Weekly GitHub Report for Meteor

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.

Table of Contents

• I. News
  • 1.1. Recent Version Releases
  • 1.2. Other Noteworthy Updates
• II. Issues
  • 2.1. Top 5 Active Issues
  • 2.2. Top 5 Stale Issues
  • 2.3. Open Issues
  • 2.4. Closed Issues
  • 2.5. Issue Discussion Insights

• III. Pull Requests
  • 3.1. Open Pull Requests
  • 3.2. Closed Pull Requests
  • 3.3. Pull Request Discussion Insights

• IV. Contributors
  • 4.1. Contributors

I. News

1.1 Recent Version Releases:

No recent version releases were found.

1.2 Version Information:

Please provide the version release information you would like me to analyze and summarize.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

1. [MODERN-BUILD-STACK] 3.4-rc.3 Error: Cannot find package "tools-core". Try "meteor add tools-core": This issue describes a problem with the rspack Meteor package version 1.0.0-rc340.3, which incorrectly lists the tools-core package as a hard dependency, causing production builds to fail since tools-core is marked as a development-only package. The root cause is that the build system tries to include tools-core in production, where it is unavailable, and the suggested fix is to declare tools-core as a weak dependency and handle its absence gracefully in the code.

   • The comments discuss a workaround involving patching the rspack package to avoid requiring tools-core in production, reveal a secondary error related to missing http-proxy-middleware, clarify that running production builds with NODE_ENV=development causes the issue, and note that a proper fix is planned for a future Meteor release while the workaround suffices for now.
   • Number of comments this week: 3

2. Unable to resolve "eta/core": This issue describes a problem where the user is unable to resolve the module "eta/core" when running a Meteor application using the oidc-provider package on MacOS 15.6.1 with Meteor version 3.2. Despite installing the eta package via npm, the error persists, and the user has identified the problem originating from an import statement in the oidc-provider's index.js file and provided a repository to reproduce the issue.

   • The comments reveal that the initial repository shared by the user only contained the README file, and after being prompted, the user confirmed that the necessary changes were pushed to the repository.
   • Number of comments this week: 2

Since there were fewer than 5 open issues, all of the open issues have been listed above.

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

As of our latest update, there are no stale issues for the project this week.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 2

Summarized Issues:

• Dependency misconfiguration causing build failures: The rspack Meteor package incorrectly lists the tools-core package as a hard dependency, which leads to production builds failing because tools-core is intended only for development and is unavailable in production environments. This misconfiguration prevents successful deployment of Meteor applications in production.
• issues/14087

• Module resolution errors with third-party packages: The Meteor application fails to resolve the module "eta/core" when using the oidc-provider package, even though the eta package is installed. This results in an unresolved import error originating from the oidc-provider's views/index.js file, causing runtime issues.
• issues/14090

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 1

Summarized Issues:

• Security Vulnerability in Dependencies: This issue requests upgrading the bundled qs dependency in the meteor-node-stubs package from version 6.14.0 to 6.14.1 to address a high severity security vulnerability. The update aims to mitigate potential security risks associated with the older version of the dependency.
• issues/14074

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.

III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 5

Key Open Pull Requests

1. Open telemetry support at Meteor: This pull request introduces the meteor-otel package to provide comprehensive OpenTelemetry support for Meteor applications by enabling early initialization of telemetry providers, integrating DDP method and publication tracing, offering utilities for custom spans and metrics, and facilitating trace context propagation, thereby addressing Meteor’s lack of native OpenTelemetry instrumentation and simplifying observability setup for developers.

• URL: pull/14086

• Associated Commits: b7908, 45903, c43eb, e10e8, b9435

2. [WIP] Update docs for Meteor.user and Meteor.userAsync: This pull request aims to update the documentation and type definitions for Meteor.user and Meteor.userAsync to clarify that their values can be undefined as well as null, based on observed behavior during user login in a vanilla Meteor setup.

• URL: pull/14088

• Associated Commits: 2cf4b, ad270

3. Expose Meteor user context to Express endpoints: This pull request introduces support for exposing the Meteor user context from accounts packages to Express endpoints via a new authentication middleware, Accounts.auth(), enabling REST endpoints to access Meteor.userId() and Meteor.user() for authenticated requests, along with a client-side helper Meteor.fetchWithAuth to include auth tokens in requests to protected endpoints.

• URL: pull/14091

• Associated Commits: 5c75f, f24cc

Other Open Pull Requests

• Type Definitions Enhancements: These pull requests improve type safety and request handling by adding missing or optional type definitions. One adds the missing type definition for the enableSubresourceIntegrity method in the WebAppInternals module, while the other introduces an optional cookies property to the CategorizedRequest type.
• pull/14084, pull/14085

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 2

Key Closed Pull Requests

1. Dev bundle 22.22.0.1: This pull request updates the Meteor development bundle to include the Node.js security release version 22.22.0.1, addressing an internal CI error and ensuring the project uses the latest patched Node.js version.

• URL: pull/14092

• Associated Commits: 330a8, f70f7, f6550

• Associated Commits: 330a8, f70f7, f6550

2. NodeJS 22.22.0: This pull request updates the project to incorporate the NodeJS 22.22.0 security release as detailed in the official NodeJS release notes.

• URL: pull/14080

• Associated Commits: 595be, 396a3

• Associated Commits: 595be, 396a3

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.

IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.