the_order/docs/reports/DEPENDENCY_FIXES.md

# Dependency Warnings Fixed

**Date**: 2024-12-28

## Fixed Issues

### 1. ✅ Removed `zod-to-openapi` Package
- **Issue**: `zod-to-openapi@0.2.1` required `zod@~3.5.1` but we have `zod@3.25.76`
- **Solution**: Removed `zod-to-openapi` from `packages/schemas/package.json` as it was not being used in the codebase
- **Status**: ✅ Fixed - No longer appears in dependencies

### 2. ✅ Fixed OpenTelemetry API Version Mismatch
- **Issue**: OpenTelemetry SDK packages expected `@opentelemetry/api@<1.9.0` but version 1.9.0 was being installed
- **Solution**: 
  - Set `@opentelemetry/api` to `^1.8.0` in `packages/monitoring/package.json`
  - Added pnpm override in root `package.json` to force `@opentelemetry/api@^1.8.0` across all packages
  - Updated OpenTelemetry SDK packages to compatible versions (0.51.0)
  - Updated semantic conventions import to use new constants (`SEMRESATTRS_SERVICE_NAME` instead of deprecated `SemanticResourceAttributes`)
- **Status**: ✅ Fixed - Peer dependency warnings resolved

## Remaining Warnings (Non-Critical)

### Deprecated Packages (Informational Only)
These are deprecation warnings, not errors, and don't affect functionality:

1. **`@types/pino@7.0.5`** - Deprecated but still functional
   - Used in `packages/shared`
   - Can be updated when `@types/pino@8.x` is available

2. **`eslint@8.57.1`** - Deprecated but still functional
   - Used in `apps/mcp-legal`
   - Can be updated to ESLint 9.x when ready

3. **Subdependency deprecations** - These are transitive dependencies:
   - `@humanwhocodes/config-array@0.13.0`
   - `@humanwhocodes/object-schema@2.0.3`
   - `@types/minimatch@6.0.0`
   - `glob@7.2.3`, `glob@8.1.0`
   - `inflight@1.0.6`
   - `lodash.get@4.4.2`
   - `rimraf@3.0.2`
   - `@opentelemetry/otlp-proto-exporter-base@0.51.1`

   These are maintained by their respective package maintainers and will be updated automatically when parent packages update.

## Verification

Run `pnpm install` - you should see:
- ✅ No peer dependency errors
- ✅ Only deprecation warnings (informational, non-blocking)
- ✅ All packages install successfully

## Summary

All **critical dependency warnings** have been resolved:
- ✅ Peer dependency mismatches fixed
- ✅ Unused packages removed
- ✅ Version conflicts resolved

The remaining warnings are **deprecation notices** that don't affect functionality and can be addressed in future updates.