Chore/20250918

[SvenVw]

Summary by CodeRabbit

• Refactor
  • Migrated file storage and form-data parsing to Remix equivalents for improved alignment and future compatibility. No user-facing behavior changes.
• Chores
  • Upgraded package manager version across the workspace and CI pipelines.
  • Updated numerous dependencies across app, core, and docs to latest minor/patch releases, improving stability, performance, and developer tooling.
  • Refreshed documentation build tooling versions.

[changeset-bot]

⚠️ No Changeset found

Latest commit: a15dade

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Version bumps across workflows and package manifests, replacing @mjackson storage/form-data-parser with @remix-run equivalents in three fdm-app routes, and updating pnpm to 10.17.0 throughout.

Changes

Cohort / File(s)	Summary
CI workflows: pnpm bump .github/workflows/deploy-docs-test.yml, .github/workflows/deploy-docs.yml, .github/workflows/release.yml, .github/workflows/tests.yml	Update pnpm setup steps from 10.14.0 to 10.17.0; no other workflow logic changes.
fdm-app route imports: migrate to @remix-run fdm-app/app/routes/farm.$b_id_farm.$calendar.field.$b_id.soil.analysis.new.upload.tsx, fdm-app/app/routes/farm.create.$b_id_farm.$calendar.fields.$b_id.soil.analysis.upload.tsx, fdm-app/app/routes/farm.create.$b_id_farm.$calendar.upload.tsx	Switch imports from @mjackson/* to @remix-run/* for file storage and form-data parser; no logic/control-flow changes.
fdm-app dependencies: broad updates fdm-app/package.json	Replace @mjackson/file-storage and @mjackson/form-data-parser with @remix-run/file-storage and @remix-run/form-data-parser; multiple dependency version bumps; update packageManager to pnpm@10.17.0.
fdm-core dependencies: minor bumps fdm-core/package.json	Increment several deps/devDeps (@electric-sql/pglite, unique-username-generator, @types/node, etc.); update packageManager to pnpm@10.17.0.
fdm-docs dependencies: minor bumps fdm-docs/package.json	Update @mdx-js/react, lucide-react, and typedoc-plugin-markdown.
Calculator/Data packageManager bump fdm-calculator/package.json, fdm-data/package.json	Update packageManager to pnpm@10.17.0.
Monorepo tooling package.json, pnpm-workspace.yaml	Bump dev tools (@biomejs/biome, @changesets/cli, turbo) and catalog versions (vite, rollup, etc.); update root packageManager to pnpm@10.17.0.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Add analysis upload #142 — Prior changes to upload routes and related storage/parser packages align with this migration to @remix-run equivalents.
• Chore/20250723 #195 — Similar dependency and workflow version bumps across the repo.
• Chore/20250619 #174 — Previous pnpm version bump in GitHub Actions workflows and manifests.

Suggested labels

fdm-app, fdm-core, fdm-data, fdm-docs, fdm-calculator

Suggested reviewers

• gerardhros

Poem

I thump my paws: new versions hop,
From pnpm burrows to Remix top.
We swap our packs, the routes still glide,
With tidy deps by garden-side.
A whisker twitch—tests still pass—
Now let the docs sprout greener grass! 🥕🐇

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title Check	❓ Inconclusive	The title "Chore/20250918" is a terse, date-only label that does not describe the primary changes in this PR (notably broad dependency upgrades, pnpm bumped to 10.17.0, and migration of @mjackson/file-storage and form-data-parser to @remix-run equivalents), so it is too generic for a reviewer to quickly understand the main intent.	Please rename the PR to a concise, descriptive title that highlights the main change, for example "chore(deps): bump pnpm to 10.17.0 and migrate file-storage/form-data-parser to @remix-run" or "chore: dependency upgrades and Remix file-storage migration (2025-09-18)"; include a scope like "deps" and the most important change so reviewers can scan history easily.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/20250918

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.92%. Comparing base (13e9b00) to head (a15dade).
⚠️ Report is 8 commits behind head on development.

Additional details and impacted files

@@             Coverage Diff              @@
##           development     #271   +/-   ##
============================================
  Coverage        92.92%   92.92%           
============================================
  Files               79       79           
  Lines            12926    12926           
  Branches          1266     1266           
============================================
  Hits             12012    12012           
  Misses             912      912           
  Partials             2        2           

Flag	Coverage Δ
fdm-calculator	94.36% <ø> (ø)
fdm-core	91.90% <ø> (ø)
fdm-data	94.40% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

fdm-app/app/routes/farm.$b_id_farm.$calendar.field.$b_id.soil.analysis.new.upload.tsx (2)

129-133: Bug: fileTypeFromBuffer expects Uint8Array/Buffer, not ArrayBuffer.
This will mis-detect or throw at runtime.

Apply:

-                const fileBuffer = await fileUpload.arrayBuffer()
-                const fileType = await fileTypeFromBuffer(fileBuffer)
+                const fileBytes = new Uint8Array(await fileUpload.arrayBuffer())
+                const fileType = await fileTypeFromBuffer(fileBytes)

---

123-146: Don’t gate on client-provided MIME; rely on magic bytes (+ add size limit).
Current check rejects valid PDFs if the browser sends a wrong type. Use magic‑bytes as the source of truth and cap size to avoid memory pressure.

Apply:

-        const uploadHandler = async (fileUpload: FileUpload) => {
-            if (
-                fileUpload.fieldName === "soilAnalysisFile" &&
-                fileUpload.type === "application/pdf"
-            ) {
+        const uploadHandler = async (fileUpload: FileUpload) => {
+            if (fileUpload.fieldName === "soilAnalysisFile") {
+                const MAX_BYTES = 10 * 1024 * 1024 // 10MB
+                if (typeof fileUpload.size === "number" && fileUpload.size > MAX_BYTES) {
+                    throw new Error("File too large")
+                }
                 // Check file type based on magic bytes
-                const fileBuffer = await fileUpload.arrayBuffer()
-                const fileType = await fileTypeFromBuffer(fileBuffer)
+                const fileBytes = new Uint8Array(await fileUpload.arrayBuffer())
+                const fileType = await fileTypeFromBuffer(fileBytes)
 
                 if (fileType?.mime !== "application/pdf") {
                     throw new Error("Invalid file type (magic bytes check)")
                 }
 
                 // We need to create a new File object from the buffer
-                const file = new File([fileBuffer], fileUpload.name, {
-                    type: fileUpload.type,
+                const file = new File([fileBytes], fileUpload.name, {
+                    type: fileType.mime,
                 })

🧹 Nitpick comments (9)

package.json (1)

28-32: Deps bump + pnpm 10.17.0: OK. Add Node engine to match CI?

Since CI runs Node 22, consider declaring it to prevent local drift.

Add in root package.json (outside the changed lines):

{
  "engines": {
    "node": ">=22"
  },
  "packageManager": "pnpm@10.17.0"
}

.github/workflows/tests.yml (1)

229-229: Data job: PNPM 10.17.0 OK. Optional hardening.

Consider pinning the container image to a digest to reduce supply‑chain drift:

-    container: node:${{ matrix.node-version }}-bookworm-slim
+    container: node:${{ matrix.node-version }}-bookworm-slim@sha256:<digest>

fdm-app/app/routes/farm.create.$b_id_farm.$calendar.fields.$b_id.soil.analysis.upload.tsx (3)

122-147: Avoid buffering the whole file; stream to storage and verify header bytes.

Current code reads the entire file into memory and then re-wraps it as a File before storing. Use LocalFileStorage with the FileUpload directly (streams) and only inspect a small header for magic bytes.

Apply this diff within the handler:

-        const uploadHandler = async (fileUpload: FileUpload) => {
+        const uploadHandler = async (fileUpload: FileUpload) => {
           if (
             fileUpload.fieldName === "soilAnalysisFile" &&
             fileUpload.type === "application/pdf"
           ) {
-            // Check file type based on magic bytes
-            const fileBuffer = await fileUpload.arrayBuffer()
-            const fileType = await fileTypeFromBuffer(fileBuffer)
+            // Check magic bytes on a small header to validate PDF
+            const header = fileUpload.bytes.subarray(0, 4100)
+            const fileType = await fileTypeFromBuffer(header)
 
             if (fileType?.mime !== "application/pdf") {
               throw new Error("Invalid file type (magic bytes check)")
             }
 
-            // We need to create a new File object from the buffer
-            const file = new File([fileBuffer], fileUpload.name, {
-                type: fileUpload.type,
-            })
             const storageKey = crypto.randomUUID()
-            await fileStorage.set(storageKey, file)
+            // Stream upload to storage without buffering
+            await fileStorage.set(storageKey, fileUpload)
 
             return fileStorage.get(storageKey)
           }
           throw new Error("Invalid file type (mime check)")
         }

Please confirm your installed file-type version supports Uint8Array/ArrayBuffer in fileTypeFromBuffer (v19+ does). If older, we should adapt accordingly. See docs for accepted input types. (npmjs.com)

---

122-122: Make upload directory configurable.

Consider reading the uploads base path from configuration/env for portability (tests, prod, ephemeral FS).

Example:

const uploadsDir = process.env.UPLOADS_DIR ?? "./uploads/soil_analyses";
const fileStorage = new LocalFileStorage(uploadsDir);

---

149-149: Add size/count limits to parseFormData

parseFormData supports an uploadHandler (2nd arg) and an options object (3rd arg) — pass conservative limits, e.g.:

const formData = await parseFormData(request, uploadHandler, { maxFiles: 1, maxFileSize: 20 * 1024 * 1024 })

fdm-app/app/routes/farm.$b_id_farm.$calendar.field.$b_id.soil.analysis.new.upload.tsx (1)

121-144: Clarify retention: are stored PDFs intended to persist?
This route doesn’t remove files (unlike the shapefile route). Confirm retention/backup/rotation and access controls for ./uploads/soil_analyses.

fdm-app/app/routes/farm.create.$b_id_farm.$calendar.upload.tsx (2)

129-136: Make shapefile extension checks case‑insensitive.
Prevents false negatives on uppercase extensions.

Apply:

-        const shp_file = files.find((f) => f.name.endsWith(".shp"))
-        const shx_file = files.find((f) => f.name.endsWith(".shx"))
-        const dbf_file = files.find((f) => f.name.endsWith(".dbf"))
-        const prj_file = files.find((f) => f.name.endsWith(".prj"))
+        const shp_file = files.find((f) => f.name.toLowerCase().endsWith(".shp"))
+        const shx_file = files.find((f) => f.name.toLowerCase().endsWith(".shx"))
+        const dbf_file = files.find((f) => f.name.toLowerCase().endsWith(".dbf"))
+        const prj_file = files.find((f) => f.name.toLowerCase().endsWith(".prj"))

---

122-127: Optional: enforce per‑file size limits during upload.
Avoids large in‑memory buffers when parsing. You can reject files via FileUpload.size.

fdm-docs/package.json (1)

56-57: Align packageManager with workspace (10.17.0).
Root and other packages use pnpm@10.17.0; docs still declare 10.14.0.

Apply:

-    "packageManager": "pnpm@10.14.0"
+    "packageManager": "pnpm@10.17.0"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 13e9b00 and a15dade.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (14)

• .github/workflows/deploy-docs-test.yml (1 hunks)
• .github/workflows/deploy-docs.yml (1 hunks)
• .github/workflows/release.yml (1 hunks)
• .github/workflows/tests.yml (3 hunks)
• fdm-app/app/routes/farm.$b_id_farm.$calendar.field.$b_id.soil.analysis.new.upload.tsx (1 hunks)
• fdm-app/app/routes/farm.create.$b_id_farm.$calendar.fields.$b_id.soil.analysis.upload.tsx (1 hunks)
• fdm-app/app/routes/farm.create.$b_id_farm.$calendar.upload.tsx (1 hunks)
• fdm-app/package.json (3 hunks)
• fdm-calculator/package.json (1 hunks)
• fdm-core/package.json (2 hunks)
• fdm-data/package.json (1 hunks)
• fdm-docs/package.json (2 hunks)
• package.json (1 hunks)
• pnpm-workspace.yaml (1 hunks)

🧰 Additional context used

🧠 Learnings (4)

📚 Learning: 2025-08-13T10:33:05.313Z

Learnt from: SvenVw
PR: SvenVw/fdm#0
File: :0-0
Timestamp: 2025-08-13T10:33:05.313Z
Learning: In the fdm project, fdm-calculator integration for new features like b_lu_variety is handled in separate updates from the core data model changes. When fdm-core functions are updated to support new fields, fdm-calculator can consume these enhanced APIs without requiring changes in the same PR that introduces the core functionality.

Applied to files:

• fdm-calculator/package.json

📚 Learning: 2025-05-28T07:57:19.217Z

Learnt from: SvenVw
PR: SvenVw/fdm#147
File: fdm-docs/package.json:39-39
Timestamp: 2025-05-28T07:57:19.217Z
Learning: In pnpm workspaces, the syntax `"typescript": "catalog:"` is valid and correct. It references the version defined in the workspace's catalog section in pnpm-workspace.yaml, allowing consistent dependency versions across packages in a monorepo.

Applied to files:

• fdm-calculator/package.json
• fdm-data/package.json
• pnpm-workspace.yaml
• fdm-core/package.json

📚 Learning: 2025-05-28T07:57:19.217Z

Learnt from: SvenVw
PR: SvenVw/fdm#147
File: fdm-docs/package.json:39-39
Timestamp: 2025-05-28T07:57:19.217Z
Learning: In pnpm workspaces, the syntax `"typescript": "catalog:"` is valid and correct. It references the version defined in the workspace's catalog section in pnpm-workspace.yaml, allowing consistent dependency versions across packages in a monorepo. The catalog: syntax without a package name is the shorthand for referencing the default catalog.

Applied to files:

• fdm-calculator/package.json
• fdm-data/package.json
• pnpm-workspace.yaml
• fdm-core/package.json

📚 Learning: 2024-11-25T12:42:32.783Z

Learnt from: SvenVw
PR: SvenVw/fdm#6
File: fdm-app/vite.config.ts:5-9
Timestamp: 2024-11-25T12:42:32.783Z
Learning: In the `fdm-app` project, SvenVw is preparing for migration to Remix v3 and may include type declarations or configurations for v3 features in advance, such as in `vite.config.ts`.

Applied to files:

• pnpm-workspace.yaml
• fdm-app/package.json

🔇 Additional comments (20)

.github/workflows/deploy-docs-test.yml (1)

38-38: PNPM bump looks good.

Consistent with repo-wide 10.17.0 upgrade. No other workflow impacts.

.github/workflows/deploy-docs.yml (1)

41-41: Aligned PNPM version.

Matches other workflows/packages; safe change.

fdm-data/package.json (1)

60-60: packageManager updated to pnpm@10.17.0.

Consistent with the workspace. No concerns.

.github/workflows/tests.yml (2)

56-56: Core job: PNPM 10.17.0 OK.

Change is mechanical; cache + setup-node remain intact.

---

149-149: Calculator job: PNPM 10.17.0 OK.

Consistent with other jobs.

.github/workflows/release.yml (1)

40-40: Release workflow PNPM bump: OK.

No functional changes; aligns with CI matrix.

fdm-calculator/package.json (1)

64-64: packageManager bump only.

Looks good.

fdm-app/app/routes/farm.create.$b_id_farm.$calendar.fields.$b_id.soil.analysis.upload.tsx (1)

1-2: Import migration to @remix-run libs: LGTM.

API parity retained; matches package changes.

fdm-app/app/routes/farm.create.$b_id_farm.$calendar.upload.tsx (1)

1-2: Remix import migration LGTM.
Interfaces match usage here.

fdm-docs/package.json (3)

25-25: @mdx-js/react bump OK.
No breaking changes expected for this patch.

---

27-27: lucide-react bump OK.
Aligns with app package.

---

38-38: typedoc-plugin-markdown patch bump OK.

pnpm-workspace.yaml (1)

9-24: Catalog bumps look consistent.
Rollup/Vite/typedoc updates align with package manifests.

If CI is green, no action. If not, check plugin compat with Rollup 4.50.x.

fdm-core/package.json (3)

54-65: DevDependency bumps look safe.
Minor/patch updates only.

---

67-75: Dependency bumps OK.
Pglite and unique-username-generator patches are low risk.

---

76-76: pnpm 10.17.0 alignment OK.

fdm-app/package.json (3)

28-31: Swapping to @remix-run/ libs is the right move.*
Matches route changes.

---

107-108: pnpm 10.17.0 alignment OK.

---

16-103: Approve — verification incomplete: ripgrep returned no files searched

Version bumps look coherent with the workspace; nothing concerning stands out. Verification for leftover @mjackson imports failed because the ripgrep run returned "No files were searched". Re-run locally and share output:

rg -nP '@mjackson/(file-storage|form-data-parser)'

fdm-app/app/routes/farm.$b_id_farm.$calendar.field.$b_id.soil.analysis.new.upload.tsx (1)

1-2: Remix import migration verified — no @mjackson imports in source files.
Only pnpm-lock.yaml contains '@mjackson/node-fetch-server' entries (transitive); all code files import @remix-run/file-storage and @remix-run/form-data-parser.