build(deps-dev): bump the dev-dependencies group across 1 directory with 10 updates#105
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
…ith 10 updates Bumps the dev-dependencies group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [doctoc](https://github.com/thlorenz/doctoc) | `2.4.1` | `2.5.0` | | [globals](https://github.com/sindresorhus/globals) | `17.6.0` | `17.7.0` | | [lint-staged](https://github.com/lint-staged/lint-staged) | `17.0.7` | `17.0.8` | | [prettier](https://github.com/prettier/prettier) | `3.8.4` | `3.9.1` | | [turbo](https://github.com/vercel/turborepo) | `2.9.18` | `2.10.0` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.61.1` | `8.62.0` | | [nock](https://github.com/nock/nock) | `14.0.15` | `14.0.16` | | [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `6.0.2` | `6.0.3` | | [postcss](https://github.com/postcss/postcss) | `8.5.15` | `8.5.16` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.16` | `8.1.0` | Updates `doctoc` from 2.4.1 to 2.5.0 - [Release notes](https://github.com/thlorenz/doctoc/releases) - [Commits](thlorenz/doctoc@v2.4.1...v2.5.0) Updates `globals` from 17.6.0 to 17.7.0 - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](sindresorhus/globals@v17.6.0...v17.7.0) Updates `lint-staged` from 17.0.7 to 17.0.8 - [Release notes](https://github.com/lint-staged/lint-staged/releases) - [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md) - [Commits](lint-staged/lint-staged@v17.0.7...v17.0.8) Updates `prettier` from 3.8.4 to 3.9.1 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.4...3.9.1) Updates `turbo` from 2.9.18 to 2.10.0 - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.9.18...v2.10.0) Updates `typescript-eslint` from 8.61.1 to 8.62.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/typescript-eslint) Updates `nock` from 14.0.15 to 14.0.16 - [Release notes](https://github.com/nock/nock/releases) - [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md) - [Commits](nock/nock@v14.0.15...v14.0.16) Updates `@vitejs/plugin-react` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/vitejs/vite-plugin-react/releases) - [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react) Updates `postcss` from 8.5.15 to 8.5.16 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.15...8.5.16) Updates `vite` from 8.0.16 to 8.1.0 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite) --- updated-dependencies: - dependency-name: doctoc dependency-version: 2.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: globals dependency-version: 17.7.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: lint-staged dependency-version: 17.0.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: prettier dependency-version: 3.9.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: turbo dependency-version: 2.10.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: typescript-eslint dependency-version: 8.62.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: nock dependency-version: 14.0.16 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: "@vitejs/plugin-react" dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: postcss dependency-version: 8.5.16 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: vite dependency-version: 8.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
18 tasks
BODMAT
added a commit
that referenced
this pull request
Jul 1, 2026
…pm overrides (#110) * build(deps): bump dependency groups, concurrently, and actions/checkout v7 Batch the open Dependabot PRs into one commit (#101, #105, #94, #87), holding prettier at 3.8.4 — 3.9 is days old and its parser upgrades reformat the repo. - prod group: google-auth-library, ioredis, mongoose, openai, stripe, @tanstack/react-query(+devtools), axios, framer-motion, i18next - dev group: doctoc, globals, lint-staged, turbo, typescript-eslint, nock, @vitejs/plugin-react, postcss, vite - concurrently 9 -> 10 (dev-only; ESM-only, needs Node >= 22) - actions/checkout v6 -> v7 across all workflows: blocks pwn-request by default; our workflows run on pull_request (not pull_request_target), so no behavior impact Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(docker): patch npm-bundled undici to 6.27.0 to clear CVEs npm bundles undici 6.26.0 even at npm@latest, which Trivy flags in the api/web/bot images. Our own dependency tree already resolves undici to 7.28.0 (safe), so this only affects npm's bundled copy inside the image. Mirror the existing brace-expansion patch: install undici@^6.27.0 and copy it over npm's bundled module. Stays on the v6 line to avoid breaking npm. Fixes CVE-2026-12151 (HIGH), CVE-2026-9679 (MEDIUM), CVE-2026-6733 (LOW), CVE-2026-11525 (LOW). Co-authored-by: Makar Dzhehur <100146104+dzhhem@users.noreply.github.com> * fix(deps): drop dead package.json pnpm.overrides, align postcss floor The pnpm.overrides block in package.json was a stale subset already superseded by pnpm-workspace.yaml, which pnpm v10 treats as the sole source — package.json's copy was silently ignored (emitting a warning on every install). Removing it changes no resolution: the workspace file already enforces those pins plus esbuild/form-data/@types/express/etc. Bump the workspace postcss override from ^8.5.10 to ^8.5.15 so dropping the package.json postcss@<8.5.15 pin does not lower the security floor. --------- Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Makar Dzhehur <100146104+dzhhem@users.noreply.github.com>
Contributor
Author
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the dev-dependencies group with 10 updates in the / directory:
2.4.12.5.017.6.017.7.017.0.717.0.83.8.43.9.12.9.182.10.08.61.18.62.014.0.1514.0.166.0.26.0.38.5.158.5.168.0.168.1.0Updates
doctocfrom 2.4.1 to 2.5.0Release notes
Sourced from doctoc's releases.
