You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Reviewed this lock file maintenance PR. No issues found.
Dependency changes examined:
Rust time 0.3.47 → 0.3.49: Includes security hardening (subsecond digit parser cap, Weekday repr fix) and a hotfix for a compiler bug that caused v0.3.48 to be yanked. Safe upgrade. time-core 0.1.8→0.1.9 and time-macros 0.2.27→0.2.29 are internal companion bumps. Drops powerfmt and itoa transitive deps (dependency cleanup upstream).
JS protobufjs 8.6.0 → 8.6.1: Bug-fix patch (CLI fixes, restored descriptor metadata). No breaking changes. Minimal impact since PeerDB uses it as a library, not via CLI.
@tailwindcss/oxide-wasm32-wasi sub-deps: Bundled optional dev dependencies now explicitly listed in the lock file (@emnapi/core, @emnapi/runtime, @napi-rs/wasm-runtime, tslib, etc.). No version changes to the parent package.
No PII/secret exposure concerns. No regressions found in upstream release notes.
Rust time crate 0.3.47 → 0.3.49 (includes time-core 0.1.8→0.1.9, time-macros 0.2.27→0.2.29): Patch releases with bug fixes only — Duration::checked_mul overflow fix and OffsetDateTime serialization correctness improvement. No breaking changes or regressions. Removal of itoa from time and powerfmt from deranged reflects upstream dependency cleanup.
Node protobufjs 8.6.0 → 8.6.1: Patch release with updated bundled .proto descriptor definitions and minor internal maintenance. No API surface changes.
@tailwindcss/oxide-wasm32-wasi bundled deps: New bundled sub-dependencies (@emnapi/core, @emnapi/runtime, @emnapi/wasi-threads, @napi-rs/wasm-runtime, @tybys/wasm-util, tslib) are all dev + optional + inBundle — they only apply to the WASM/WASI build target and do not affect production builds.
All packages resolve from standard registries (crates.io, npmjs.org). No supply chain concerns identified.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dependenciesPull requests that update a dependency file
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: (in timezone Etc/UTC)
* 0-3 * * 1)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.