chore: hey-api bump fixes generated code (#2049)

[holtgrewe]

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced new user-related types: SODARUser and SODARUserRequest.
  • Added a new type strList for arrays of strings.

• Improvements

  • Enhanced query functions to support request cancellation with a new signal parameter.
  • Improved flexibility in the createQueryKey function for client configuration.

• Bug Fixes

  • Removed deprecated schema definitions to streamline the API structure.

• Dependencies

  • Updated @hey-api/client-fetch to version ^0.4.2.
  • Updated @hey-api/openapi-ts to version ^0.54.0.

[coderabbitai]

Walkthrough

The changes in this pull request involve modifications to several TypeScript files within the frontend structure. Key alterations include the removal of export statements from schemas.gen, updates to type definitions in types.gen.ts, enhancements to the createQueryKey function and query options in @tanstack/vue-query.gen.ts, and formatting changes in services.gen.ts. Additionally, the package.json file reflects updates to dependency versions, specifically for @hey-api/client-fetch and @hey-api/openapi-ts.

Changes

File Path	Change Summary
frontend/ext/varfish-api/src/lib/index.ts	Removed export statement: export * from './schemas.gen';
frontend/ext/viguno-api/src/lib/index.ts	Removed export statement: export * from './schemas.gen';
frontend/ext/varfish-api/src/lib/types.gen.ts	Added types: SODARUser, SODARUserRequest, strList; Removed previous definitions of SODARUser and SODARUserRequest; Modified SamtoolsStatsGcRecordList and others for clarity.
frontend/ext/viguno-api/src/lib/@tanstack/vue-query.gen.ts	Updated createQueryKey to check for options.client; Added signal parameter to query option functions. Changed string literals from double to single quotes.
frontend/ext/viguno-api/src/lib/services.gen.ts	Reformatted return statements for readability in functions like hpoGenes, hpoOmims, etc.
frontend/ext/viguno-api/src/lib/schemas.gen.ts	Removed file containing various TypeScript object schemas for HPO-related data.
frontend/package.json	Updated dependencies: @hey-api/client-fetch from ^0.2.4 to ^0.4.2, @hey-api/openapi-ts from ^0.52.11 to ^0.54.0.

Possibly related PRs

• feat: display seqvars query execution results in UI (#1952) #1957: Modifications to export statements in the index.ts file, which relate to user interface enhancements that may utilize types and exports defined in types.gen.ts.

🐰 "In the land of code where changes bloom,
Exports removed to make more room.
Types defined, new and bright,
Dependencies updated, all feels right.
A hop, a skip, through lines we glide,
In this code garden, we take pride!" 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

deps-report 🔍

Commit scanned: ee9055d

Vulnerable dependencies

4 dependencies have vulnerabilities 😱

Dependency	Advisory	Versions impacted
djangorestframework (transitive)	Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with tags.	<3.15.2
jinja2 (transitive)	In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.	>=0
setuptools (transitive)	Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.	<70.0.0
sqlalchemy	Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. sqlalchemy/sqlalchemy#8563	<2.0.0b1

Outdated dependencies

38 outdated dependencies found (including 17 outdated major versions)😢

Dependency	Installed version	Latest version
alabaster (transitive)	0.7.16	1.0.0
argon2-cffi (transitive)	21.3.0	23.1.0
billiard (transitive)	3.6.4.0	4.2.1
crispy-bootstrap4 (transitive)	2022.1	2024.10
django	3.2.25	5.1.2
django-model-utils (transitive)	4.3.1	5.0.0
django-rest-knox (transitive)	4.2.0	5.0.2
django-sodar-core	0.13.4	1.0.2
mistune (transitive)	2.0.5	3.0.2
packaging (transitive)	23.2	24.1
protobuf	3.20.3	5.28.3
setuptools (transitive)	67.6.1	75.2.0
sphinx (transitive)	6.2.1	8.1.3
sphinx-rtd-theme (transitive)	1.2.2	3.0.1
sqlalchemy	1.4.54	2.0.36
unidecode (transitive)	0.4.21	1.3.8
xmlschema (transitive)	2.5.1	3.4.2

Dependency	Installed version	Latest version
botocore (transitive)	1.35.36	1.35.49
celery (transitive)	5.2.7	5.4.0
django-autocomplete-light (transitive)	3.9.4	3.11.0
django-crispy-forms (transitive)	2.0	2.3
django-db-file-storage (transitive)	0.5.5	0.5.6.1
django-debug-toolbar	4.3.0	4.4.6
django-environ (transitive)	0.10.0	0.11.2
django-iconify (transitive)	0.1.1	0.4
django-plugins-bihealth	0.4.0	0.5.2
django-postgres-copy	2.3.7	2.7.6
djangorestframework (transitive)	3.14.0	3.15.2
docutils (transitive)	0.18.1	0.21.2
drf-keyed-list-bihealth	0.1.1	0.2.1
markdown (transitive)	3.4.1	3.7
mypy-protobuf (dev)	3.3.0	3.6.0
pydantic-core (transitive)	2.23.4	2.25.0
requests-http-signature	0.2.0	0.7.1
rules (transitive)	3.3	3.5
tqdm	4.66.5	4.66.6
versioneer (transitive)	0.28	0.29
wheel (transitive)	0.40.0	0.44.0

_Logs

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

frontend/ext/varfish-api/src/lib/types.gen.ts (2)

3257-3257: Consider adding JSDoc documentation

While the type is straightforward, adding JSDoc documentation would improve clarity about its intended usage.

+/**
+ * Type alias for an array of strings, used for string list fields in the API.
+ */
 export type strList = Array<(string)>;

---

1833-1836: Consider adding JSDoc documentation

The type would benefit from JSDoc documentation explaining the purpose of GC content statistics and field meanings.

+/**
+ * Type representing GC content statistics from samtools stats output.
+ * Each record contains:
+ * - gc_content: The GC content percentage
+ * - count: Number of reads/bases with this GC content
+ */
 export type SamtoolsStatsGcRecordList = Array<{
     gc_content: number;
     count: number;
 }>;

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 5f9206d and ee9055d.

⛔ Files ignored due to path filters (1)

• frontend/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (8)

• frontend/ext/varfish-api/src/lib/index.ts (0 hunks)
• frontend/ext/varfish-api/src/lib/types.gen.ts (14 hunks)
• frontend/ext/viguno-api/src/lib/@tanstack/vue-query.gen.ts (2 hunks)
• frontend/ext/viguno-api/src/lib/index.ts (0 hunks)
• frontend/ext/viguno-api/src/lib/schemas.gen.ts (0 hunks)
• frontend/ext/viguno-api/src/lib/services.gen.ts (2 hunks)
• frontend/ext/viguno-api/src/lib/types.gen.ts (1 hunks)
• frontend/package.json (2 hunks)

💤 Files with no reviewable changes (3)

• frontend/ext/varfish-api/src/lib/index.ts
• frontend/ext/viguno-api/src/lib/index.ts
• frontend/ext/viguno-api/src/lib/schemas.gen.ts

✅ Files skipped from review due to trivial changes (1)

• frontend/ext/viguno-api/src/lib/services.gen.ts

🔇 Additional comments (8)

frontend/ext/viguno-api/src/lib/@tanstack/vue-query.gen.ts (3)

16-16: LGTM: Improved client configuration flexibility.

The change to use options?.client ?? client is a good improvement that allows for client override while maintaining backward compatibility.

---

39-52: LGTM: Well-structured query options with proper signal handling.

The implementation is consistent across all HPO-related functions with proper request cancellation support via the signal parameter and consistent error handling.

Also applies to: 58-71, 77-90, 96-109, 115-128

---

41-47: Verify signal handling in consuming components.

The signal parameter is now properly passed to the service calls. Ensure that components using these queries properly handle cleanup by aborting queries when components are unmounted.

Also applies to: 60-66, 79-85, 98-104, 117-123

✅ Verification successful

The previous search might have failed because we were looking for option types rather than actual query usage. Let's try to find where these queries are actually being used in components to verify the cleanup handling.

---

Let's try a different approach by finding components that import from this generated query file, as the previous patterns might have been too specific.

---

Let's examine the actual usage patterns in the files that import from vue-query.gen, focusing on both query usage and lifecycle hooks.

---

Signal handling is properly implemented through Vue Query's built-in cleanup

The codebase uses TanStack Vue Query's useQuery hooks which automatically handle cleanup and request cancellation when components are unmounted. The implementation shows:

1. Proper usage of Vue Query's built-in signal handling through the generated options
2. Correct implementation of enabled conditions to prevent unnecessary requests
3. Appropriate usage of stale times and query invalidation

No manual cleanup is required as Vue Query internally manages the AbortController signals and cleanup on component unmount.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for components using these HPO queries to verify cleanup
rg -l "hpo(Genes|Omims|SimTermGene|SimTermTerm|Terms)Options" | xargs rg -A 10 "onUnmounted|watchEffect|watch"

Length of output: 112

---

Script:

#!/bin/bash
# Let's first find files that use these HPO queries
rg -l "useQuery.*hpo(Genes|Omims|SimTermGene|SimTermTerm|Terms)"

# Then let's look for actual query usage patterns
rg "useQuery.*hpo(Genes|Omims|SimTermGene|SimTermTerm|Terms)" -A 5

Length of output: 135

---

Script:

#!/bin/bash
# Let's search for Vue components that import from the vue-query.gen.ts file
rg -l "from.*vue-query\.gen"

# And then look for their cleanup patterns
rg "from.*vue-query\.gen" --type vue -A 20

Length of output: 425

---

Script:

#!/bin/bash
# Let's examine the files that import from vue-query.gen to see their usage
for file in $(rg -l 'from.*vue-query\.gen'); do
    echo "=== $file ==="
    rg -A 10 "useQuery|onMounted|onUnmounted|watchEffect|watch" "$file"
done

# Also let's check the direct imports from this file
rg "import.*from.*vue-query\.gen" -A 3

Length of output: 10753

frontend/package.json (2)

67-67: Verify the impact of @hey-api/openapi-ts upgrade.

The upgrade from ^0.52.11 to ^0.54.0 involves multiple minor version increments in a 0.x package. Since this affects code generation:

• Review the generated TypeScript files for any breaking changes
• Ensure all removed exports (mentioned in the AI summary) were intentional

✅ Verification successful

Let me analyze the results from the shell scripts. The output shows:

1. The generated TypeScript files contain any and unknown types, but these are part of the API type definitions and error handling patterns, not type errors. They appear in:

   • Documentation comments (e.g., "Base serializer for any SODAR model...")
   • Error type definitions (e.g., export type CasesAnalysisApiCaseanalysisListError = unknown)
   • Valid enum choices (e.g., SeqvarsGenotypeChoice = 'any' | 'ref' | 'het'...)

2. The imports from generated files are consistent across the codebase, with proper imports from:

   • @varfish-org/varfish-api/lib/@tanstack/vue-query.gen
   • @varfish-org/varfish-api/lib/services.gen
   • @varfish-org/varfish-api/lib/types.gen

There are no signs of broken imports or type errors that would indicate breaking changes from the upgrade.

The upgrade from ^0.52.11 to ^0.54.0 appears safe to proceed with.

The generated types maintain proper type safety with intentional use of unknown for error states, and all imports remain valid across the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Look for any type errors in the generated files
rg -g 'frontend/ext/varfish-api/src/lib/*.gen.*' 'any|unknown'

# Check for potentially broken imports of removed exports
rg -g '!frontend/ext/varfish-api/src/lib/*.gen.*' "from ['\"].*\.gen['\"]"

Length of output: 48462

---

19-19: Verify the impact of @hey-api/client-fetch upgrade.

The upgrade from ^0.2.4 to ^0.4.2 is a significant minor version bump for a 0.x package, which may introduce breaking changes. Please ensure that:

• All generated code changes have been properly reviewed
• The application's integration tests pass with the new version

✅ Verification successful

Let me generate new shell scripts to better verify the impact of the package upgrade:

---

Let me fix the shell script syntax and try again:

---

Package upgrade appears safe to proceed

The @hey-api/client-fetch package is used in generated code files and one store file. The generated files will be automatically updated during the build process, and the store file only uses a type import which is unlikely to have breaking changes. The minor version bump (0.2 -> 0.4) in a pre-1.0 package suggests possible breaking changes, but the actual usage in the codebase is minimal and well-contained.

• Generated files that will be updated:
  • frontend/ext/varfish-api/src/lib/services.gen.ts
  • frontend/ext/viguno-api/src/lib/services.gen.ts
• Single direct usage in frontend/src/seqvars/stores/presets/store.ts (type import only)

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any remaining references to old API patterns
rg -g '!package*.json' '@hey-api/client-fetch.*0\.2'

# Look for any TODO or FIXME comments in generated files that might indicate issues
rg -g 'frontend/ext/varfish-api/src/lib/*.gen.*' '(TODO|FIXME)'

Length of output: 48462

---

Script:

#!/bin/bash
# Check for any direct imports of @hey-api/client-fetch
rg -g '!package*.json' 'from ["\']@hey-api/client-fetch["\']'

# Check for any direct usage of client-fetch APIs
rg -g '!package*.json' '@hey-api/client-fetch\.' -A 2

# Look for any generated code files that might be affected
fd -g '*.gen.*' -x ls -l {}

Length of output: 93

---

Script:

#!/bin/bash
# Check for any direct imports of @hey-api/client-fetch
rg -g "!package*.json" "from ['\"]@hey-api/client-fetch['\"]"

# Check for any direct usage of client-fetch APIs
rg -g "!package*.json" "@hey-api/client-fetch\." -A 2

# Look for any generated code files that might be affected
fd -e gen.ts -e gen.js -x ls -l {}

Length of output: 1368

frontend/ext/viguno-api/src/lib/types.gen.ts (1)

87-97: Verify the distinction between Result and Result_ types.

The codebase now has two similar result types with subtle differences:

• Result uses ResponseQuery for the query field
• Result_ uses Query for the query field

This distinction appears intentional to separate request and response structures, but let's verify this against the API specification.

✅ Verification successful

Based on the OpenAPI specification and code analysis, I can now provide a definitive response about the distinction between Result and Result_ types:

The distinction between Result and Result_ types is intentional and correct.

The OpenAPI specification shows that:

1. Result (title: HpoSimTermTermResult) is used for term-term similarity results with ResponseQuery
2. Result_ (title: HpoTermsResult) is used for HPO terms results with Query

This is a valid API design pattern where similar but distinct response types are used for different endpoints. The underscore suffix is part of the API specification and the generated types correctly reflect this design.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check the OpenAPI specification to verify the type definitions

# Look for Result type definitions in OpenAPI spec files
fd -e yaml -e json . | xargs rg -A 10 "Result_?\:"

# Check for usage patterns of both types
rg "Result_?" --type=typescript

Length of output: 206

---

Script:

#!/bin/bash
# Search for Result and Result_ type definitions
rg "type Result" -A 10 --type ts

# Search for usages of Result and Result_
rg "Result_" --type ts
rg "Result[^_]" --type ts

# Look for OpenAPI specs
fd "openapi|swagger" -e yaml -e json -e yml

Length of output: 65037

---

Script:

#!/bin/bash
# Check the OpenAPI spec for Result and Result_ type definitions
cat frontend/ext/viguno-api/openapi.yaml | grep -A 10 "Result_\|Result:"

# Search for usages of Result_ type in TypeScript files
rg "Result_" --type ts -A 2 -B 2

# Search for imports of Result type
rg "import.*Result" --type ts

Length of output: 42961

frontend/ext/varfish-api/src/lib/types.gen.ts (2)

3224-3239: LGTM: Well-structured SODAR user type definition

The SODARUser type is well-defined with proper field types, optionality, and comprehensive JSDoc documentation.

---

3241-3255: LGTM: Well-structured SODAR user request type

The SODARUserRequest type appropriately omits the server-generated sodar_uuid field while maintaining the rest of the structure from SODARUser.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91%. Comparing base (5f9206d) to head (ee9055d).
Report is 1 commits behind head on main.

Additional details and impacted files

@@          Coverage Diff          @@
##            main   #2066   +/-   ##
=====================================
  Coverage     91%     91%           
=====================================
  Files        677     677           
  Lines      38435   38435           
=====================================
  Hits       35093   35093           
  Misses      3342    3342