Skip to content

refactor: move @hyperlane-xyz/utils to devDependencies in core#7805

Merged
yorhodes merged 1 commit intomainfrom
refactor/core-utils-devdep
Jan 15, 2026
Merged

refactor: move @hyperlane-xyz/utils to devDependencies in core#7805
yorhodes merged 1 commit intomainfrom
refactor/core-utils-devdep

Conversation

@yorhodes
Copy link
Member

Summary

  • Moves @hyperlane-xyz/utils from dependencies to devDependencies in @hyperlane-xyz/core
  • Utils is only used in test files (addressToBytes32, messageId, parseMessage), not in published contracts or build artifacts

Context

Previously, changes to @hyperlane-xyz/utils implied transitive patch bumps to @hyperlane-xyz/core, which could affect onchain bytecode versioning even when no contracts changed. This change breaks that dependency chain.

With the new Solidity changeset validation CI (#7801), explicit changesets are now required for @hyperlane-xyz/core when contracts change, making this transitive bump unnecessary.

Utils is only used in test files (addressToBytes32, messageId, parseMessage),
not in the published Solidity contracts or build artifacts.

Note: Previously, utils changes implied transitive patch bumps to core,
which could affect onchain bytecode versioning. This change breaks that
dependency chain, requiring explicit changesets for core when contracts change.
@yorhodes yorhodes requested review from larryob and ltyu as code owners January 15, 2026 20:34
@cursor
Copy link

cursor bot commented Jan 15, 2026

You have run out of free Bugbot PR reviews for this billing cycle. This will reset on February 13.

To receive reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

@changeset-bot
Copy link

changeset-bot bot commented Jan 15, 2026

⚠️ No Changeset found

Latest commit: cda9ca7

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 15, 2026

Warning

Rate limit exceeded

@yorhodes has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 9 minutes and 43 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between b5962a5 and cda9ca7.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (1)
  • solidity/package.json
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch refactor/core-utils-devdep

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@claude
Copy link
Contributor

claude bot commented Jan 15, 2026

Claude finished @yorhodes's task in 1m 7s —— View job


Review Complete

  • Analyze PR changes and context
  • Verify utils is only used in test files
  • Perform security review
  • Provide summary and recommendations

Summary

This PR correctly moves @hyperlane-xyz/utils from dependencies to devDependencies in @hyperlane-xyz/core.

Verification

I verified that @hyperlane-xyz/utils is only imported in test files:

  • solidity/test/mockMailbox.test.ts:4
  • solidity/test/testrecipient.test.ts:4
  • solidity/test/message.test.ts:8
  • solidity/test/lib/mailboxes.ts:15

The utils are used for test helpers (addressToBytes32, messageId, parseMessage) and are not imported in:

  • Any Solidity contracts (contracts/ directory)
  • Any source files in core-utils/ that get published to npm

Security Review

No security concerns. This is a purely build-related change that:

  1. Does not modify any contract code
  2. Does not affect runtime behavior
  3. Does not change published artifacts

The change correctly breaks the transitive dependency chain, preventing unnecessary version bumps to @hyperlane-xyz/core when only @hyperlane-xyz/utils changes.

CI Status

The Solidity Fork Tests failure is unrelated to this PR - it's a transient network error downloading forge-std from Soldeer's S3 bucket:

error downloading dependency: error sending request for url 
(https://soldeer-revisions.s3.amazonaws.com/forge-std/1_9_2_...)

This is an infrastructure issue that should resolve on retry.

Recommendation

Approve. The change is correct and aligns with best practices for dependency management.

@yorhodes yorhodes enabled auto-merge January 15, 2026 20:35
@hyper-gonk
Copy link
Contributor

hyper-gonk bot commented Jan 15, 2026

🐳 Monorepo Docker Image Built Successfully

Image Tags:

gcr.io/abacus-labs-dev/hyperlane-monorepo:pr-7805
gcr.io/abacus-labs-dev/hyperlane-monorepo:cda9ca7-20260115-203454

@codecov
Copy link

codecov bot commented Jan 15, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.02%. Comparing base (b5962a5) to head (cda9ca7).
⚠️ Report is 7 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #7805   +/-   ##
=======================================
  Coverage   77.02%   77.02%           
=======================================
  Files         117      117           
  Lines        2651     2651           
  Branches      244      244           
=======================================
  Hits         2042     2042           
  Misses        593      593           
  Partials       16       16           
Flag Coverage Δ
solidity 77.02% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
core 87.80% <ø> (ø)
hooks 71.86% <ø> (ø)
isms 81.10% <ø> (ø)
token 86.67% <ø> (ø)
middlewares 84.98% <ø> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@yorhodes yorhodes added this pull request to the merge queue Jan 15, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jan 15, 2026
@yorhodes yorhodes added this pull request to the merge queue Jan 15, 2026
Merged via the queue into main with commit d14275f Jan 15, 2026
106 of 107 checks passed
@yorhodes yorhodes deleted the refactor/core-utils-devdep branch January 15, 2026 22:56
@github-project-automation github-project-automation bot moved this from In Review to Done in Hyperlane Tasks Jan 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

4 participants