build(deps): bump prettier from 3.6.2 to 3.7.1#506
build(deps): bump prettier from 3.6.2 to 3.7.1#506dependabot[bot] wants to merge 1 commit intomasterfrom
Conversation
Bumps [prettier](https://github.com/prettier/prettier) from 3.6.2 to 3.7.1. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.6.2...3.7.1) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.7.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
dependabot
bot
added
dependencies
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
Beginning January 27, 2026, Dependabot will no longer support the @dependabot merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details. |
|
Sorry, only users with push access can use that command. |
![codacy-production[bot]](https://avatars.githubusercontent.com/in/56611?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull Request Overview
Dependency bump of Prettier from 3.6.2 to 3.7.1. Codacy flagged a security pattern for variant package versioning in package.json (^3.6.2 → ^3.7.1). No other Codacy issues or test/coverage deltas reported. The changelog indicates a performance regression fix in the doc printer; prioritize verifying formatting-related CI and any repository tooling that depends on Prettier’s binary/API.
About this PR
Run formatting and linting CI jobs (and any pre-commit hooks) against the new Prettier to detect formatting diffs or integration issues early — the change could affect large files tooling due to the doc printer fix.
High risk | High confidence
This upgrade addresses a performance regression in Prettier’s doc printer (good), but the package.json uses a caret range (^3.7.1) which can allow minor/patch drift. Consider pinning to an exact version or relying on lockfile + CI to control updates for reproducible builds.
Medium risk | High confidence
Low confidence findings
If you publish or use Prettier programmatically (e.g., CI scripts invoking Prettier API), run end-to-end checks on representative large files to ensure the performance regression is resolved in your environment.
Medium risk | Medium confidence
💡 Codacy uses AI. Check for mistakes.
| "postcss-styled-syntax": "^0.7.1", | ||
| "postcss-syntax": "^0.36.2", | ||
| "prettier": "^3.6.2", | ||
| "prettier": "^3.7.1", |
There was a problem hiding this comment.
[Suggestion] Codacy found a security pattern: dependency specified with a variant version. In package.json the Prettier entry was changed to "prettier": "^3.7.1". Prefer pinning ("3.7.1") or ensuring lockfile is authoritative to avoid accidental upgrades/hijack risks.
Medium risk | Medium confidence
| "version": "3.7.1", | ||
| "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.7.1.tgz", | ||
| "integrity": "sha512-RWKXE4qB3u5Z6yz7omJkjWwmTfLdcbv44jUVHC5NpfXwFGzvpQM798FGv/6WNK879tc+Cn0AAyherCl1KjbyZQ==", |
There was a problem hiding this comment.
[Suggestion] package-lock.json updated to reference Prettier 3.7.1 with integrity metadata — ensure CI uses lockfile (npm ci) so the exact version and integrity are enforced rather than relying on the caret in package.json.
Low risk | Low confidence
|
Superseded by #508. |
Bumps prettier from 3.6.2 to 3.7.1.
Release notes
Sourced from prettier's releases.
Changelog
Sourced from prettier's changelog.
Commits
47c40b3Release 3.7.199df071Release@prettier/plugin-hermes&@prettier/plugin-oxcv0.1.1d147f67Fix performance regression in doc printer (#18342)1fe6a12Git blame ignore 3.7.03a098e3Bump Prettier dependency to 3.7.0c4905e5Clean changelog_unreleased43236e2Add blog post for v3.7 (#18323)8147dddRelease 3.7.08a59916Release@prettier/plugin-hermes&@prettier/plugin-oxcv0.1.0b77751echore(deps): update dependency@angular/compilerto v21.0.1 (#18334)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prettier since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)