upgrade groq sdk

[j4ys0n]

No description provided.

[j4ys0n]

Automated review 🤖

Summary of Changes
This PR upgrades the groq-sdk dependency from ^0.35.0 to ^1.1.1, bumping the package version from 1.11.2 to 1.11.3. The update triggers significant transitive dependency changes in yarn.lock, including removal of older Node.js-specific polyfills (@types/node-fetch, abort-controller, agentkeepalive, form-data, node-domexception, web-streams-polyfill) and consolidation of node-fetch to ^2.7.0.

Key Changes & Positives

• ✅ Modernization of groq-sdk to v1.x aligns with upstream API stability and likely includes performance/security improvements (package.json, line 85 → groq-sdk: ^1.1.1).
• ✅ Removal of deprecated or redundant dependencies (e.g., @types/node-fetch@^2.6.4, abort-controller@^3.0.0, form-data@^4.0.0) reduces bundle size and attack surface (yarn.lock deletions).
• ✅ Consolidation of node-fetch to ^2.7.0 ensures consistent polyfill usage (yarn.lock, line 2907 → node-fetch@^2.7.0).

Language/Framework Checks

• TypeScript runtime dependencies (@types/node) now rely solely on ^20.14.9 (via @types/node@20.17.30), removing legacy ^18.x references (yarn.lock, lines 777–783 deleted).
• get-intrinsic version range simplified from ^1.2.5, ^1.2.6, ^1.3.0 → ^1.2.5, ^1.3.0, indicating ^1.2.6 was dropped (yarn.lock, line 1892 → get-intrinsic@^1.2.5, ^1.3.0).
• has-symbols range narrowed from ^1.0.3, ^1.1.0 → ^1.1.0, dropping older patch (yarn.lock, line 2022 → has-symbols@^1.1.0).

Security & Privacy

• Elimination of form-data@4.0.2 (which depended on asynckit@0.4.0 and combined-stream@1.0.8) removes potential vector for prototype pollution in older versions (yarn.lock, lines 906–912 deleted).
• node-fetch@2.7.0 includes fixes for CVE-2022-0235 (path traversal in redirects), improving safety over 2.6.x (yarn.lock, line 2907 → node-fetch@^2.7.0).

Build/CI & Ops

• Reduced dependency tree depth (13 fewer unique packages in yarn.lock) may improve install times and reduce CI cache churn.
• No changes to build scripts or entry points—runtime compatibility depends on groq-sdk@1.x maintaining backward-compatible client interfaces.

Tests

• Verify Groq provider integration tests pass with groq-sdk@1.1.1, especially around streaming and error handling (e.g., src/providers/groq.ts usage of ChatCompletions API), as major version bumps often introduce breaking changes in response schemas or options.

Approval Recommendation
Approve with caveats

• Confirm groq-sdk@1.1.1 does not alter public API surface (e.g., constructor args, response types) in ways that break existing GroqProvider usage.
• Run integration tests against Groq endpoints to validate functionality post-upgrade.
• Audit changelog for groq-sdk@1.x to identify any migration steps (e.g., renamed methods, removed defaults).

[Copilot]

Pull request overview

Upgrades the Groq provider dependency used by @missionsquad/rosetta-ai, updating the project’s dependency graph to a newer groq-sdk release.

Changes:

• Bump package version from 1.11.2 to 1.11.3.
• Upgrade groq-sdk from ^0.35.0 to ^1.1.1.
• Update yarn.lock to reflect the new Groq SDK and its transitive dependency changes.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
package.json	Updates published package version and bumps groq-sdk dependency range.
yarn.lock	Refreshes the resolved dependency tree for the upgraded groq-sdk.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[j4ys0n]

Automated review 🤖

Summary of Changes
This PR upgrades the groq-sdk dependency from ^0.35.0 to ^1.1.1, bumping the package version to 1.11.3. The upgrade triggers structural changes in import statements within groq.audio.mapper.ts and groq.mapper.ts to adopt the new SDK’s re-exported Uploadable type, eliminating redundant imports from groq-sdk/core.

Key Changes & Positives

• Streamlined imports in src/core/mapping/groq.audio.mapper.ts and src/core/mapping/groq.mapper.ts by consolidating Uploadable into the main groq-sdk import, improving maintainability and reducing coupling to internal modules. 🟢
• Removal of outdated transitive dependencies (e.g., @types/node-fetch, abort-controller, form-data, node-fetch@2) in yarn.lock, indicating cleaner dependency resolution in groq-sdk@1.x. 🟢

Language/Framework Checks

• Import changes in src/core/mapping/groq.mapper.ts (lines 1–15) and src/core/mapping/groq.audio.mapper.ts (lines 1–6) correctly use type-only import for Uploadable, aligning with TypeScript best practices and avoiding runtime overhead.
• yarn.lock updates confirm removal of legacy polyfills (form-data, formdata-node, node-fetch@2, abort-controller, humanize-ms), consistent with modern SDK implementations leveraging native fetch or undici.

Security & Privacy

• No security-sensitive changes observed; the dependency upgrade does not introduce known vulnerabilities in groq-sdk@1.1.1 per published integrity hash.

Build/CI & Ops

• Reduced dependency tree size in yarn.lock may improve install times and reduce attack surface. Verify CI environments do not rely on removed polyfills (e.g., node-fetch@2), though groq-sdk@1.x likely uses built-in fetch or undici.

Tests

• No test files modified; ensure integration tests cover Groq audio features (STT/TTS/translate) post-upgrade, especially around file upload handling via Uploadable.

Approval Recommendation
Approve

• Dependency upgrade is non-breaking for public API (internal import refactoring only).
• Type-safe import changes validated via type-only usage.
• Confirm runtime behavior of Groq audio endpoints via regression tests before production deployment.