Update JS production major (major)#15
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
Author
|
SafeDep Report Summary
⚠ 1 packages are identified as suspicious, human review is recommended. Package Details
This report is generated by SafeDep Github App |
WalkthroughMultiple production dependencies were upgraded to major versions: @cyclonedx/cyclonedx-npm, @hookform/resolvers, cspell, date-fns, recharts, sonner, tailwind-merge, vaul, and zod. No dependencies were added or removed. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes
Possibly related issues
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (1 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Comment |
Collaborator
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
package.json(3 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Open Source Software Supply Chain Security Scanner
🔇 Additional comments (2)
package.json (2)
73-73: Zod is not directly used in the codebase—breaking change concerns do not apply.Zod v4 is listed in package.json, but verification shows no source code imports or uses it. Zod appears only as a transitive dependency via
@hookform/resolversandzod-to-json-schema, which currently lock to zod v3. The breaking changes warnings in the original review comment assume direct schema usage that doesn't exist in this codebase.Note: The package.json declares v4 while package-lock.json still references v3 versions; ensure lock files are regenerated if upgrading.
Likely an incorrect or invalid review comment.
16-17: The original review comment incorrectly generalizes about breaking changes that don't apply to this codebase.After analyzing the source code:
- Zod v4: Not directly used in application code (transitive dependency)
- date-fns v4: Not directly used in application code (transitive dependency)
- @hookform/resolvers v5: Not used; the codebase uses only
react-hook-form, not@hookform/resolvers- @cyclonedx/cyclonedx-npm v4: Build/CLI tool, not referenced in application or build scripts
- recharts v3: Actually used in
src/components/ui/chart.tsx(wrapper component)The review comment's core claims about needing source code updates for Zod, date-fns, and @hookform/resolvers are not applicable since these packages aren't directly imported. Only
rechartsv3 is a genuine direct dependency upgrade worth monitoring for breaking changes in the chart wrapper, andreact-hook-formv7.53.0 should remain compatible.Likely an incorrect or invalid review comment.
| "@cyclonedx/cyclonedx-npm": "^2.1.0", | ||
| "@hookform/resolvers": "^3.9.0", | ||
| "@cyclonedx/cyclonedx-npm": "^4.0.0", | ||
| "@hookform/resolvers": "^5.0.0", |
There was a problem hiding this comment.
🧩 Analysis chain
Verify @hookform/resolvers v5 compatibility—unusual major version jump.
This package jumps from v3 to v5 (skipping v4), which is atypical. Confirm that:
- v5.0.0 is the recommended upgrade path from v3.x
- Source code is compatible with v5 API changes
- No custom resolver implementations need updating
🌐 Web query:
What are the breaking changes in @hookform/resolvers v5?
💡 Result:
Breaking changes in @hookform/resolvers v5 (v5.0.0):
- Requires react-hook-form v7.55.0 or higher. [1]
- Type/generic change: resolvers now infer distinct input/output types from your schema — you should use useForm<Input, Context, Output>() (or let types be inferred) instead of the old single FormValues generic. This affects manual type annotations and how transformed outputs are typed. [1]
Source: v5.0.0 release notes. [1]
[1] react-hook-form/resolvers — v5.0.0 release (GitHub).
🏁 Script executed:
#!/bin/bash
# Check react-hook-form version in package.json
echo "=== Checking react-hook-form version ==="
rg '"react-hook-form"' -A2 -B2
echo ""
echo "=== Searching for useForm usage and type annotations ==="
rg 'useForm\s*<' -n -C3
echo ""
echo "=== Searching for custom resolver implementations ==="
rg 'resolver\s*[:=]' -n -C3 --type=ts --type=tsx --type=js --type=jsxLength of output: 934
🏁 Script executed:
#!/bin/bash
# Simpler search for useForm without complex regex
echo "=== Searching for useForm calls ==="
rg 'useForm' -n --type=js --type=ts -C2
echo ""
echo "=== Searching for resolver configurations ==="
rg 'resolver' -n --type=js --type=ts -C2
echo ""
echo "=== Checking file types and locations ==="
fd '\.(tsx|ts|jsx|js)$' src | head -20Length of output: 3178
Update react-hook-form to v7.55.0 or higher in package.json.
@hookform/resolvers v5.0.0 requires react-hook-form v7.55.0+, but package.json specifies ^7.53.0. Update the constraint to ensure compatibility with the breaking changes in @hookform/resolvers v5 (input/output type inference changes):
- Change
"react-hook-form": "^7.53.0"to"react-hook-form": "^7.55.0"in package.json
🤖 Prompt for AI Agents
In package.json around line 17, the dependency constraint for react-hook-form is
incompatible with @hookform/resolvers v5.0.0; update the react-hook-form version
string from ^7.53.0 to ^7.55.0 so the package.json requires react-hook-form
v7.55.0 or higher, then run npm/yarn install and verify types/builds to ensure
the resolver v5 breaking changes are satisfied.
Micro-Learning Topic: Cross-site scripting (Detected by phrase)Matched on "xsS"Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context. Try a challenge in Secure Code WarriorHelpful references
|
renovate
Bot
force-pushed
the
renovate/major-js-production-major
branch
3 times, most recently
from
34d66cb to
f0f033c
Compare
renovate
Bot
force-pushed
the
renovate/major-js-production-major
branch
from
f0f033c to
a413e14
Compare
renovate
Bot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^2.1.0->^4.0.0^3.9.0->^5.0.0^3.9.0->^5.0.0^8.19.4->^9.0.0^3.6.0->^4.0.0^2.12.7->^3.0.0^2.12.7->^3.0.0^1.5.0->^2.0.0^1.5.0->^2.0.0^2.5.2->^3.0.0^2.5.2->^3.0.0^0.9.3->^1.0.0^3.23.8->^4.0.0^3.23.8->^4.0.0Release Notes
CycloneDX/cyclonedx-node-npm (@cyclonedx/cyclonedx-npm)
v4.1.0Compare Source
cdx:reproduciblepopulated (#1054 via #1373)See the official property taxonomy
cdxfor details.v5.9.3now, wasv5.9.2(via #1356)v4.0.3Compare Source
bom-reffor alias/duplicated components are reproducible (#1351 via #1352)v4.0.2Compare Source
@cyclonedx/cyclonedx-library@^9.0.0, was@^8.4.0(via #1349)v4.0.1Compare Source
normalize-package-data@^8.0.0, was@^7.0.0(via #1327)v5.9.2now, wasv5.8.3(via #1332)v4.0.0Compare Source
bom-refis prefixed with parent-component's one to ensure uniqueness (via #1307)npm-lsinternally (via #1307)No changes in data quality are expected.
v3.1.0Compare Source
@cyclonedx/cyclonedx-library, previously used own implementation (via #1303)@cyclonedx/cyclonedx-library@^8.4.0, was@^8.0.0(via #1301, #1303)commander@^14.0.0, was@^13.1.0(via #1297)v3.0.0Compare Source
node<20.18.0(#1192 via #1273)npm<9(#1274 via #1273, #1277)-oas shorthand for--output-file(#1282 via #1288)--ofas shorthand for--outout-format(#1282 via #1288)--svas shorthand for--spec-version(#1282 via #1288)@cyclonedx/cyclonedx-library@^8.0.0, was@^7.0.0(via #1281)commander@^13.1.0, was@^10.0.0(via #1281, #1288)normalize-package-data@^7.0.0, was@^3||^4||^5||^6(via #1281)v5.8.3now, wasv5.7.3(via #1267, #1289)react-hook-form/resolvers (@hookform/resolvers)
v5.2.2Compare Source
Bug Fixes
v5.2.1Compare Source
Bug Fixes
v5.2.0Compare Source
Features
v5.1.1Compare Source
Bug Fixes
v5.1.0Compare Source
Features
v5.0.1Compare Source
Bug Fixes
v5.0.0Compare Source
Features
BREAKING CHANGES
Before
Prior to V5, some projects used manual types like
After
With V5, the correct approach is:
This update enables distinct outputs when utilizing features like
transformfrom validation libraries.ℹ️ The best approach is to let the types be inferred from your schema, rather than manually defining them.
v4.1.3Compare Source
Bug Fixes
v4.1.2Compare Source
Bug Fixes
v4.1.1Compare Source
Bug Fixes
v4.1.0Compare Source
Features
v4.0.0Compare Source
Bug Fixes
raw: trueoption to pass form submission values correctly (#733) (7807f95)Features
errorMessage(#728) (5030a59)BREAKING CHANGES
errorMessageobject to return the original error types. This update may introduce breaking changes to your projects.v3.10.0Compare Source
Features
v3.9.1Compare Source
Bug Fixes
streetsidesoftware/cspell (cspell)
v9.2.2Compare Source
Fixes
fix: Wait for the cache to save (#7926)
fix: Wait for the cache to save (#7926)
This fixes a flaky cache situation caused by not waiting for the cache to save before moving on.
Dictionary Updates
fix: Workflow Bot -- Update Dictionaries (main) (#7915)
fix: Workflow Bot -- Update Dictionaries (main) (#7915)
v9.2.1Compare Source
Dictionary Updates
fix: Workflow Bot -- Update Dictionaries (main) (#7795)
fix: Workflow Bot -- Update Dictionaries (main) (#7795)
v9.2.0Compare Source
refactor: Support url based cache entries (#7639)
refactor: Support url based cache entries (#7639)
Features
fix: Support remote dependencies in cache (#7642)
fix: Support remote dependencies in cache (#7642)
Fixes
fix: Remove `flat-cache` dependency (#7636)
fix: Remove
flat-cachedependency (#7636)flat-cachev6 is not compatible with the cspell cache. Sinceflat-cachewas mostly a pass through toflatted, it was better to just replace it.refactor: move towards caching URLs (#7634)
refactor: move towards caching URLs (#7634)
fix: Support async cache (#7631)
fix: Support async cache (#7631)
fix: Replace file-entry-cache (#6579)
fix: Replace file-entry-cache (#6579)
Deprecating the use of file-entry-cache.
v10 of
file-entry-cachebreaks the spell checker and bloats the cache size.This PR is the first step in reducing the dependency upon file-entry-cache and its dependencies.
fix: Clean cspell-lib type exports (#7615)
fix: Clean cspell-lib type exports (#7615)
Dictionary Updates
fix: Workflow Bot -- Update Dictionaries (main) (#7618)
fix: Workflow Bot -- Update Dictionaries (main) (#7618)
v9.1.5Compare Source
Fixes
fix: Compile before publish (#7610)
fix: Compile before publish (#7610)
v9.1.3Compare Source
Fixes
fix: Add toml config reader/writer (#7565)
fix: Add toml config reader/writer (#7565)
fixes #7563
Dictionary Updates
fix: Workflow Bot -- Update Dictionaries (main) (#7569)
fix: Workflow Bot -- Update Dictionaries (main) (#7569)
v9.1.2Compare Source
Fixes
fix: Do not double encode stdin urls (#7536)
fix: Do not double encode stdin urls (#7536)
fixes #7517
fix: cspell trace output (#7528)
fix: cspell trace output (#7528)
It was incorrectly trimming ansi strings.
Dictionary Updates
fix: Workflow Bot -- Update Dictionaries (main) (#7526)
fix: Workflow Bot -- Update Dictionaries (main) (#7526)
v9.1.1Compare Source
Changes
Fixes
fix: Use the native JSON parser if possible (#7502)
fix: Use the native JSON parser if possible (#7502)
Some of the cspell settings have grow large. The fix is to use the native JSON parser instead of one that accepts comments.
v9.1.0Compare Source
Changes
Features
feat: Add command `dictionaries` (#7445)
feat: Add command
dictionaries(#7445)Add new
dictionariescommand to the clifeat: Add lint option `--dictionary` (#7441)
feat: Add lint option
--dictionary(#7441)Add lint options:
--dictionary- enable a dictionary by name--disable-dictionary- disable a dictionary by namefeat: Add init command to command-line. (#7414)
feat: Add init command to command-line. (#7414)
New command:
feat: Add command line option to set reporting level (#7380)
feat: Add command line option to set reporting level (#7380)
v9.0.2Compare Source
Changes
Fixes
fix: Add eslint plugin helpers (#7352)
fix: Add eslint plugin helpers (#7352)
Add helper methods:
defineCSpellPluginOptionsdefineCSpellConfigAdd some examples for
supportNonStrictSearchesfix: Make it possible to define a strict dictionary. (#7351)
fix: Make it possible to define a strict dictionary. (#7351)
fix: Correct the Hunspell Reader usage. (#7325)
fix: Correct the Hunspell Reader usage. (#7325)
Add an example.
Dictionary Updates
fix: Workflow Bot -- Update Dictionaries (main) (#7346)
fix: Workflow Bot -- Update Dictionaries (main) (#7346)
v9.0.1Compare Source
Changes
Fixes
fix: Add support to add words to config and keep comments. (#7295)
fix: Add support to add words to config and keep comments. (#7295)
Dictionary Updates
fix: Workflow Bot -- Update Dictionaries (main) (#7306)
fix: Workflow Bot -- Update Dictionaries (main) (#7306)
v9.0.0Compare Source
Note: Version bump only for package cspell
5.18.5 (2022-02-15)
Bug Fixes
5.18.4 (2022-02-07)
Bug Fixes
5.18.3 (2022-02-04)
Bug Fixes
5.18.2 (2022-02-03)
Bug Fixes
Reverts
5.18.1 (2022-02-03)
Bug Fixes
date-fns/date-fns (date-fns)
v4.1.0Compare Source
This release adds time zone support to format functions (that I somehow missed when working on the feature) and fixes a few bugs.
Make sure also upgrade
TZDateto v1.0.2 as it includes a bunch of critical bug fixes.Fixed
constructFromthrowing an exception onnullarguments. Whilenullisn't allowed, the functions should rather returnInvalid DateorNaNin such cases. See #3885.Added
format,formatISO,formatISO9075,formatRelativeandformatRFC3339. See #3886.v4.0.0Compare Source
I have great news! First, ten years after its release, date-fns finally gets first-class time zone support.
Another great news is that there aren't many breaking changes in this release. All of them are type-related and will affect only those explicitly using internal date-fns types. Finally, it has been less than a year since the last major release, which is an improvement over the previous four years between v2 and v3. I plan on keeping the pace and minimizing breaking changes moving forward.
Read more about the release in the announcement blog post.
- Sasha @kossnocorp
Added
Added time zones support via
@date-fns/tz'sTZDateclass andtzhelper function. See its README for the details about the API.All relevant functions now accept the context
inoption, which allows to specify the time zone to make the calculations in. If the function also returns a date, it will be in the specified time zone:In the example,
addDayswill get the current date and time in Singapore and add 5 days to it.startOfDaywill inherit the date type and return the start of the day in Singapore.Changed
The function arguments, as well as
Interval'sstartandend, now can be of different types, allowing you to mixUTCDate,TZDate,Date, and other extensions, as well as primitives (strings and numbers).The functions will normalize these values, make calculations, and return the result in the same type, preventing any bugs caused by the discrepancy. If passed, the type will be inferred from the context
inoption or the first encountered argument object type. TheInterval'sstartandendwill be considered separately, starting fromstart.In the given example, the result will be in the
TZDateas the first argument is a number, and thestarttakes precedence over theend.BREAKING: This release contains a bunch of types changes that should not affect the library's expected usage. The changes are primarily internal and nuanced, so rather than listing them here, I recommend you running the type checker after the upgrade. If there are unfixable problems, please open an issue.
BREAKING: The package now is ESM-first. The CommonJS is still support and It should not affect most users, but it might break in certains environments. If you encounter any issues, please report them.
Fixed
$by properly wrapping the code in an IIFE.recharts/recharts (recharts)
v3.3.0Compare Source
What's Changed
Feat
ResponsiveContaineris now built-in to all charts by @PavelVanecek in #6388responsiveprop to any chart along with a height and width as if you were usingResponsiveContainer. One less component to wrap things with.ResponsiveContainerwill continue to work for the life of 3.xFix
YAxis: Only use the YAxiswidth="auto"oscillation detection if the difference is > 1 pixel by @PavelVanecek in #6450ResponsiveContainer: only shrinks in the dimensions where it needs to shrink by @PavelVanecek in #6367Treemap: fix animation stutters in Treemap by @PavelVanecek in #6326Sankey: fix unique key error by @daiboom in #6352Website changes - https://recharts.github.io/
Unfortunately the current contributors and admins do not own recharts.org and the renewal of the domain remains up in the air. To remove that uncertainty we have deployed the website at our github pages URL instead.
New Contributors
Full Changelog: recharts/recharts@v3.2.1...v3.3.0
v3.2.1Compare Source
What's Changed
Fix
X/YAxis, etc.: reduce re-renders to fix blinking line in Zoom & Highlight example by @PavelVanecek in #6315Bar: Remove redundantRectangleimport, fixes tsup builds with recharts in them by @guscost in #6305Pie: fix PieLabel types by @PavelVanecek in #6313Brush: fix index off by one error whenmarginis 0 by @ckifer in #6323New Contributors
Full Changelog: recharts/recharts@v3.2.0...v3.2.1
v3.2.0Compare Source
What's Changed
Quite a bit of 3.0 bug fixes in this release along with two new hooks. Thanks to all who've been reporting issues!
Feat
Pie: support string values in PieouterRadiuscallbacks by @rephaelberkooz in #6191PolarGrid: addfillcolor support to by @mindtraveller in #6287Hooks
useXAxisDomainanduseYAxisDomainhooks by @PavelVanecek in #6201useMarginhook by @PavelVanecek in #6224Fix
Bar: fix unnecessary line breaks in Bar labels by @eino in #6214Bar: improveBarperformance whenactiveBaris turned off by @PavelVanecek in #6290Stacked Bar/Area: fix stacked charts with duplicate categorical data by @PavelVanecek in #6194Scatter: fix exception when Scatter data has non-stringtypeproperty by @PavelVanecek in #6248X/YAxis: fix blinking when changing props by @PavelVanecek in #6262PolarAngleAxis/Radar: fix polar angle axis ticks text positions by @mindtraveller in #6276Label: allow rendering Labels as nested children inXAxis,YAxisand Reference elements by @PavelVanecek in #6219LabelList: fix issue with LabelList not rendering inPiecharts by @PavelVanecek in #6246Text: fix exception whenText's children is empty and scaleToFit=true by @PavelVanecek in #6282Tooltip: bound Tooltip coordinates to the chart container in synchronized charts by @shreedharbhat98 in #6263Brush:allow brush travelers to be controlled by keys after mouse interaction by @ckifer in #6285useActiveTooltipDataPoints: fix infinite rendering loop by @PavelVanecek in #6247Chore
New Contributors (thanks everyone!)
Full Changelog: recharts/recharts@v3.1.2...v3.1.3
v3.1.2Compare Source
What's Changed
Fix
Label/Polar Charts:Labelviewbox should now be present in polar charts and address #6030 by @PavelVanecek in #6180Full Changelog: recharts/recharts@v3.1.1...v3.1.2
v3.1.1Compare Source
What's Changed
Fix
General: Don't apply duplicate IDs in the DOM by @PavelVanecek in #6111Stacked Area/Bar: give all graphical items their own unique identifier and use that to select stacked data. Fixes issue where stacked charts could not be created from the graphical itemdataprop #6073 by @PavelVanecekStacked Area/Bar: exclude stacked axis domain when not relevant for axis by @rinkstiekema in #6162 fixes issue where numeric stacked charts would not render correctlyArea Chart: ranged area chart - show active dot on both points instead of just the top one by @sroy8091 in #6116 fixes #6080Polar Charts/Label: fixLabelin polar charts by @PavelVanecek in #6126Scatter/ErrorBar: choose implicit Scatter ErrorBar direction based on chart layout (to be the same as 2.x) by @PavelVanecek in #6159X/YAxis/Reference Components: allow axis values and reference items to render when there is no data but there is a domain/explicit ticks set by @ethphan in #6161X/YAxis: pass axis padding info to custom tick components by @shreedharbhat98 in #6163Chore / Testing
strictNullChecksAnimateintoJavascriptAnimateandCSSTransitionAnimateby @PavelVanecek in #6175New Contributors
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.