Skip to content

chore(deps): update all non-major dependencies #619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update all non-major dependencies #619

wants to merge 1 commit into from
+570 −1,625

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 16, 2024
edited
Loading

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@antfu/eslint-config 4.1.0 -> 4.19.0 age confidence devDependencies minor
bumpp 10.0.1 -> 10.3.2 age confidence devDependencies minor
conventional-changelog-conventionalcommits (source) 9.0.0 -> 9.1.0 age confidence devDependencies minor
danielroe/provenance-action v0.1.0 -> v0.1.1 age confidence action patch
esbuild 0.25.0 -> 0.27.1 age confidence devDependencies minor
expect-type 0.15.0 -> 0.20.0 age confidence devDependencies minor
groq (source) 4.0.1 -> 4.20.0 age confidence devDependencies minor
lint-staged 16.0.0 -> 16.2.7 age confidence devDependencies minor
pnpm (source) 10.21.0 -> 10.24.0 age confidence packageManager minor
resolve 1.22.8 -> 1.22.11 age confidence devDependencies patch
semver 7.5.4 -> 7.7.3 age confidence devDependencies minor
simple-git-hooks 2.11.1 -> 2.13.1 age confidence devDependencies minor
typescript (source) 5.3.3 -> 5.9.3 age confidence devDependencies minor
unbuild 3.0.0 -> 3.6.1 age confidence devDependencies minor

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v4.19.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v4.18.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.17.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v4.16.2

Compare Source

No significant changes

    View changes on GitHub

v4.16.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.16.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.15.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.14.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.14.0

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.13.3

Compare Source

No significant changes

    View changes on GitHub

v4.13.2

Compare Source

No significant changes

    View changes on GitHub

v4.13.1

Compare Source

No significant changes

    View changes on GitHub

v4.13.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v4.12.1

Compare Source

No significant changes

    View changes on GitHub

v4.12.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.11.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.10.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.10.1

Compare Source

No significant changes

    View changes on GitHub

v4.10.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.9.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.8.1

Compare Source

   🚀 Features
    View changes on GitHub

v4.7.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.6.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.5.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.5.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.4.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.3.0

Compare Source

   🚀 Features
   🏎 Performance
    View changes on GitHub

v4.2.1

Compare Source

   🚀 Features
    View changes on GitHub

v4.2.0

Compare Source

   🚀 Features
    View changes on GitHub

v4.1.1

Compare Source

No significant changes

    View changes on GitHub
antfu-collective/bumpp (bumpp)

v10.3.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v10.3.1

Compare Source

No significant changes

    View changes on GitHub

v10.3.0

Compare Source

   🚀 Features
    View changes on GitHub

v10.2.3

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v10.2.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v10.2.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v10.2.0

Compare Source

   🚀 Features
    View changes on GitHub

v10.1.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v10.1.0

Compare Source

   🚀 Features
    View changes on GitHub

v10.0.3

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v10.0.2

Compare Source

No significant changes

    View changes on GitHub
conventional-changelog/conventional-changelog (conventional-changelog-conventionalcommits)

v9.1.0

Compare Source

Features
danielroe/provenance-action (danielroe/provenance-action)

v0.1.1

Compare Source

compare changes

🚀 Enhancements
  • Add support for bun.lock (#​12)
📖 Documentation
  • Use @main constraint for example (237ceea)
❤️ Contributors
evanw/esbuild (esbuild)

v0.27.1

Compare Source

  • Fix bundler bug with var nested inside if (#​4348)

    This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.

  • Fix minifier bug with for inside try inside label (#​4351)

    This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:

    // Original code
d: {
  e: {
    try {
      while (1) { break d }
    } catch { break e; }
  }
}

// Old output (with --minify)
a:try{e:for(;;)break a}catch{break e}

// New output (with --minify)
a:e:try{for(;;)break a}catch{break e}

  • Inline IIFEs containing a single expression (#​4354)

    Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:

    // Original code
const foo = () => {
  const cb = () => {
    console.log(x())
  }
  return cb()
}

// Old output (with --minify)
const foo=()=>(()=>{console.log(x())})();

// New output (with --minify)
const foo=()=>{console.log(x())};

  • The minifier now strips empty finally clauses (#​4353)

