Skip to content

Lock file maintenance#4420

Merged
ilidemi merged 1 commit into
mainfrom
renovate/lock-file-maintenance
Jun 29, 2026
Merged

Lock file maintenance#4420
ilidemi merged 1 commit into
mainfrom
renovate/lock-file-maintenance

Conversation

@renovate

@renovate renovate Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.


Configuration

📅 Schedule: (in timezone Etc/UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner June 15, 2026 01:33
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jun 15, 2026
@renovate renovate Bot requested a review from a team June 15, 2026 01:33
@claude

claude Bot commented Jun 15, 2026

Copy link
Copy Markdown

Reviewed this lock file maintenance PR. No issues found.

Dependency changes examined:

  • Rust time 0.3.47 → 0.3.49: Includes security hardening (subsecond digit parser cap, Weekday repr fix) and a hotfix for a compiler bug that caused v0.3.48 to be yanked. Safe upgrade. time-core 0.1.8→0.1.9 and time-macros 0.2.27→0.2.29 are internal companion bumps. Drops powerfmt and itoa transitive deps (dependency cleanup upstream).
  • JS protobufjs 8.6.0 → 8.6.1: Bug-fix patch (CLI fixes, restored descriptor metadata). No breaking changes. Minimal impact since PeerDB uses it as a library, not via CLI.
  • @tailwindcss/oxide-wasm32-wasi sub-deps: Bundled optional dev dependencies now explicitly listed in the lock file (@emnapi/core, @emnapi/runtime, @napi-rs/wasm-runtime, tslib, etc.). No version changes to the parent package.

No PII/secret exposure concerns. No regressions found in upstream release notes.

🤖 Generated with Claude Code

@claude

claude Bot commented Jun 15, 2026

Copy link
Copy Markdown

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

Dependency bump review (per REVIEW.md)

Rust time crate 0.3.47 → 0.3.49 (includes time-core 0.1.8→0.1.9, time-macros 0.2.27→0.2.29): Patch releases with bug fixes only — Duration::checked_mul overflow fix and OffsetDateTime serialization correctness improvement. No breaking changes or regressions. Removal of itoa from time and powerfmt from deranged reflects upstream dependency cleanup.

Node protobufjs 8.6.0 → 8.6.1: Patch release with updated bundled .proto descriptor definitions and minor internal maintenance. No API surface changes.

@tailwindcss/oxide-wasm32-wasi bundled deps: New bundled sub-dependencies (@emnapi/core, @emnapi/runtime, @emnapi/wasi-threads, @napi-rs/wasm-runtime, @tybys/wasm-util, tslib) are all dev + optional + inBundle — they only apply to the WASM/WASI build target and do not affect production builds.

All packages resolve from standard registries (crates.io, npmjs.org). No supply chain concerns identified.

@ilidemi ilidemi merged commit 2140aa4 into main Jun 29, 2026
26 of 27 checks passed
@ilidemi ilidemi deleted the renovate/lock-file-maintenance branch June 29, 2026 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants