fix(deps): remove stale ua-parser-js resolution and move dev tooling

[Yaddalapalli-Charan-Kumar-Naidu]

Proposed changes

Dependency hygiene cleanup in [package.json]

1. Removed stale ua-parser-js@1.0.2 resolution override — it was silently downgrading the declared 1.0.33 to 1.0.2 and was semver-incompatible with expo-device's ^0.7.33 requirement, causing Yarn warnings and duplicate installations.
2. Moved lint-staged and eslint-import-resolver-typescript from dependencies to devDependencies — both are dev-only tools that don't belong in production dependencies.

Issue(s)

#6981

How to test or reproduce

1. rm -rf node_modules yarn.lock && yarn install
2. Verify no ua-parser-js resolution warnings
3. yarn list ua-parser-js → should show 1.0.33 (root) and 0.7.41 (expo-device)
4. yarn test → all 776 tests pass
5. yarn run android → BUILD SUCCESSFUL

Screenshots

N/A — no UI changes.

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• Improvement (non-breaking change which improves a current function)
• New feature (non-breaking change which adds functionality)
• Documentation update (if none of the other choices apply)

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA
• Lint and unit tests pass locally with my changes
• I have added tests that prove my fix is effective or that my feature works (if applicable)
• I have added necessary documentation (if applicable)
• Any dependent changes have been merged and published in downstream modules

Further comments

Summary by CodeRabbit

• Chores
  • Updated development tooling and linting dependencies to improve code checks and staged task runs.
  • Removed an outdated runtime dependency and cleaned up an obsolete resolution entry.
  • Minor package file formatting cleanup (end-of-file newline adjustment).

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 69bcb5b3-58ed-462e-8279-71d7c2a6911c

📥 Commits

Reviewing files that changed from the base of the PR and between 623dc6b and 86cf217.

📒 Files selected for processing (1)

• package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

---

Walkthrough

package.json updated: eslint-import-resolver-typescript moved from dependencies to devDependencies, lint-staged added to devDependencies, ua-parser-js removed from resolutions; EOF newline removed. No exported API changes.

Changes

Cohort / File(s)	Summary
Package manifest package.json	Moved eslint-import-resolver-typescript out of dependencies into devDependencies, added lint-staged (11.1.0) and eslint-import-resolver-typescript (^4.4.4) under devDependencies, removed ua-parser-js from resolutions, and removed final EOF newline.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I nibbled through package.json with care,

Moved a resolver to dev-land, lint-staged joined the air,
A stray ua-parser slipped away last night,
No newline left — the file sleeps tight.

Suggested labels

type: chore

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(deps): remove stale ua-parser-js resolution and move dev tooling' directly and accurately summarizes the main changes in the pull request, which involve removing a stale ua-parser-js resolution and moving development tools to devDependencies.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[divyanshu-patil]

duplicate of #6892

[divyanshu-patil]

also have you tried running app after removing ua-parser-js ?
its not stale dependency it is used in liveChat

[Yaddalapalli-Charan-Kumar-Naidu]

To clarify, I’m not proposing removing ua-parser-js`from dependencies, since it is used in LiveChat.

The suggestion was only to evaluate whether the resolutions override forcing 1.0.2 is still necessary, given that the project directly depends on 1.0.33 and Yarn is currently installing both versions

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

package.json (1)

130-130: ⚠️ Potential issue | 🔴 Critical

Remove @types/ua-parser-js devDependency — ua-parser-js@1.0.33 ships with built-in TypeScript definitions

The pinning of ua-parser-js@1.0.33 in dependencies is correct. However, the @types/ua-parser-js@^0.7.36 devDependency (line 175) should be removed entirely. Starting with v1.0.x, ua-parser-js includes its own TypeScript definitions and does not require a separate @types/ package. Having both can cause type/export conflicts.

The usage in RoomInfoView (getOS, getBrowser methods) works fine without the DefinitelyTyped package—simply rely on the library's built-in types.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 130, Remove the unnecessary devDependency
`@types/ua-parser-js` from package.json because ua-parser-js@1.0.33 includes its
own TypeScript definitions; specifically delete the `@types/ua-parser-js` entry
from the devDependencies section, update any lockfile (npm/yarn/pnpm) by
reinstalling to remove the package, and ensure code using UAParser types (e.g.,
RoomInfoView methods getOS and getBrowser) compiles against the built-in types
without importing from `@types`.

🧹 Nitpick comments (1)

package.json (1)

202-203: Correct moves — both packages belong in devDependencies

eslint-import-resolver-typescript and lint-staged are dev-only tools with no runtime role; placing them in devDependencies is accurate.

Separately, lint-staged@11.1.0 is significantly stale (released ~2021; current is ~15.x). The version itself wasn't changed by this PR, but since the entry is being touched anyway, this is a low-cost opportunity to bump it.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 202 - 203, Move the two packages
"eslint-import-resolver-typescript" and "lint-staged" out of dependencies into
devDependencies in package.json (they are build/dev tools, not runtime), and
while doing so update "lint-staged" to a modern minor/major (e.g., ^15.0.0) to
replace the stale 11.1.0 entry; ensure package.json ends up with
"eslint-import-resolver-typescript" and the bumped "lint-staged" listed under
devDependencies and removed from dependencies, then run install to update
lockfile.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 098b0da and 0686b38.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• package.json

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2026-02-05T13:55:00.974Z

Learnt from: Rohit3523
Repo: RocketChat/Rocket.Chat.ReactNative PR: 6930
File: package.json:101-101
Timestamp: 2026-02-05T13:55:00.974Z
Learning: In this repository, the dependency on react-native-image-crop-picker should reference the RocketChat fork (RocketChat/react-native-image-crop-picker) with explicit commit pins, not the upstream ivpusic/react-native-image-crop-picker. Update package.json dependencies (and any lockfile) to point to the fork URL and a specific commit, ensuring edge-to-edge Android fixes are included. This pattern should apply to all package.json files in the repo that declare this dependency.

Applied to files:

• package.json

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 202: The devDependencies entry for "eslint-import-resolver-typescript"
uses 4 spaces instead of a tab, causing inconsistent indentation in
package.json; update the indentation for the "eslint-import-resolver-typescript"
line to use a single tab character so it matches the other entries (preserve the
existing double quotes and comma), then save and validate the JSON (or run your
formatter/linter) to ensure the file remains valid.
- Line 198: The package.json currently pins "react-dom": "18.2.0" which is
incompatible with "react": "19.0.0"; update the dependency to a
React-19-compatible version (e.g., change "react-dom" to "^19.0.0") so the major
versions match, then reinstall deps (and update the lockfile) to remove peer
dependency warnings and ensure Storybook and runtime use matching
React/ReactDOM; alternatively, if you must keep react-dom@18, downgrade "react"
to "18.2.0" so the majors match.

---

Outside diff comments:
In `@package.json`:
- Line 130: Remove the unnecessary devDependency `@types/ua-parser-js` from
package.json because ua-parser-js@1.0.33 includes its own TypeScript
definitions; specifically delete the `@types/ua-parser-js` entry from the
devDependencies section, update any lockfile (npm/yarn/pnpm) by reinstalling to
remove the package, and ensure code using UAParser types (e.g., RoomInfoView
methods getOS and getBrowser) compiles against the built-in types without
importing from `@types`.

---

Nitpick comments:
In `@package.json`:
- Around line 202-203: Move the two packages "eslint-import-resolver-typescript"
and "lint-staged" out of dependencies into devDependencies in package.json (they
are build/dev tools, not runtime), and while doing so update "lint-staged" to a
modern minor/major (e.g., ^15.0.0) to replace the stale 11.1.0 entry; ensure
package.json ends up with "eslint-import-resolver-typescript" and the bumped
"lint-staged" listed under devDependencies and removed from dependencies, then
run install to update lockfile.