    This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

    // Original code
function foo(callback) {
  if (DEBUG) stack.push(callback.name);
  try {
    callback();
  } finally {
    if (DEBUG) stack.pop();
  }
}

// Old output (with --minify --define:DEBUG=false)
function foo(a){try{a()}finally{}}

// New output (with --minify --define:DEBUG=false)
function foo(a){a()}

  • Allow tree-shaking of the Symbol constructor

    With this release, calling Symbol is now considered to be side-effect free when the argument is known to be a primitive value. This means esbuild can now tree-shake module-level symbol variables:

    // Original code
const a = Symbol('foo')
const b = Symbol(bar)

// Old output (with --tree-shaking=true)
const a = Symbol("foo");
const b = Symbol(bar);

// New output (with --tree-shaking=true)
const b = Symbol(bar);

v0.27.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

  • Use Uint8Array.fromBase64 if available (#​4286)

    With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

  • Update the Go compiler from v1.23.12 to v1.25.4 (#​4208, #​4311)

    This raises the operating system requirements for running esbuild:

    • Linux: now requires a kernel version of 3.2 or later
    • macOS: now requires macOS 12 (Monterey) or later

v0.26.0

Compare Source

  • Enable trusted publishing (#​4281)

    GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

    Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

v0.25.12

Compare Source

  • Fix a minification regression with CSS media queries (#​4315)

    The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

  • Update the list of known JavaScript globals (#​4310)

    This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

    From ES2017:

    • Atomics
    • SharedArrayBuffer

    From ES2020:

    • BigInt64Array
    • BigUint64Array

    From ES2021:

    • FinalizationRegistry
    • WeakRef

    From ES2025:

    • Float16Array
    • Iterator

    Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

    // This can now be tree-shaken by esbuild:
class ExampleIterator extends Iterator {}

  • Add support for the new @view-transition CSS rule (#​4313)

    With this release, esbuild now has improved support for pretty-printing and minifying the new @view-transition rule (which esbuild was previously unaware of):

    /* Original code */
@&#8203;view-transition {
  navigation: auto;
  types: check;
}

/* Old output */
@&#8203;view-transition { navigation: auto; types: check; }

/* New output */
@&#8203;view-transition {
  navigation: auto;
  types: check;
}

    The new view transition feature provides a mechanism for creating animated transitions between documents in a multi-page app. You can read more about view transition rules here.

    This change was contributed by @​yisibl.

  • Trim CSS rules that will never match

    The CSS minifier will now remove rules whose selectors contain :is() and :where() as those selectors will never match. These selectors can currently be automatically generated by esbuild when you give esbuild nonsensical input such as the following:

    /* Original code */
div:before {
  color: green;
  &.foo {
    color: red;
  }
}

/* Old output (with --supported:nesting=false --minify) */
div:before{color:green}:is().foo{color:red}

/* New output (with --supported:nesting=false --minify) */
div:before{color:green}

    This input is nonsensical because CSS nesting is (unfortunately) not supported inside of pseudo-elements such as :before. Currently esbuild generates a rule containing :is() in this case when you tell esbuild to transform nested CSS into non-nested CSS. I think it's reasonable to do that as it sort of helps explain what's going on (or at least indicates that something is wrong in the output). It shouldn't be present in minified code, however, so this release now strips it out.

v0.25.11

Compare Source

  • Add support for with { type: 'bytes' } imports (#​4292)

    The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:

    import data from './image.png' with { type: 'bytes' }
const view = new DataView(data.buffer, 0, 24)
const width = view.getInt32(16)
const height = view.getInt32(20)
console.log('size:', width + '\xD7' + height)

  • Lower CSS media query range syntax (#​3748, #​4293)

    With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:

    @&#8203;media (640px <= width <= 960px) {
  main {
    display: flex;
  }
}

    will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):

    @&#8203;media (min-width: 640px) and (max-width: 960px) {
  main {
    display: flex;
  }
}

v0.25.10

Compare Source

  • Fix a panic in a minification edge case (#​4287)

    This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

    function identity(x) { return x }
identity({ y: identity(123) })

  • Fix @supports nested inside pseudo-element (#​4265)

    When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

    The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

    However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

    /* Original code */
::placeholder {
  color: red;
  body & { color: green }
  @&#8203;supports (color: blue) { color: blue }
}

/* Old output (with --supported:nesting=false) */
::placeholder {
  color: red;
}
body :is() {
  color: green;
}
@&#8203;supports (color: blue) {
   {
    color: blue;
  }
}

/* New output (with --supported:nesting=false) */
::placeholder {
  color: red;
}
body :is() {
  color: green;
}
@&#8203;supports (color: blue) {
  ::placeholder {
    color: blue;
  }
}

v0.25.9

Compare Source

  • Better support building projects that use Yarn on Windows (#​3131, #​3663)

    With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the C: drive. The problem was as follows:

    1. Yarn in Plug'n'Play mode on Windows stores its global module cache on the C: drive
    2. Some developers put their projects on the D: drive
    3. Yarn generates relative paths that use ../.. to get from the project directory to the cache directory
    4. Windows-style paths don't support directory traversal between drives via .. (so D:\.. is just D:)
    5. I didn't have access to a Windows machine for testing this edge case

    Yarn works around this edge case by pretending Windows-style paths beginning with C:\ are actually Unix-style paths beginning with /C:/, so the ../.. path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.

  • Preserve parentheses around function expressions (#​4252)

    The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read V8's blog post about this for more details.

    Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:

    // Original code
const fn0 = () => 0
const fn1 = (() => 1)
console.log(fn0, function() { return fn1() }())

// Old output
const fn0 = () => 0;
const fn1 = () => 1;
console.log(fn0, function() {
  return fn1();
}());

// New output
const fn0 = () => 0;
const fn1 = (() => 1);
console.log(fn0, (function() {
  return fn1();
})());

    Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.

  • Update Go from 1.23.10 to 1.23.12 (#​4257, #​4258)

    This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.

v0.25.8

Compare Source

  • Fix another TypeScript parsing edge case (#​4248)

    This fixes a regression with a change in the previous release that tries to more accurately parse TypeScript arrow functions inside the ?: operator. The regression specifically involves parsing an arrow function containing a #private identifier inside the middle of a ?: ternary operator inside a class body. This was fixed by propagating private identifier state into the parser clone used to speculatively parse the arrow function body. Here is an example of some affected code:

    class CachedDict {
  #has = (a: string) => dict.has(a);
  has = window
    ? (word: string): boolean => this.#has(word)
    : this.#has;
}

  • Fix a regression with the parsing of source phase imports

    The change in the previous release to parse source phase imports failed to properly handle the following cases:

    import source from 'bar'
import source from from 'bar'
import source type foo from 'bar'

    Parsing for these cases should now be fixed. The first case was incorrectly treated as a syntax error because esbuild was expecting the second case. And the last case was previously allowed but is now forbidden. TypeScript hasn't added this feature yet so it remains to be seen whether the last case will be allowed, but it's safer to disallow it for now. At least Babel doesn't allow the last case when parsing TypeScript, and Babel was involved with the source phase import specification.

v0.25.7

Compare Source

  • Parse and print JavaScript imports with an explicit phase (#​4238)

    This release adds basic syntax support for the defer and source import phases in JavaScript:

    • defer

      This is a stage 3 proposal for an upcoming JavaScript feature that will provide one way to eagerly load but lazily initialize imported modules. The imported module is automatically initialized on first use. Support for this syntax will also be part of the upcoming release of TypeScript 5.9. The syntax looks like this:

      import defer * as foo from "<specifier>";
const bar = await import.defer("<specifier>");

      Note that this feature deliberately cannot be used with the syntax import defer foo from "<specifier>" or import defer { foo } from "<specifier>".

    • source

      This is a stage 3 proposal for an upcoming JavaScript feature that will provide another way to eagerly load but lazily initialize imported modules. The imported module is returned in an uninitialized state. Support for this syntax may or may not be a part of TypeScript 5.9 (see this issue for details). The syntax looks like this:

      import source foo from "<specifier>";
const bar = await import.source("<specifier>");

      Note that this feature deliberately cannot be used with the syntax import defer * as foo from "<specifier>" or import defer { foo } from "<specifier>".

    This change only adds support for this syntax. These imports cannot currently be bundled by esbuild. To use these new features with esbuild's bundler, the imported paths must be external to the bundle and the output format must be set to esm.

