.2 does not introduce peer/dependency requirements that exceed the versions pinned in this repo.' echo '- The lockfile, if present, resolves `@lokalise/connector-api-contracts` to the same 1.29.2 artifact reported by npm.'

Repository: lokalise/ce-connector-template-node

Length of output: 7265

Update root @lokalise/api-contracts to align with @lokalise/connector-api-contracts@1.29.2 dependency.

The bump to @lokalise/connector-api-contracts@1.29.2 introduces a transitive dependency on @lokalise/api-contracts@^6.0.0, but your root package.json still pins @lokalise/api-contracts@^5.4.0. This causes npm to nest the newer version under node_modules/@lokalise/connector-api-contracts/, creating a duplicate in the dependency tree. Peer dependencies (zod, @lokalise/zod-extras, @lokalise/api-common) and lockfile resolution are compatible. The npm publisher change is a security improvement (OIDC trusted publishing). Update the root @lokalise/api-contracts to ^6.0.0 or verify the mixed-version approach is intentional.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@package.json` at line 30, Root package.json pins "@lokalise/api-contracts" at ^5.4.0 while "@lokalise/connector-api-contracts" was bumped to ^1.29.2 and brings a transitive "@lokalise/api-contracts@^6.0.0"; update the root dependency "@lokalise/api-contracts" to "^6.0.0" (or confirm the mixed-version strategy) so npm doesn't nest a duplicate under "@lokalise/connector-api-contracts" and to align versions for "@lokalise/connector-api-contracts" and "@lokalise/api-contracts".

-Original file line number
+Diff line change
@@ Expand Up / @@ -27,7 +27,7 @@ @@
             "@fastify/awilix": "^8.2.0",
             "@lokalise/api-contracts": "^5.4.0",
             "@lokalise/backend-http-client": "^7.2.0",
-            "@lokalise/connector-api-contracts": "^1.8.0",
+            "@lokalise/connector-api-contracts": "^1.29.2",
             "@lokalise/fastify-api-contracts": "^4.2.1",
             "@lokalise/fastify-extras": "^30.2.1",
             "@lokalise/node-core": "^14.7.4",
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump @lokalise/connector-api-contracts from 1.8.0 to 1.29.2 #250

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

coderabbitai bot Mar 9, 2026

Uh oh!

Uh oh!

Bump @lokalise/connector-api-contracts from 1.8.0 to 1.29.2 #250

Are you sure you want to change the base?

Uh oh!

Bump @lokalise/connector-api-contracts from 1.8.0 to 1.29.2 #250

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

coderabbitai bot Mar 9, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!