Skip to content

fix(deps): update npm minor/patch (app)#489

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm-minor-patch-app
Open

fix(deps): update npm minor/patch (app)#489
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm-minor-patch-app

Conversation

@renovate

@renovate renovate Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@aws-sdk/client-ecr (source) 3.1045.03.1079.0 age confidence
@babel/core (source) 7.29.67.29.7 age confidence
@slack/web-api (source) 7.15.27.18.0 age confidence
@types/node (source) 25.7.025.9.4 age confidence
@types/nodemailer (source) 8.0.08.0.1 age confidence
@vitest/coverage-v8 (source) 4.1.74.1.9 age confidence
axios (source) 1.16.11.18.1 age confidence
body-parser 2.2.22.3.0 age confidence
cron-parser 5.5.05.6.1 age confidence
dockerode 5.0.05.0.1 age confidence
fast-uri 3.1.23.1.3 age confidence
fast-xml-parser 5.8.05.9.3 age confidence
joi 18.2.118.2.3 age confidence
knip (source) 6.13.16.24.0 age confidence
node-cron (source) 4.2.14.6.0 age confidence
nodemailer (source) 9.0.19.0.3 age confidence
picomatch 4.0.44.0.5 age confidence
postcss (source) 8.5.108.5.16 age confidence
protobufjs 7.6.37.6.5 age confidence
qs 6.15.26.15.3 age confidence
re2js 2.8.32.8.6 age confidence
semver 7.8.17.8.5 age confidence
undici (source) 8.5.08.7.0 age confidence
uuid 14.0.014.0.1 age confidence
vite (source) 8.0.168.1.3 age confidence
vitest (source) 4.1.74.1.9 age confidence

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/client-ecr)

v3.1079.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1078.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1077.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1076.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1075.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1074.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1073.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1072.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1071.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1070.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1069.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1068.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1067.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1066.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1065.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1064.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1063.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1062.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1061.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1060.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1059.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1058.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1057.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1056.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1055.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1054.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1053.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1052.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1051.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1050.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1049.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1048.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1047.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1046.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

babel/babel (@​babel/core)

v7.29.7

Compare Source

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

slackapi/node-slack-sdk (@​slack/web-api)

v7.18.0

Compare Source

Minor Changes
  • 07744de: feat: make thread_ts optional for assistant.threads.setSuggestedPrompts

v7.17.0

Compare Source

Minor Changes
  • 2085900: feat: expose public read-only ts getter on ChatStreamer for fallback to chat.update when a stream expires server-side

    import { WebClient } from "@​slack/web-api";
    
    const client = new WebClient(process.env.SLACK_BOT_TOKEN);
    
    const streamer = client.chatStream({
      channel: "C0123456789",
      thread_ts: "1700000001.123456",
      recipient_team_id: "T0123456789",
      recipient_user_id: "U0123456789",
    });
    
    await streamer.append({ markdown_text: "hello!" });
    // streamer.ts is now set after the first flush
    console.log(streamer.ts);
    
    await streamer.stop();

v7.16.0

Compare Source

Minor Changes
  • 2814969: feat: add highlight_type to files.completeUploadExternal and filesUploadV2 for optimistic rendering

    import { WebClient } from "@​slack/web-api";
    
    const client = new WebClient(process.env.SLACK_BOT_TOKEN);
    
    await client.filesUploadV2({
      channel_id: "C0123456789",
      file: "./image.png",
      filename: "image.png",
      title: "Image Upload",
      highlight_type: "png",
    });
vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.9

Compare Source

🐞 Bug Fixes
  • Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #​10546 (a5180)
  • browser:
    • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in #​10555 (7fb29)
    • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in #​10497 and #​10556 (fbc62)
  • mocker:
    • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in #​10548 (2c955)
  • pool:
    • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in #​10543 and #​10564 (934b0)
View changes on GitHub

v4.1.8

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
axios/axios (axios)

v1.18.1

Compare Source

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#​10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#​10917, #​10930, #​10942, #​10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#​10959, #​11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#​11019)

🔧 Maintenance & Chores

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.18.0

Compare Source

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

v1.17.0

Compare Source

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

expressjs/body-parser (body-parser)

v2.3.0

Compare Source

========================

  • fix: use static exports instead of lazy getters to improve ESM compatibility
  • feat: add subpath exports for individual parsers
  • fix: improve limit option validation (#​698)
    • Invalid limit values (e.g. unparseable strings or NaN) now throw instead of being silently ignored, which previously disabled size limit enforcement
    • null and undefined fall back to the default 100kb limit
  • deps:
    • content-type@^2.0.0
    • http-errors@^2.0.1
    • iconv-lite^0.7.2
    • qs@^6.15.2
    • raw-body@^3.0.2
    • type-is@^2.1.0
harrisiirak/cron-parser (cron-parser)

v5.6.1

Compare Source

What's Changed

New Contributors

Full Changelog: harrisiirak/cron-parser@v5.6.0...v5.6.1

v5.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: harrisiirak/cron-parser@v5.5.0...v5.6.0

apocas/dockerode (dockerode)

v5.0.1

Compare Source

What's Changed

Full Changelog: apocas/dockerode@v5.0.0...v5.0.1

fastify/fast-uri (fast-uri)

v3.1.3

Compare Source

⚠️ Security Release

Full Changelog: fastify/fast-uri@v3.1.2...v3.1.3

NaturalIntelligence/fast-xml-parser (fast-xml-parser)

v5.9.3

Compare Source

What's Changed

New Contributors

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.2...v5.9.3

v5.9.2

Compare Source

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.1...v5.9.2

v5.9.1

Compare Source

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.0...v5.9.1

v5.9.0: update strnum, use is-unsafe

Compare Source

  • update strnum to 2.3.0
    • you can set hex, binary, enotation, infinity, unicode
  • validate unsafe HTML or XML data in doctype entities unsing 'is-unsafe' library. User can override rules by overriding EntityDecoder.
hapijs/joi (joi)

v18.2.3

Compare Source

v18.2.2

Compare Source

webpro-nl/knip (knip)

v6.24.0: Release 6.24.0

Compare Source

v6.23.0: Release 6.23.0

Compare Source

v6.22.0: Release 6.22.0

Compare Source

v6.21.0: Release 6.21.0

Compare Source

v6.20.0: Release 6.20.0

Compare Source

v6.19.0: Release 6.19.0

Compare Source

v6.18.0: Release 6.18.0

Compare Source

v6.17.2: Release 6.17.2

Compare Source

v6.17.1: Release 6.17.1

Compare Source

  • Remove ignoreBinaries w/ tar (b13d0ca)
  • Wrap up docs/refs (29f3e46)
  • Update dependencies (7b2f345)
  • Fix up vscode-languageclient imports (820c233)

v6.17.0: Release 6.17.0

Compare Source

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "before 6am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from scttbnsn as a code owner July 6, 2026 07:17
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
drydock-website Ready Ready Preview, Comment Jul 8, 2026 6:57pm
drydockdemo-website Ready Ready Preview, Comment Jul 8, 2026 6:57pm

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 0f0c53be-c915-4fb2-8d7e-7f4f67dab859

📥 Commits

Reviewing files that changed from the base of the PR and between ff7a248 and eef6581.

⛔ Files ignored due to path filters (1)
  • app/package-lock.json is excluded by !**/package-lock.json, !**/package-lock.json
📒 Files selected for processing (1)
  • app/package.json
🚧 Files skipped from review as they are similar to previous changes (1)
  • app/package.json

📝 Walkthrough

Walkthrough

This PR updates version numbers in app/package.json across runtime dependencies, overrides, and devDependencies. It bumps packages including @aws-sdk/client-ecr, axios, cron-parser, dockerode, fast-xml-parser, joi, node-cron, nodemailer, re2js, semver, undici, and uuid, updates enforced override versions such as body-parser, fast-uri, picomatch, postcss, qs, vite, @babel/core, and protobufjs, and bumps tooling packages including @types/node, @types/nodemailer, @vitest/coverage-v8, knip, and vitest.

🚥 Pre-merge checks | ✅ 2
✅ Passed checks (2 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/npm-minor-patch-app

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.


Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/package.json`:
- Line 53: Remove the obsolete `@types/node-cron` dependency from
app/package.json, since node-cron v4.5.0 already includes its own TypeScript
types and the separate v3 typings can conflict with the API used by the
node-cron package. Update the package manifest to rely on the built-in types
only and keep the dependency list aligned with the node-cron version in use.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 2eec83b5-1659-4662-a1fa-7ef0397ccb86

📥 Commits

Reviewing files that changed from the base of the PR and between 1badc49 and aee7637.

⛔ Files ignored due to path filters (1)
  • app/package-lock.json is excluded by !**/package-lock.json, !**/package-lock.json
📒 Files selected for processing (1)
  • app/package.json

Comment thread app/package.json Outdated
@renovate renovate Bot force-pushed the renovate/npm-minor-patch-app branch from aee7637 to 071974e Compare July 6, 2026 15:30
scttbnsn added a commit that referenced this pull request Jul 6, 2026
scttbnsn added a commit that referenced this pull request Jul 6, 2026
The #489 npm minor/patch port (071974e) bumped app/package.json's
picomatch override from 4.0.4 to 4.0.5. The lockfile-security test
hardcoded an exact-match assertion against the old pin; 4.0.5 is still
>= the patched floor the companion test enforces, so only the exact
pin needed updating.
@renovate renovate Bot force-pushed the renovate/npm-minor-patch-app branch from 071974e to c01c53c Compare July 7, 2026 02:12
@renovate renovate Bot force-pushed the renovate/npm-minor-patch-app branch from c01c53c to ff7a248 Compare July 7, 2026 16:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants