chore(deps): bundle open dependabot bumps (#117 #118 #119 #120)#124
chore(deps): bundle open dependabot bumps (#117 #118 #119 #120)#124aorumbayev merged 5 commits intomainfrom
Conversation
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 4.1.4 to 4.1.5. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps the all group in /packages/web with 5 updates: | Package | From | To | | --- | --- | --- | | [dompurify](https://github.com/cure53/DOMPurify) | `3.3.3` | `3.4.0` | | [marked](https://github.com/markedjs/marked) | `18.0.0` | `18.0.2` | | [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.14.0` | `7.14.1` | | [shadcn](https://github.com/shadcn-ui/ui/tree/HEAD/packages/shadcn) | `4.2.0` | `4.3.1` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.8` | `8.0.9` | Updates `dompurify` from 3.3.3 to 3.4.0 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.3.3...3.4.0) Updates `marked` from 18.0.0 to 18.0.2 - [Release notes](https://github.com/markedjs/marked/releases) - [Commits](markedjs/marked@v18.0.0...v18.0.2) Updates `react-router` from 7.14.0 to 7.14.1 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/[email protected]/packages/react-router) Updates `shadcn` from 4.2.0 to 4.3.1 - [Release notes](https://github.com/shadcn-ui/ui/releases) - [Changelog](https://github.com/shadcn-ui/ui/blob/main/packages/shadcn/CHANGELOG.md) - [Commits](https://github.com/shadcn-ui/ui/commits/[email protected]/packages/shadcn) Updates `vite` from 8.0.8 to 8.0.9 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.9/packages/vite) --- updated-dependencies: - dependency-name: dompurify dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: marked dependency-version: 18.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: react-router dependency-version: 7.14.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: shadcn dependency-version: 4.3.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all - dependency-name: vite dependency-version: 8.0.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
Greptile SummaryThis PR bundles four open Dependabot bumps into a single update across Note: the PR description states the Confidence Score: 5/5Safe to merge — all updates are patch or minor bumps with no breaking changes, and CI is verified locally. All dependency changes are patch-level or within the same minor range, no API-breaking major bumps, the lockfile is consistently regenerated, and the author confirmed tests pass (30/30 vscode, 266/266 web). No files require special attention.
|
| Filename | Overview |
|---|---|
| packages/vscode/package.json | Bumps typescript ^6.0.2→^6.0.3 and vitest ^4.1.4→^4.1.5; both are patch bumps within the same major range. |
| packages/web/package.json | Bumps typescript, dompurify, marked, react-router (patch), shadcn (minor 4.2→4.3), and vite (patch); all safe patch/minor updates. vitest stays at ^4.1.4 consistent with the PR description. |
| pnpm-lock.yaml | Lockfile regenerated to resolve all updated specifiers; no unexpected transitive dependency changes observed. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
PR["PR #124 — Bundled Dependabot bumps"]
PR --> VS["packages/vscode"]
PR --> WEB["packages/web"]
PR --> LOCK["pnpm-lock.yaml (refreshed)"]
VS --> V1["typescript ^6.0.2 → ^6.0.3"]
VS --> V2["vitest ^4.1.4 → ^4.1.5"]
WEB --> W1["typescript ^6.0.2 → ^6.0.3"]
WEB --> W2["dompurify ^3.3.3 → ^3.4.0"]
WEB --> W3["marked ^18.0.0 → ^18.0.2"]
WEB --> W4["react-router ^7.14.0 → ^7.14.1"]
WEB --> W5["shadcn ^4.2.0 → ^4.3.1"]
WEB --> W6["vite ^8.0.8 → ^8.0.9"]
Reviews (1): Last reviewed commit: "chore(deps): update pnpm-lock.yaml for b..." | Re-trigger Greptile
Summary
Bundles the four open dependabot PRs into a single green PR so we can close them en bloc. Each was failing CI individually (same shared CI setup failure); cherry-picked + lockfile-refreshed together and verified locally.
Changes
packages/vscode (from #120 + #119)
typescript5.9.3 → 6.0.3vitest4.1.4 → 4.1.5packages/web (from #118 + #117)
typescript5.9.3 → 6.0.3dompurify3.3.3 → 3.4.0marked18.0.0 → 18.0.2react-router7.14.0 → 7.14.1shadcn4.2.0 → 4.3.1vite8.0.8 → 8.0.9Root
pnpm-lock.yamlrefreshed once for all bumps.Closes
Test plan
pnpm installcleanpackages/vscode:pnpm run check-types+pnpm run test:unit— 30/30packages/web:pnpm exec tsc --noEmit+pnpm exec vitest run— 266/266packages/web:pnpm run build— clean🤖 Generated with Claude Code