  • Support optionally emitting absolute paths instead of relative paths (#​338, #​2082, #​3023)

    This release introduces the --abs-paths= feature which takes a comma-separated list of situations where esbuild should use absolute paths instead of relative paths. There are currently three supported situations: code (comments and string literals), log (log message text and location info), and metafile (the JSON build metadata).

    Using absolute paths instead of relative paths is not the default behavior because it means that the build results are no longer machine-independent (which means builds are no longer reproducible). Absolute paths can be useful when used with certain terminal emulators that allow you to click on absolute paths in the terminal text and/or when esbuild is being automatically invoked from several different directories within the same script.

  • Fix a TypeScript parsing edge case (#​4241)

    This release fixes an edge case with parsing an arrow function in TypeScript with a return type that's in the middle of a ?: ternary operator. For example:

    x = a ? (b) : c => d;
y = a ? (b) : c => d : e;

    The : token in the value assigned to x pairs with the ? token, so it's not the start of a return type annotation. However, the first : token in the value assigned to y is the start of a return type annotation because after parsing the arrow function body, it turns out there's another : token that can be used to pair with the ? token. This case is notable as it's the first TypeScript edge case that esbuild has needed a backtracking parser to parse. It has been addressed by a quick hack (cloning the whole parser) as it's a rare edge case and esbuild doesn't otherwise need a backtracking parser. Hopefully this is sufficient and doesn't cause any issues.

  • Inline small constant strings when minifying

    Previously esbuild's minifier didn't inline string constants because strings can be arbitrarily long, and this isn't necessarily a size win if the string is used more than once. Starting with this release, esbuild will now inline string constants when the length of the string is three code units or less. For example:

    // Original code
const foo = 'foo'
console.log({ [foo]: true })

// Old output (with --minify --bundle --format=esm)
var o="foo";console.log({[o]:!0});

// New output (with --minify --bundle --format=esm)
console.log({foo:!0});

    Note that esbuild's constant inlining only happens in very restrictive scenarios to avoid issues with TDZ handling. This change doesn't change when esbuild's constant inlining happens. It only expands the scope of it to include certain string literals in addition to numeric and boolean literals.

v0.25.6

Compare Source

  • Fix a memory leak when cancel() is used on a build context (#​4231)

    Calling rebuild() followed by cancel() in rapid succession could previously leak memory. The bundler uses a producer/consumer model internally, and the resource leak was caused by the consumer being termianted while there were still remaining unreceived results from a producer. To avoid the leak, the consumer now wa

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added chore dependencies Pull requests that update a dependency file labels Sep 16, 2024
@coderabbitai
Copy link

coderabbitai bot commented Sep 16, 2024
edited
Loading

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (1)
  • chore(deps)

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Free review on us!

CodeRabbit is offering free reviews until Wed Jan 15 2025 to showcase some of the refinements we've made.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@socket-security
Copy link

socket-security bot commented Sep 16, 2024
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedsimple-git-hooks@​2.11.1 ⏵ 2.13.191 +11006882100
Updatedexpect-type@​0.15.0 ⏵ 0.20.0100100100 +180 -1100
Updatedbumpp@​10.0.1 ⏵ 10.3.299 +110082 +390 -1100
Updatedresolve@​1.22.8 ⏵ 1.22.1199100100 +184100
Updatedconventional-changelog-conventionalcommits@​9.0.0 ⏵ 9.1.0100 +110098 +185 +2100
Updatedunbuild@​3.0.0 ⏵ 3.6.198100100 +187 -2100
Updatedtypescript@​5.3.3 ⏵ 5.9.31001009010090
Updated@​antfu/​eslint-config@​4.1.0 ⏵ 4.19.097 +110010093100
Updatedlint-staged@​16.0.0 ⏵ 16.2.7100 +110010094100

View full report

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 14 times, most recently from 2254995 to 85803bf Compare September 24, 2024 16:50
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from 7fa8b6a to 650267d Compare October 4, 2024 22:46
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from c9edbd7 to fb07768 Compare October 9, 2024 06:58
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 12 times, most recently from b66d9cf to 9c217c8 Compare November 12, 2025 19:52
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from 0510e7f to c687f25 Compare November 24, 2025 12:54
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from b6e3051 to c9c9706 Compare December 1, 2025 14:26
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from c9c9706 to 8897aec Compare December 2, 2025 18:34
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 8897aec to 15bd8dc Compare December 3, 2025 21:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

chore dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant