chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates#256
Conversation
…dates Bumps the npm_and_yarn group with 3 updates in the /suite-ui/aldeci directory: [axios](https://github.com/axios/axios), [esbuild](https://github.com/evanw/esbuild) and [flatted](https://github.com/WebReflection/flatted). Updates `axios` from 1.13.4 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.4...v1.13.5) Removes `esbuild` Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
🤖 Augment PR SummarySummary: This Dependabot PR updates frontend dependencies in Changes:
Technical Notes: The Vite major upgrade may require compatible versions of Vite plugins (e.g. React plugin peer-deps) and should be validated via the existing 🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
| "tailwindcss": "^3.4.1", | ||
| "typescript": "^5.3.3", | ||
| "vite": "^5.0.11" | ||
| "vite": "^8.0.3" |
There was a problem hiding this comment.
vite is bumped to ^8.0.3 but @vitejs/plugin-react is still ^4.2.1, whose peerDependencies.vite is ^4.2.0 || ^5.0.0. This will be an unmet peer dependency and can cause install/build issues depending on npm/CI settings.
Severity: medium
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| "@tanstack/react-table": "^8.11.6", | ||
| "@xyflow/react": "^12.0.0", | ||
| "axios": "^1.6.5", | ||
| "axios": "^1.13.5", |
There was a problem hiding this comment.
Note that the project guide calls suite-ui/aldeci/ “FROZEN — do NOT modify”; can you confirm dependency-only changes here are intended under that rule? (Rule: CLAUDE.md)
Severity: low
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1de0f6a1b0
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "tailwindcss": "^3.4.1", | ||
| "typescript": "^5.3.3", | ||
| "vite": "^5.0.11" | ||
| "vite": "^8.0.3" |
There was a problem hiding this comment.
Upgrading vite to ^8.0.3 here makes the toolchain unsupported by the installed React plugin: suite-ui/aldeci/package-lock.json still resolves @vitejs/plugin-react@4.7.0, whose peerDependencies only allow Vite ^4 || ^5 || ^6 || ^7. This mismatch can break vite startup/builds (or fail installs under stricter peer enforcement), so the Vite major bump should be paired with a plugin-react version that explicitly supports Vite 8, or Vite should stay on a supported major.
Useful? React with 👍 / 👎.
Bumps the npm_and_yarn group with 3 updates in the /suite-ui/aldeci directory: axios, esbuild and flatted.
Updates
axiosfrom 1.13.4 to 1.13.5Release notes
Sourced from axios's releases.
Commits
29f7542chore(release): prepare release 1.13.5 (#7379)431c3a3ci: fix run condition (#7373)9ff3a78ci: update ymls (#7372)265b712docs: fix deprecated Buffer constructor and formatting issues in README (#7371)475e75afeat: add input validation to isAbsoluteURL (#7326)28c7215fix: Denial of Service via proto Key in mergeConfig (#7369)04cf019docs: clarify object check comment (#7323)696fa75fix: status is missing in AxiosError on and after v1.13.3 (#7368)569f028fix: added a option to choose between legacy and the new request/response int...44b7c9fchore(deps-dev): bump karma-sourcemap-loader (#7360)Removes
esbuildUpdates
flattedfrom 3.3.3 to 3.4.2Commits
3bf09093.4.2885ddccfix CWE-13210bdba70added flatted-view to the benchmark2a02dce3.4.1fba4e8fMerge pull request #89 from WebReflection/python-fix5fe8648added "when in Rome" also a test for PHP53517adsome minor improvementb3e2a0cFixing recursion issue in Python tooc4b46dbAdd SECURITY.md for security policy and reportingf86d071Create dependabot.yml for version updatesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.