chore(deps): merge all dependabot updates#110
Merged
aorumbayev merged 18 commits intomainfrom Apr 14, 2026
Merged
Conversation
Bumps [@types/vscode](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/vscode) from 1.110.0 to 1.115.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/vscode) --- updated-dependencies: - dependency-name: "@types/vscode" dependency-version: 1.115.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.0 to 25.5.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.5.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.7 to 0.28.0. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.27.7...v0.28.0) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.28.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 4.1.2 to 4.1.4. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.1.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 5 to 6. - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@v5...v6) --- updated-dependencies: - dependency-name: pnpm/action-setup dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps the all group in /packages/web with 8 updates: | Package | From | To | | --- | --- | --- | | [jotai](https://github.com/pmndrs/jotai) | `2.19.0` | `2.19.1` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.7.0` | `1.8.0` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.5` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.5` | | [react-resizable-panels](https://github.com/bvaughn/react-resizable-panels) | `4.9.0` | `4.10.0` | | [shadcn](https://github.com/shadcn-ui/ui/tree/HEAD/packages/shadcn) | `4.1.2` | `4.2.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.5` | `8.0.8` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.2` | `4.1.4` | Updates `jotai` from 2.19.0 to 2.19.1 - [Release notes](https://github.com/pmndrs/jotai/releases) - [Commits](pmndrs/jotai@v2.19.0...v2.19.1) Updates `lucide-react` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/1.8.0/packages/lucide-react) Updates `react` from 19.2.4 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react) Updates `react-dom` from 19.2.4 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react-dom) Updates `react-resizable-panels` from 4.9.0 to 4.10.0 - [Release notes](https://github.com/bvaughn/react-resizable-panels/releases) - [Changelog](https://github.com/bvaughn/react-resizable-panels/blob/main/CHANGELOG.md) - [Commits](bvaughn/react-resizable-panels@4.9.0...4.10.0) Updates `shadcn` from 4.1.2 to 4.2.0 - [Release notes](https://github.com/shadcn-ui/ui/releases) - [Changelog](https://github.com/shadcn-ui/ui/blob/main/packages/shadcn/CHANGELOG.md) - [Commits](https://github.com/shadcn-ui/ui/commits/[email protected]/packages/shadcn) Updates `vite` from 8.0.5 to 8.0.8 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.8/packages/vite) Updates `vitest` from 4.1.2 to 4.1.4 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/vitest) --- updated-dependencies: - dependency-name: jotai dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: lucide-react dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: react dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: react-dom dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: react-resizable-panels dependency-version: 4.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: shadcn dependency-version: 4.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all - dependency-name: vite dependency-version: 8.0.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all - dependency-name: vitest dependency-version: 4.1.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [jsdom](https://github.com/jsdom/jsdom) from 28.1.0 to 29.0.2. - [Release notes](https://github.com/jsdom/jsdom/releases) - [Commits](jsdom/jsdom@v28.1.0...v29.0.2) --- updated-dependencies: - dependency-name: jsdom dependency-version: 29.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [marked](https://github.com/markedjs/marked) from 17.0.6 to 18.0.0. - [Release notes](https://github.com/markedjs/marked/releases) - [Commits](markedjs/marked@v17.0.6...v18.0.0) --- updated-dependencies: - dependency-name: marked dependency-version: 18.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
…/vscode/types/vscode-1.115.0' into chore/merge-dependabot-updates
…/vscode/esbuild-0.28.0' into chore/merge-dependabot-updates
…/vscode/vitest-4.1.4' into chore/merge-dependabot-updates
…ction-setup-6' into chore/merge-dependabot-updates
…/web/all-d652b46076' into chore/merge-dependabot-updates
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Greptile SummaryConsolidates 8 Dependabot PRs: workflow actions (
Confidence Score: 5/5
|
| Filename | Overview |
|---|---|
| .github/workflows/cd.yaml | Updated pnpm/action-setup from v5 to v6 consistently; no other changes. |
| .github/workflows/ci.yml | Updated pnpm/action-setup from v5 to v6 in two jobs (test-vscode, test-web); no other changes. |
| .github/workflows/publish-vscode.yaml | Updated pnpm/action-setup from v5 to v6; no other changes. |
| packages/vscode/package.json | Bumped @types/node, @types/vscode (1.96→1.115), esbuild, vitest. The engines.vscode minimum remains 1.96.0, creating a 19-version gap with the new @types/vscode that erodes engine-compatibility type safety. |
| packages/web/package.json | Multiple minor updates plus major bumps for marked (17→18, breaking change: trim trailing blank lines from block tokens) and jsdom (28→29). All 145 web tests pass; usage of marked.parse() with async: false remains compatible. |
| pnpm-lock.yaml | Lockfile regenerated to reflect all package version bumps; validated in a clean Docker container per PR description. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
subgraph GH["GitHub Actions Workflows"]
CD[cd.yaml]
CI[ci.yml]
PV[publish-vscode.yaml]
end
subgraph PKG["Package Dependencies"]
VP[packages/vscode/package.json]
WP[packages/web/package.json]
end
PNPM["pnpm/action-setup v5 → v6"]
CD --> PNPM
CI --> PNPM
PV --> PNPM
VP --> TV["@types/vscode ^1.96.0 → ^1.115.0 ⚠️"]
VP --> TN["@types/node ^25.5.0 → ^25.5.2"]
VP --> ES["esbuild ^0.27.5 → ^0.28.0"]
VP --> VV["vitest ^4.1.2 → ^4.1.4"]
WP --> MK["marked ^17.0.6 → ^18.0.0 (major)"]
WP --> JS["jsdom ^28.1.0 → ^29.0.2 (major)"]
WP --> WEB["jotai, react, vite, etc. (minor)"]
TV -.->|"gap with engines.vscode: ^1.96.0"| ENG["engines.vscode: ^1.96.0 (unchanged)"]
style TV fill:#fef3c7,stroke:#d97706
style ENG fill:#fee2e2,stroke:#dc2626
Comments Outside Diff (1)
-
packages/vscode/package.json, line 19 (link)engines.vscode/@types/vscodeversion mismatch@types/vscodejumped 19 minor versions (from1.96.0to1.115.0) butengines.vscodeis still"^1.96.0". TypeScript now type-checks against VS Code 1.115.0 APIs, so any newly written extension code that accidentally uses an API introduced after 1.96.0 will passcheck-typesbut silently fail at runtime for users on older VS Code versions. Best practice is to keep these two versions aligned.Either update
engines.vscodeto"^1.115.0"if the extension genuinely requires it, or keep@types/vscodepinned to match the declared minimum.Prompt To Fix With AI
This is a comment left during a code review. Path: packages/vscode/package.json Line: 19 Comment: **`engines.vscode` / `@types/vscode` version mismatch** `@types/vscode` jumped 19 minor versions (from `1.96.0` to `1.115.0`) but `engines.vscode` is still `"^1.96.0"`. TypeScript now type-checks against VS Code 1.115.0 APIs, so any newly written extension code that accidentally uses an API introduced after 1.96.0 will pass `check-types` but silently fail at runtime for users on older VS Code versions. Best practice is to keep these two versions aligned. Either update `engines.vscode` to `"^1.115.0"` if the extension genuinely requires it, or keep `@types/vscode` pinned to match the declared minimum. How can I resolve this? If you propose a fix, please make it concise.
Prompt To Fix All With AI
This is a comment left during a code review.
Path: packages/vscode/package.json
Line: 19
Comment:
**`engines.vscode` / `@types/vscode` version mismatch**
`@types/vscode` jumped 19 minor versions (from `1.96.0` to `1.115.0`) but `engines.vscode` is still `"^1.96.0"`. TypeScript now type-checks against VS Code 1.115.0 APIs, so any newly written extension code that accidentally uses an API introduced after 1.96.0 will pass `check-types` but silently fail at runtime for users on older VS Code versions. Best practice is to keep these two versions aligned.
Either update `engines.vscode` to `"^1.115.0"` if the extension genuinely requires it, or keep `@types/vscode` pinned to match the declared minimum.
```suggestion
"vscode": "^1.115.0"
```
How can I resolve this? If you propose a fix, please make it concise.Reviews (1): Last reviewed commit: "chore: update pnpm-lock.yaml for merged ..." | Re-trigger Greptile
…h breaks lockfile parsing pnpm/action-setup@v6 ships a hardcoded pnpm v11.0.0-rc.0 bootstrap binary that attempts to parse lockfileVersion 9.0 files before switching to the version in packageManager. v11's YAML parser rejects v10 lockfiles with "expected a single document in the stream, but found more". This was the root cause of all 8 dependabot PR CI failures. See: pnpm/action-setup#225
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@types/vscode1.110.0 → 1.115.0 (chore(deps-dev): bump @types/vscode from 1.110.0 to 1.115.0 in /packages/vscode #98)@types/node25.5.0 → 25.5.2 (chore(deps-dev): bump @types/node from 25.5.0 to 25.5.2 in /packages/vscode #99)esbuild0.27.7 → 0.28.0 (chore(deps-dev): bump esbuild from 0.27.7 to 0.28.0 in /packages/vscode #100)vitest4.1.2 → 4.1.4 (chore(deps-dev): bump vitest from 4.1.2 to 4.1.4 in /packages/vscode #101)jsdom28.1.0 → 29.0.2 (chore(deps): bump jsdom from 28.1.0 to 29.0.2 in /packages/web #107)marked17.0.6 → 18.0.0 (chore(deps): bump marked from 17.0.6 to 18.0.0 in /packages/web #108)pnpm/action-setupv5→v6 (chore(ci): bump pnpm/action-setup from 5 to 6 #104): v6 bootstraps pnpm v11.0.0-rc.0 which fails to parse lockfileVersion 9.0 files ("expected a single document in the stream"). This was the root cause of CI failures on all 8 dependabot PRs. See: action-setup@v6 does not take the requested pnpm version into account pnpm/action-setup#225Test plan
uv run poe lint— passesuv run poe typecheck— passesuv run pytest tests/ -m "not snapshot" -n auto— 1107 passedpnpm run build(web) — passespnpm run check-types(vscode) — passespnpm run test:unit(vscode) — 23 passedpnpm exec vitest run(web) — 145 passedactlint + fast-gate jobs passCloses #98, closes #99, closes #100, closes #101, closes #104, closes #106, closes #107, closes #108
🤖 Generated with Claude Code