chore(workbench-ui): remediate Dependabot alerts [EN-1249]

[thierrycoopman]

Summary

• Bumps react-router-dom ^7.13.0 -> ^7.18.0 (clears 7 react-router alerts)
• Upgrades vite ^6.0.0 -> ^8.0.0 (rolldown bundler drops esbuild -> clears esbuild high alert; pulls postcss 8.5.15 -> clears postcss alert)
• Upgrades @vitejs/plugin-react ^4.2.0 -> ^6.0.0 (vite 8 peer)
• Scope: dev-only Connector Workbench UI (tools/workbench/ui/)

Resolves all 9 open Dependabot alerts. npm audit => 0 vulnerabilities.

Jira: EN-1249

Test plan

• npm install clean, npm audit => 0 vulnerabilities
• vite build succeeds (607 modules), dist/ produced
• Lockfile no longer contains esbuild; react-router 7.18.0, postcss 8.5.15
• Smoke test: go run . workbench and load http://127.0.0.1:8080/ui

Note

npm run build has a pre-existing tsc error (App.tsx:1703 target_amount) unrelated to this change; no CI builds this UI.

[coderabbitai]

Walkthrough

The Conversion interface in tools/workbench/ui/src/api.ts has a single field renamed: destination_amount?: string is replaced with target_amount?: string. No other logic, behavior, or API handling was modified.

Changes

Conversion Interface Field Rename

Layer / File(s)	Summary
Conversion interface field rename tools/workbench/ui/src/api.ts	Optional string field destination_amount renamed to target_amount in the Conversion interface.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A field once called "destination" took a bow,
Now "target" steps forward — here's the change, and how!
One line in, one line out, the interface stays slim,
The bunny hops along with every API whim. 🐇✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description focuses on dependency updates (react-router-dom, vite, @vitejs/plugin-react) and security alerts, but the raw_summary shows a single-line API type change (destination_amount → target_amount). There is a significant mismatch between what the description claims and what the changeset actually contains.	Update the PR description to accurately reflect the actual changes in the pull request. The description should mention the API type field rename in tools/workbench/ui/src/api.ts instead of focusing solely on dependency updates.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main objective of the PR: remediating Dependabot alerts in the workbench UI, and references the Jira ticket EN-1249.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/workbench-ui-dependabot-updates

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[NumaryBot]

✅ Approve — automated review

The dependency and lockfile updates appear consistent, and no discrete regression introduced by the patch was identified.

No findings.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.83%. Comparing base (ef55919) to head (c28527a).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #754   +/-   ##
=======================================
  Coverage   66.83%   66.83%           
=======================================
  Files         923      923           
  Lines       43100    43100           
=======================================
  Hits        28808    28808           
  Misses      12389    12389           
  Partials     1903     1903           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[NumaryBot]

✅ Approve — automated review

The dependency bumps and the Conversion interface update are consistent with the current UI/server JSON usage. I did not find a discrete regression introduced by this patch.

No findings.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tools/workbench/ui/src/api.ts`:
- Line 142: The frontend interface field target_amount does not match the
backend API response field destinationAmount, causing the value to be undefined
when deserialized. Rename the target_amount field to destination_amount in the
interface definition in api.ts to match the camelCase-to-snake_case conversion
convention used for other fields like sourceAmount mapping to source_amount.
Additionally, verify that the type of destination_amount (currently string)
matches the actual format returned by the backend API, which the schema
indicates should be an integer with bigint format, and adjust the type if
necessary to ensure proper deserialization.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 587752a0-4052-4cc1-8099-a445453334aa

📥 Commits

Reviewing files that changed from the base of the PR and between 48e6178 and 7c19ea1.

⛔ Files ignored due to path filters (2)

• tools/workbench/ui/package-lock.json is excluded by !**/package-lock.json, !**/*.json
• tools/workbench/ui/package.json is excluded by !**/*.json

📒 Files selected for processing (1)

• tools/workbench/ui/src/api.ts

[NumaryBot]

✅ Approve — automated review

The dependency updates and the API type adjustment are consistent with the checked-in lockfile and existing backend/UI usage. I did not find any discrete introduced issue that would break existing behavior.

No findings.