Commits
59dcae9feat: Support frontmatter in docs (#344)be3caccfeat: Add ability for different symbol per level (#353)9b9c1e5feat: configurable location to insert new toc (#346)90be2f8chore(deps-dev): bump ip-address from 10.1.0 to 10.2.0 (#355)53e5a6ffeat: support header id's in header text (#347)96ca2b9chore: refactor recursive search for markdown files (#352)9965cd0test: Large file handling (#351)e15a1c7fix: line endings are set based on file (#339)6504050feat: Add toc based on minLines (#345)e1ba3d5chore: Reduce explicit usage of new lines (#338)Updates
globalsfrom 17.6.0 to 17.7.0Release notes
Sourced from globals's releases.
Commits
a19670c17.7.09611620Update actions (#346)33b75f9Update globals (2026-06-22) (#345)887dd52Fix build script (#344)Updates
lint-stagedfrom 17.0.7 to 17.0.8Release notes
Sourced from lint-staged's releases.
Changelog
Sourced from lint-staged's changelog.
Commits
5f3b8f2Merge pull request #1812 from lint-staged/changeset-release/main43a9b8dchore(changeset): release630e2f6Merge pull request #1809 from lint-staged/restore-merge-status179b437fix: restore Git merge status after creating backup stash6bae2e2Merge pull request #1811 from lint-staged/exec-git-ignore-stderrb82a830ci: run npm audit omitting dev, including prod dependencies0b19b80build(deps): update dependencies3d0b2c0fix: ignore stderr when doing Git operationsUpdates
prettierfrom 3.8.4 to 3.9.1Release notes
Sourced from prettier's releases.
Changelog
Sourced from prettier's changelog.
Commits
c47654cRelease 3.9.106159aaFix bug in release script4bc5ab4Update file-entry-cache to 11.1.5 (#19483)b7fd58bRelease@prettier/plugin-oxc@0.2.0and@prettier/plugin-hermes@0.2.03006400Revert changes in release script7bef7dbGit blame ignore 3.9.0bb817b1Bump Prettier dependency to 3.9.005cf896Clean changelog_unreleased79f6cdfDisable finished steps3613b1eAdd blog post for v3.9 (#19414)Updates
turbofrom 2.9.18 to 2.10.0Release notes
Sourced from turbo's releases.
... (truncated)
Commits
12fb0d9publish 2.10.0 to registrya12323brelease(turborepo): 2.9.19-canary.10 (#13130)65175fefix: Hash selected dependency outputs instead of tasks (#13129)5ba8917fix: Improve watch graceful shutdown (#13128)75ee2ccchore: Update to Rust 1.96.0 (#12974)6dccf5afix: Restart deferred hash consumers in watch (#13127)4ebb50ffeat: Add deferred hashing for task inputs (#13125)517e1a5docs: Fix stderr debugging guidance (#13122)0220b35fix: Respect task inputs when stopping interruptible persistent tasks in watc...6988692fix: Add ComSpec and PATHEXT to default Windows env passthrough (#13114)Updates
typescript-eslintfrom 8.61.1 to 8.62.0Release notes
Sourced from typescript-eslint's releases.
Changelog
Sourced from typescript-eslint's changelog.
Commits
54e2857chore(release): publish 8.62.081e4c26feat: remove redundant package.json "files" (#12444)Updates
nockfrom 14.0.15 to 14.0.16Release notes
Sourced from nock's releases.
Commits
2d68e8afix: guard against AbortSignal-aborted requests in response handler (#2977)Updates
@vitejs/plugin-reactfrom 6.0.2 to 6.0.3Changelog
Sourced from @vitejs/plugin-react's changelog.
Commits
640fd35release: plugin-react@6.0.3889efb0fix(deps): update all non-major dependencies (#1249)6c57dd4fix(plugin-react): use '/' base in bundledDev preamble to fix non-root base p...3cc33a7fix(deps): update react-related dependencies (#1245)c0f7c7fdocs: mention the Biome rule in the "Consistent components exports" section (...cd80f0ffix(deps): update all non-major dependencies (#1241)e38accafix(deps): update all non-major dependencies (#1227)9a9bb26perf(react): improve react compiler preset so that slightly more modules are ...Updates
postcssfrom 8.5.15 to 8.5.16Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
92ccc93Release 8.5.16 version818bdd6Update formatting46e4510FixInput#origin()returning incorrect position (#2036)34942ceFix testsd4feed6Don't clone root-less child nodes in container constructor (#2097)da323fcRevert version update to fix old Node.js on CI8863369Update dependencies3828982Preserve node raws when rehydrating a JSON AST (#2100)d1e80b8Fix Node#rangeBy() ignoring index 0 (#2091)b91e4a6Fix Node.js 26 testsMaintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for postcss since your current version.
Updates
vitefrom 8.0.16 to 8.1.0Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
5909efdfix: allow multiplebindCLIShortcutscalls with shortcut merging (#21103)39a0a15chore(deps): update rolldown-related dependencies (#21095)6a34ac3fix(deps): update all non-major dependencies (#21096)02ceaecchore(deps): update dependency@rollup/plugin-commonjsto v29 (#21099)572aacarelease: v7.2.2728c8eefix: revert "refactor: use fs.cpSync (#21019)" (#21081)a532e68release: v7.2.182d2d6cfix(worker): some worker asset was missing (#21074)f83264frefactor(build): renameindexOfMatchInSlicetofindPreloadMarker(#21054)8293de0release: v7.2.0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions