Skip to content

chore(eslint): enable @tanstack/query/exhaustive-deps rule#1132

Merged
carlosthe19916 merged 3 commits into
guacsec:mainfrom
carlosthe19916:chore/eslint-tanstack-exhaustive-deps
Jul 2, 2026
Merged

chore(eslint): enable @tanstack/query/exhaustive-deps rule#1132
carlosthe19916 merged 3 commits into
guacsec:mainfrom
carlosthe19916:chore/eslint-tanstack-exhaustive-deps

Conversation

@carlosthe19916

@carlosthe19916 carlosthe19916 commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Enable the @tanstack/query/exhaustive-deps ESLint rule by fixing 4 violations and removing the "off" override
  • advisories.ts, sboms.ts, sbom-groups.ts: Move requestParamsQuery() destructuring inside queryFn so rest/q are local variables instead of closured dependencies missing from queryKey
  • vulnerabilities.ts: Inline the analyzeV3 call directly in queryFn, eliminating the chunks object closure. Rename the iteration variable to chunkIds for clarity

Part of #1128 (PR 3 of 8). Depends on #1131.

Test plan

  • npm run lint passes with zero errors
  • npx tsc --noEmit passes with no type errors

🤖 Generated with Claude Code

Summary by Sourcery

Enable TanStack Query exhaustive-deps lint rule by updating query functions to avoid closures over undeclared dependencies.

Enhancements:

  • Refactor vulnerabilities package ID query to chunk IDs locally and inline the analyzeV3 call per query.
  • Adjust SBOM groups, SBOMs, and advisories queries so request parameter derivation occurs inside queryFn, matching queryKey dependencies.

Build:

  • Remove the @tanstack/query/exhaustive-deps rule override from the ESLint configuration to enforce the rule project-wide.

Fix 4 violations where queryFn referenced variables not in queryKey:
- advisories.ts, sboms.ts, sbom-groups.ts: move requestParamsQuery()
  destructuring inside queryFn so derived variables are local
- vulnerabilities.ts: inline the API call to eliminate the chunks
  closure dependency

Part of guacsec#1128.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@sourcery-ai

sourcery-ai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Reviewer's Guide

Enables the @tanstack/query/exhaustive-deps ESLint rule by removing its override and updating several React Query hooks so that their query functions no longer close over undeclared dependencies, primarily by moving parameter derivation into queryFn and inlining a helper closure around analyzeV3.

Sequence diagram for updated useFetchVulnerabilitiesByPackageIds React Query interaction

sequenceDiagram
  participant Component
  participant useFetchVulnerabilitiesByPackageIds
  participant useQueries
  participant analyzeV3
  participant client

  Component->>useFetchVulnerabilitiesByPackageIds: call(ids)
  useFetchVulnerabilitiesByPackageIds->>useFetchVulnerabilitiesByPackageIds: chunkedIds = ids.reduce(...)
  useFetchVulnerabilitiesByPackageIds->>useQueries: useQueries({ queries: chunkedIds.map(...) })
  loop for each chunkIds in chunkedIds
    useQueries->>analyzeV3: queryFn() with { client, body: { purls: chunkIds } }
    analyzeV3-->>useQueries: response.data
  end
  useQueries-->>Component: userQueries
Loading

Sequence diagram for updated useQuery hooks deriving params inside queryFn

sequenceDiagram
  participant Component
  participant useFetchSBOMs
  participant useQuery
  participant requestParamsQuery
  participant listSboms

  Component->>useFetchSBOMs: call(groupId, params, labels, disableQuery)
  useFetchSBOMs->>useQuery: useQuery({ queryKey, queryFn, enabled })
  useQuery->>requestParamsQuery: queryFn() with params
  requestParamsQuery-->>useQuery: { q, rest }
  useQuery->>listSboms: listSboms({ client, query: { ...rest, group, q } })
  listSboms-->>useQuery: data
  useQuery-->>Component: { data, isLoading, error, refetch }
Loading

File-Level Changes

Change Details Files
Refactor vulnerabilities query hook so the query function no longer depends on a closure object and each query uses its own chunked ID list directly.
  • Replace the chunks object with a top-level chunkedIds array created via ids.reduce
  • Map over chunkedIds to build useQueries configuration, using chunkIds as the iterator variable
  • Inline the analyzeV3 call directly inside queryFn, returning response.data for each chunk
  • Ensure queryKey includes the specific chunkIds used by each queryFn
client/src/app/queries/vulnerabilities.ts
Adjust SBOM-related query hooks so request parameter derivation happens inside queryFn, making the derived values local to the query function rather than closed-over dependencies.
  • Move requestParamsQuery(params) destructuring into the useQuery queryFn for SBOM groups, including local parentQuery computation
  • Move requestParamsQuery(params) destructuring into the useQuery queryFn for SBOMs, using local q and rest when building the query object
  • Keep labelRequestParamsQuery(labels) as a stable input included in the queryKey to maintain cache correctness
client/src/app/queries/sbom-groups.ts
client/src/app/queries/sboms.ts
Update advisories query hook to compute request-derived query parameters inside queryFn instead of at hook scope so they are tracked correctly by React Query.
  • Move requestParamsQuery(params) destructuring from hook scope into the queryFn body
  • Use the locally derived q and rest values to construct the query object passed to listAdvisories
  • Retain params and labelQuery in the queryKey for proper cache scoping
client/src/app/queries/advisories.ts
Enable the @tanstack/query/exhaustive-deps ESLint rule by removing its override configuration so violations are enforced.
  • Delete the '@tanstack/query/exhaustive-deps': 'off' entry from the ESLint rules configuration
  • Leave other existing TanStack Query rules and ignores unchanged
eslint.config.mjs

Possibly linked issues


Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • In useFetchVulnerabilitiesByPackageIds, consider extracting the chunking logic and analyzeV3 call into a reusable helper to make the query definition more readable and reduce duplication if similar chunked calls are needed elsewhere.
  • For useFetchSBOMGroups, useFetchSBOMs, and useFetchAdvisories, you’re now recomputing requestParamsQuery inside queryFn; if this function is non-trivial, consider memoizing its result (e.g., with useMemo) or deriving q/rest once and safely including the necessary pieces in the queryKey to avoid repeated work on each fetch.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- In `useFetchVulnerabilitiesByPackageIds`, consider extracting the chunking logic and `analyzeV3` call into a reusable helper to make the query definition more readable and reduce duplication if similar chunked calls are needed elsewhere.
- For `useFetchSBOMGroups`, `useFetchSBOMs`, and `useFetchAdvisories`, you’re now recomputing `requestParamsQuery` inside `queryFn`; if this function is non-trivial, consider memoizing its result (e.g., with `useMemo`) or deriving `q`/`rest` once and safely including the necessary pieces in the `queryKey` to avoid repeated work on each fetch.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 72.22222% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 53.07%. Comparing base (e9282a7) to head (43ad865).

Files with missing lines Patch % Lines
client/src/app/queries/vulnerabilities.ts 70.00% 2 Missing and 1 partial ⚠️
client/src/app/queries/sbom-groups.ts 75.00% 1 Missing ⚠️
client/src/app/queries/sboms.ts 66.66% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1132      +/-   ##
==========================================
- Coverage   53.09%   53.07%   -0.03%     
==========================================
  Files         270      270              
  Lines        5882     5879       -3     
  Branches     1843     1843              
==========================================
- Hits         3123     3120       -3     
+ Misses       2456     2455       -1     
- Partials      303      304       +1     
Flag Coverage Δ
e2e 70.66% <92.85%> (-0.06%) ⬇️
unit 6.97% <0.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@carlosthe19916 carlosthe19916 added this pull request to the merge queue Jul 2, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to a conflict with the base branch Jul 2, 2026
# Conflicts:
#	client/src/app/queries/vulnerabilities.ts
#	eslint.config.mjs
@carlosthe19916 carlosthe19916 enabled auto-merge July 2, 2026 09:51
@carlosthe19916 carlosthe19916 added this pull request to the merge queue Jul 2, 2026
Merged via the queue into guacsec:main with commit 6d6822c Jul 2, 2026
19 checks passed
@github-project-automation github-project-automation Bot moved this to Done in Trustify Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

2 participants