chore(deps): combine and fix all dependabot updates#109
Closed
kagan-agent wants to merge 20 commits intomainfrom
Closed
chore(deps): combine and fix all dependabot updates#109kagan-agent wants to merge 20 commits intomainfrom
kagan-agent wants to merge 20 commits intomainfrom
Conversation
Bumps [@types/vscode](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/vscode) from 1.110.0 to 1.115.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/vscode) --- updated-dependencies: - dependency-name: "@types/vscode" dependency-version: 1.115.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.0 to 25.5.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.5.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.7 to 0.28.0. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.27.7...v0.28.0) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.28.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 4.1.2 to 4.1.4. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.1.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 5 to 6. - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@v5...v6) --- updated-dependencies: - dependency-name: pnpm/action-setup dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps the all group in /packages/web with 8 updates: | Package | From | To | | --- | --- | --- | | [jotai](https://github.com/pmndrs/jotai) | `2.19.0` | `2.19.1` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.7.0` | `1.8.0` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.5` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.5` | | [react-resizable-panels](https://github.com/bvaughn/react-resizable-panels) | `4.9.0` | `4.10.0` | | [shadcn](https://github.com/shadcn-ui/ui/tree/HEAD/packages/shadcn) | `4.1.2` | `4.2.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.5` | `8.0.8` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.2` | `4.1.4` | Updates `jotai` from 2.19.0 to 2.19.1 - [Release notes](https://github.com/pmndrs/jotai/releases) - [Commits](pmndrs/jotai@v2.19.0...v2.19.1) Updates `lucide-react` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/1.8.0/packages/lucide-react) Updates `react` from 19.2.4 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react) Updates `react-dom` from 19.2.4 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react-dom) Updates `react-resizable-panels` from 4.9.0 to 4.10.0 - [Release notes](https://github.com/bvaughn/react-resizable-panels/releases) - [Changelog](https://github.com/bvaughn/react-resizable-panels/blob/main/CHANGELOG.md) - [Commits](bvaughn/react-resizable-panels@4.9.0...4.10.0) Updates `shadcn` from 4.1.2 to 4.2.0 - [Release notes](https://github.com/shadcn-ui/ui/releases) - [Changelog](https://github.com/shadcn-ui/ui/blob/main/packages/shadcn/CHANGELOG.md) - [Commits](https://github.com/shadcn-ui/ui/commits/[email protected]/packages/shadcn) Updates `vite` from 8.0.5 to 8.0.8 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.8/packages/vite) Updates `vitest` from 4.1.2 to 4.1.4 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/vitest) --- updated-dependencies: - dependency-name: jotai dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: lucide-react dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: react dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: react-dom dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: react-resizable-panels dependency-version: 4.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: shadcn dependency-version: 4.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all - dependency-name: vite dependency-version: 8.0.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all - dependency-name: vitest dependency-version: 4.1.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [jsdom](https://github.com/jsdom/jsdom) from 28.1.0 to 29.0.2. - [Release notes](https://github.com/jsdom/jsdom/releases) - [Commits](jsdom/jsdom@v28.1.0...v29.0.2) --- updated-dependencies: - dependency-name: jsdom dependency-version: 29.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [marked](https://github.com/markedjs/marked) from 17.0.6 to 18.0.0. - [Release notes](https://github.com/markedjs/marked/releases) - [Commits](markedjs/marked@v17.0.6...v18.0.0) --- updated-dependencies: - dependency-name: marked dependency-version: 18.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Greptile SummaryConsolidates 8 open Dependabot PRs — bumping pnpm/action-setup to v6 across all three workflow files, VS Code devDependencies ( Confidence Score: 5/5
|
| Filename | Overview |
|---|---|
| .github/workflows/cd.yaml | Updates pnpm/action-setup from @v5 to @v6; no other changes. |
| .github/workflows/ci.yml | Updates pnpm/action-setup from @v5 to @v6 in both test-vscode and test-web jobs; consistent with other workflow files. |
| .github/workflows/publish-vscode.yaml | Updates pnpm/action-setup from @v5 to @v6; no other changes. |
| packages/vscode/package.json | Bumps @types/node (^25.5.0→^25.5.2), @types/vscode (^1.96.0→^1.115.0), esbuild (^0.27.5→^0.28.0), and vitest (^4.1.2→^4.1.4); engines.vscode remains at ^1.96.0 while @types/vscode advances to 1.115, widening the type/runtime compatibility gap. |
| packages/web/package.json | Bumps jotai, lucide-react, marked (v17→v18 major), react/react-dom, react-resizable-panels, jsdom, shadcn, vite, and vitest; marked usage in markdown-content.tsx relies only on the stable marked.parse() with async:false which is unchanged in v18. |
| pnpm-lock.yaml | Lockfile properly regenerated to reflect all package.json changes; resolved versions are consistent with specifiers and peer dependency chains look correct. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[8 Dependabot PRs] --> B[Combined PR #109]
B --> C[GitHub Actions]
B --> D[packages/vscode]
B --> E[packages/web]
B --> F[pnpm-lock.yaml regenerated]
C --> C1["pnpm/action-setup v5 → v6\n(cd.yaml, ci.yml, publish-vscode.yaml)"]
D --> D1["@types/node ^25.5.0 → ^25.5.2"]
D --> D2["@types/vscode ^1.96.0 → ^1.115.0"]
D --> D3["esbuild ^0.27.5 → ^0.28.0"]
D --> D4["vitest ^4.1.2 → ^4.1.4"]
E --> E1["marked v17 → v18 (major)"]
E --> E2["react/react-dom ^19.1 → ^19.2.5"]
E --> E3["jotai, lucide-react, vite,\njsdom, vitest, shadcn bumps"]
D2 -.->|"⚠️ engines.vscode still ^1.96.0"| D2
Prompt To Fix All With AI
This is a comment left during a code review.
Path: packages/vscode/package.json
Line: 384
Comment:
**`engines.vscode` not updated alongside `@types/vscode`**
`@types/vscode` was bumped from `^1.96.0` to `^1.115.0`, but `engines.vscode` remains `"^1.96.0"`. TypeScript will now type-check against VS Code 1.115 APIs, so any newly-introduced API calls won't produce a compile error even though they'd be `undefined` at runtime on VS Code 1.96–1.114. Consider aligning `engines.vscode` with the minimum version your code actually targets, or at least with the installed `@types/vscode` version.
```suggestion
"@types/node": "^25.5.2",
"@types/vscode": "^1.115.0",
```
And in the `engines` block:
```json
"engines": {
"vscode": "^1.115.0"
}
```
How can I resolve this? If you propose a fix, please make it concise.Reviews (1): Last reviewed commit: "chore: update pnpm-lock.yaml after mergi..." | Re-trigger Greptile
| @@ -383,8 +383,8 @@ | |||
| }, | |||
| "devDependencies": { | |||
There was a problem hiding this comment.
engines.vscode not updated alongside @types/vscode
@types/vscode was bumped from ^1.96.0 to ^1.115.0, but engines.vscode remains "^1.96.0". TypeScript will now type-check against VS Code 1.115 APIs, so any newly-introduced API calls won't produce a compile error even though they'd be undefined at runtime on VS Code 1.96–1.114. Consider aligning engines.vscode with the minimum version your code actually targets, or at least with the installed @types/vscode version.
Suggested change
| "devDependencies": { | |
| "@types/node": "^25.5.2", | |
| "@types/vscode": "^1.115.0", |
And in the engines block:
"engines": {
"vscode": "^1.115.0"
}Prompt To Fix With AI
This is a comment left during a code review.
Path: packages/vscode/package.json
Line: 384
Comment:
**`engines.vscode` not updated alongside `@types/vscode`**
`@types/vscode` was bumped from `^1.96.0` to `^1.115.0`, but `engines.vscode` remains `"^1.96.0"`. TypeScript will now type-check against VS Code 1.115 APIs, so any newly-introduced API calls won't produce a compile error even though they'd be `undefined` at runtime on VS Code 1.96–1.114. Consider aligning `engines.vscode` with the minimum version your code actually targets, or at least with the installed `@types/vscode` version.
```suggestion
"@types/node": "^25.5.2",
"@types/vscode": "^1.115.0",
```
And in the `engines` block:
```json
"engines": {
"vscode": "^1.115.0"
}
```
How can I resolve this? If you propose a fix, please make it concise.
Member
|
Superseded by #110 which merged all 8 dependabot updates and also fixed the root cause of the CI failures (pnpm/action-setup v6 → v5 revert). All changes are now on main. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR combines all 8 open Dependabot PRs and fixes the lockfile issues causing CI failures.
Combined PRs
Fixes