Bump the npm_and_yarn group across 4 directories with 19 updates#33947
Bump the npm_and_yarn group across 4 directories with 19 updates#33947dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm_and_yarn group with 4 updates in the /docs directory: [node-forge](https://github.com/digitalbazaar/forge), [postcss](https://github.com/postcss/postcss), [webpack-dev-server](https://github.com/webpack/webpack-dev-server) and [yaml](https://github.com/eemeli/yaml). Bumps the npm_and_yarn group with 9 updates in the /examples/docs_projects/project_etl_tutorial/dashboard directory: | Package | From | To | | --- | --- | --- | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` | | [ip-address](https://github.com/beaugunderson/ip-address) | `9.0.5` | `10.2.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.3` | `1.4.0` | | [postcss](https://github.com/postcss/postcss) | `8.5.2` | `8.5.15` | | [axios](https://github.com/axios/axios) | `1.13.5` | `1.18.0` | | [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.3.0` | `5.3.1` | | [devalue](https://github.com/sveltejs/devalue) | `5.6.4` | `5.8.1` | | [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) | `1.0.0` | `1.2.0` | Bumps the npm_and_yarn group with 9 updates in the /js_modules directory: | Package | From | To | | --- | --- | --- | | [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.29.0` | `7.29.7` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` | | [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` | | [ip-address](https://github.com/beaugunderson/ip-address) | `10.1.0` | `10.2.0` | | [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.10` | | [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.5` | | [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` | | [next](https://github.com/vercel/next.js) | `15.5.15` | `15.5.18` | Bumps the npm_and_yarn group with 1 update in the /js_modules/app-oss directory: [uuid](https://github.com/uuidjs/uuid). Updates `node-forge` from 1.3.3 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.3...v1.4.0) Updates `postcss` from 8.5.3 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `webpack-dev-server` from 5.2.2 to 5.2.5 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v5.2.2...v5.2.5) Updates `yaml` from 2.7.0 to 2.9.0 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.7.0...v2.9.0) Updates `yaml` from 2.7.0 to 2.9.0 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.7.0...v2.9.0) Updates `path-to-regexp` from 0.1.12 to 0.1.13 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.12...v.0.1.13) Updates `postcss` from 8.5.3 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `postcss` from 8.5.3 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `yaml` from 2.7.0 to 2.9.0 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.7.0...v2.9.0) Updates `path-to-regexp` from 0.1.12 to 0.1.13 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.12...v.0.1.13) Updates `postcss` from 8.5.3 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `follow-redirects` from 1.15.11 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) Updates `ip-address` from 9.0.5 to 10.2.0 - [Commits](beaugunderson/ip-address@v9.0.5...v10.2.0) Updates `lodash` from 4.17.23 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) Updates `node-forge` from 1.3.3 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.3...v1.4.0) Updates `postcss` from 8.5.2 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `axios` from 1.13.5 to 1.18.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.18.0) Updates `basic-ftp` from 5.3.0 to 5.3.1 - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.3.0...v5.3.1) Updates `devalue` from 5.6.4 to 5.8.1 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.6.4...v5.8.1) Updates `fast-xml-builder` from 1.0.0 to 1.2.0 - [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md) - [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/commits/v1.2.0) Updates `follow-redirects` from 1.15.11 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) Updates `ip-address` from 9.0.5 to 10.2.0 - [Commits](beaugunderson/ip-address@v9.0.5...v10.2.0) Updates `lodash` from 4.17.23 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) Updates `node-forge` from 1.3.3 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.3...v1.4.0) Updates `postcss` from 8.5.2 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `postcss` from 8.5.2 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `lodash` from 4.17.23 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) Updates `ip-address` from 9.0.5 to 10.2.0 - [Commits](beaugunderson/ip-address@v9.0.5...v10.2.0) Updates `postcss` from 8.5.2 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `@babel/plugin-transform-modules-systemjs` from 7.29.0 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs) Updates `brace-expansion` from 1.1.12 to 1.1.15 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.15) Updates `fast-uri` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.1.0...v3.1.2) Updates `ip-address` from 10.1.0 to 10.2.0 - [Commits](beaugunderson/ip-address@v9.0.5...v10.2.0) Updates `postcss` from 8.5.6 to 8.5.10 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `uuid` from 9.0.1 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v14.0.0) Updates `vite` from 7.3.1 to 7.3.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.3.5/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.5/packages/vite) Updates `uuid` from 9.0.1 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v14.0.0) Updates `brace-expansion` from 1.1.12 to 1.1.15 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.15) Updates `@tootallnate/once` from 2.0.0 to 2.0.1 - [Release notes](https://github.com/TooTallNate/once/releases) - [Changelog](https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md) - [Commits](TooTallNate/once@2.0.0...v2.0.1) Updates `ip-address` from 10.1.0 to 10.2.0 - [Commits](beaugunderson/ip-address@v9.0.5...v10.2.0) Updates `postcss` from 8.5.6 to 8.5.10 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `vite` from 7.3.1 to 7.3.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.3.5/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.5/packages/vite) Updates `next` from 15.5.15 to 15.5.18 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.15...v15.5.18) Updates `uuid` from 9.0.1 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v14.0.0) Updates `postcss` from 8.5.6 to 8.5.10 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `vite` from 7.3.1 to 7.3.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.3.5/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.5/packages/vite) Updates `@babel/plugin-transform-modules-systemjs` from 7.29.0 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs) Updates `@tootallnate/once` from 2.0.0 to 2.0.1 - [Release notes](https://github.com/TooTallNate/once/releases) - [Changelog](https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md) - [Commits](TooTallNate/once@2.0.0...v2.0.1) Updates `brace-expansion` from 1.1.12 to 1.1.15 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.15) Updates `fast-uri` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.1.0...v3.1.2) Updates `ip-address` from 10.1.0 to 10.2.0 - [Commits](beaugunderson/ip-address@v9.0.5...v10.2.0) Updates `next` from 15.5.15 to 15.5.18 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.15...v15.5.18) Updates `uuid` from 9.0.1 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v14.0.0) Updates `postcss` from 8.5.6 to 8.5.10 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.15) Updates `uuid` from 9.0.1 to 14.0.1 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v14.0.0) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 2.9.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 2.9.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 2.9.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip-address dependency-version: 10.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: basic-ftp dependency-version: 5.3.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: devalue dependency-version: 5.8.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-builder dependency-version: 1.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip-address dependency-version: 10.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip-address dependency-version: 10.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/plugin-transform-modules-systemjs" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip-address dependency-version: 10.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.10 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.3.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@tootallnate/once" dependency-version: 2.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip-address dependency-version: 10.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.10 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.3.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.18 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.10 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.3.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/plugin-transform-modules-systemjs" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@tootallnate/once" dependency-version: 2.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip-address dependency-version: 10.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.18 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.10 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.1 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
Greptile SummaryThis is a dependabot-generated dependency bump across four directories (
Confidence Score: 3/5Safe to merge the security fixes, but the app-oss workspace changes will break immutable installs until the lockfile is regenerated. app-oss/package.json introduces a next v15→v16 major-version bump absent from the PR description, with no corresponding lockfile entry — yarn.lock still resolves next at 15.5.18. The uuid constraint is similarly mismatched (manifest says ^14.0.1 but lockfile resolves 14.0.0). Any CI step running yarn install --immutable against the js_modules workspace will fail. js_modules/app-oss/package.json and js_modules/yarn.lock — the next and uuid manifest ranges are inconsistent with what the lockfile actually resolves.
|
| Filename | Overview |
|---|---|
| js_modules/app-oss/package.json | Two lockfile mismatches: next bumped to ^16.2.9 (v15→v16 major jump) and uuid bumped to ^14.0.1, but yarn.lock only resolves next@15.5.18 and uuid@14.0.0 — both inconsistent with the new manifest ranges. |
| js_modules/ui-components/package.json | Routine patch/minor bumps: yaml ^2.8.3→^2.8.4, postcss ^8.5.0→^8.5.10 (XSS fix), vite ^7.0.0→^7.3.5. All within semver range, no breaking API changes. |
| js_modules/ui-core/package.json | Routine patch bumps: yaml ^2.8.3→^2.8.4 and vite ^7.0.0→^7.3.5. No breaking changes. |
| js_modules/yarn.lock | Lockfile updated for most packages but missing entries for next@^16.2.9 and uuid@^14.0.1 required by app-oss/package.json; inconsistency will break --immutable installs. |
| docs/yarn.lock | Security and patch updates: node-forge (4 HIGH CVEs fixed), postcss (XSS fix), webpack-dev-server, yaml bumps. All appropriate. |
| examples/docs_projects/project_etl_tutorial/dashboard/package-lock.json | Multiple dependency updates including security fixes (follow-redirects, node-forge, postcss). Routine dependabot lockfile update. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[dependabot PR 33947] --> B[docs yarn.lock]
A --> C[dashboard package-lock.json]
A --> D[js_modules yarn.lock]
A --> E[app-oss package.json]
B --> B1["node-forge 1.3.3 to 1.4.0 - 4xHIGH CVEs"]
B --> B2["postcss to 8.5.15 - XSS fix"]
B --> B3["webpack-dev-server to 5.2.5"]
C --> C1["follow-redirects to 1.16.0"]
C --> C2["lodash 4.17.23 to 4.18.1"]
C --> C3["postcss to 8.5.15"]
D --> D1["next 15.5.15 to 15.5.18 - lockfile OK"]
D --> D2["uuid 9.0.1 to 14.0.0 - lockfile OK"]
D --> D3["vite to 7.3.5"]
E --> E1["next set to ^16.2.9 - MAJOR v15 to v16 - yarn.lock still 15.5.18"]
E --> E2["uuid set to ^14.0.1 - yarn.lock resolves 14.0.0 - constraint unsatisfied"]
style E1 fill:#ff9999,color:#000
style E2 fill:#ff9999,color:#000
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
A[dependabot PR 33947] --> B[docs yarn.lock]
A --> C[dashboard package-lock.json]
A --> D[js_modules yarn.lock]
A --> E[app-oss package.json]
B --> B1["node-forge 1.3.3 to 1.4.0 - 4xHIGH CVEs"]
B --> B2["postcss to 8.5.15 - XSS fix"]
B --> B3["webpack-dev-server to 5.2.5"]
C --> C1["follow-redirects to 1.16.0"]
C --> C2["lodash 4.17.23 to 4.18.1"]
C --> C3["postcss to 8.5.15"]
D --> D1["next 15.5.15 to 15.5.18 - lockfile OK"]
D --> D2["uuid 9.0.1 to 14.0.0 - lockfile OK"]
D --> D3["vite to 7.3.5"]
E --> E1["next set to ^16.2.9 - MAJOR v15 to v16 - yarn.lock still 15.5.18"]
E --> E2["uuid set to ^14.0.1 - yarn.lock resolves 14.0.0 - constraint unsatisfied"]
style E1 fill:#ff9999,color:#000
style E2 fill:#ff9999,color:#000
Reviews (1): Last reviewed commit: "Bump the npm_and_yarn group across 4 dir..." | Re-trigger Greptile
| "eslint-config-next": "^15.3.3", | ||
| "graphql": "^16.8.1", | ||
| "next": "^15.5.15", | ||
| "next": "^16.2.9", |
There was a problem hiding this comment.
Lockfile out of sync — next@^16.2.9 not resolved in yarn.lock
app-oss/package.json now specifies next: "^16.2.9" (a major-version jump from v15 to v16), but js_modules/yarn.lock only has an entry for "next@npm:^15.5.18" resolving to 15.5.18. The range ^16.2.9 is incompatible with 15.5.18, so yarn install --immutable will fail. The lock file needs to be regenerated to include a next@16.x resolution for the app-oss workspace. Additionally, this is an undocumented major-version bump — the PR description says next goes from 15.5.15 → 15.5.18 but the manifest now requires v16.
| "react-dom": "^18.3.1", | ||
| "react-is": "^18.3.1", | ||
| "react-router": "^5.3.4", | ||
| "react-router-dom": "^5.3.0", |
There was a problem hiding this comment.
Lockfile constraint mismatch — uuid@^14.0.1 vs resolved 14.0.0
app-oss/package.json now declares uuid: "^14.0.1", but js_modules/yarn.lock resolves "uuid@npm:^14.0.0" to version 14.0.0. Since 14.0.0 < 14.0.1, the resolved version does not satisfy the manifest constraint, and yarn install --immutable will fail for this workspace. The lockfile entry key is ^14.0.0 (likely left from a pre-existing resolution) rather than ^14.0.1, so the lock file was not regenerated after the manifest change.
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |
Bumps the npm_and_yarn group with 4 updates in the /docs directory: node-forge, postcss, webpack-dev-server and yaml.
Bumps the npm_and_yarn group with 9 updates in the /examples/docs_projects/project_etl_tutorial/dashboard directory:
1.15.111.16.09.0.510.2.04.17.234.18.11.3.31.4.08.5.28.5.151.13.51.18.05.3.05.3.15.6.45.8.11.0.01.2.0Bumps the npm_and_yarn group with 9 updates in the /js_modules directory:
7.29.07.29.71.1.121.1.153.1.03.1.210.1.010.2.08.5.68.5.109.0.114.0.07.3.17.3.52.0.02.0.115.5.1515.5.18Bumps the npm_and_yarn group with 1 update in the /js_modules/app-oss directory: uuid.
Updates
node-forgefrom 1.3.3 to 1.4.0Changelog
Sourced from node-forge's changelog.
... (truncated)
Commits
fa385f9Release 1.4.0.07d4e16Update changelog.cb90fd9Update changelog.963e7c5Add unit test for "pseudonym"f0b6f5bAdd pseudonym OID3df48a3Fix missing CVE ID.2e49283Add x509basicConstraintscheck.bdecf11Add canonical signature scaler check for S < L.af094e6Add RSA padding and DigestInfo length checks.796eeb1Improve jsbn fix.Updates
postcssfrom 8.5.3 to 8.5.15Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
eae46dbRelease 8.5.15 version79508ffUpdate CI actionsb128e21Speed up declaration parsing by avoiding creating new array on each token9825dcaFix code format55789c8Update dependencies84fbbe9Install older pnpm action for old Node.js9f860bdRevert pnpm action for old Node.js0877198Update CI actionsb2d1a33Fix linter warnings0700dacMerge pull request #2088 from rootvector2/add-oss-fuzz-harnessUpdates
webpack-dev-serverfrom 5.2.2 to 5.2.5Release notes
Sourced from webpack-dev-server's releases.
Changelog
Sourced from webpack-dev-server's changelog.
Commits
c3ee325chore(release): new release (#5682)60173befeat: add changeset validation and release workflow (#5680)948d5e6fix(proxy): match the HMR upgrade path exactly like the ws server (#5678)93e8996fix: skip HMR websocket path when forwarding upgrades to user-defined proxies...fd40130chore(release): 5.2.4ece4f36chore: update deps (#5661)a216144ci: fix test (#5658)df073c5Merge commit from forkb550a70chore(release): 5.2.39704dc5chore: upgrade selfsigned to v5 and remove node-forge dependency (#5618)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-server since your current version.
Updates
yamlfrom 2.7.0 to 2.9.0Release notes
Sourced from yaml's releases.
Commits
ddb21b02.9.0167365bdocs: Clarify that not all errors can be avoided6eca2a7fix: Avoid calling Array.prototype.push.apply() with large source array0543cd5fix(lexer): Avoid recursive calls that may exhaust the call stackccdf7432.8.4f625789fix: Disable alias resolution with maxAliasCount:0 (#677)e1a1a77fix: Handle invalid unicode escapesa163ea0style: Satify Prettierb2a5a6cfix: Apply minFractionDigits only to decimal strings (#676)93c951bchore: Bump JSR version to v2.8.3 (#673)Updates
yamlfrom 2.7.0 to 2.9.0Release notes
Sourced from yaml's releases.
Commits
ddb21b02.9.0167365bdocs: Clarify that not all errors can be avoided6eca2a7fix: Avoid calling Array.prototype.push.apply() with large source array0543cd5fix(lexer): Avoid recursive calls that may exhaust the call stackccdf7432.8.4f625789fix: Disable alias resolution with maxAliasCount:0 (#677)e1a1a77fix: Handle invalid unicode escapesa163ea0style: Satify Prettierb2a5a6cfix: Apply minFractionDigits only to decimal strings (#676)93c951bchore: Bump JSR version to v2.8.3 (#673)Updates
path-to-regexpfrom 0.1.12 to 0.1.13Release notes
Sourced from path-to-regexp's releases.
Changelog
Sourced from path-to-regexp's changelog.
Commits
9fd0c870.1.13 (#425)7ccf02cfix: CVE-2026-4867Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for path-to-regexp since your current version.
Updates
postcssfrom 8.5.3 to 8.5.15Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
eae46dbRelease 8.5.15 version79508ffUpdate CI actionsb128e21Speed up declaration parsing by avoiding creating new array on each token9825dcaFix code format55789c8Update dependencies84fbbe9Install older pnpm action for old Node.js9f860bdRevert pnpm action for old Node.js0877198Update CI actionsb2d1a33Fix linter warnings0700dacMerge pull request #2088 from rootvector2/add-oss-fuzz-harnessUpdates
postcssfrom 8.5.3 to 8.5.15Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
eae46dbRelease 8.5.15 version79508ffUpdate CI actionsb128e21Speed up declaration parsing by avoiding creating new array on each token9825dcaFix code format55789c8Update dependencies84fbbe9Install older pnpm action for old Node.js9f860bdRevert pnpm action for old Node.js0877198Update CI actionsb2d1a33Fix linter warnings0700dacMerge pull request #2088 from rootvector2/add-oss-fuzz-harnessUpdates
yamlfrom 2.7.0 to 2.9.0Release notes
Sourced from yaml's releases.
Commits
ddb21b02.9.0167365bdocs: Clarify that not all errors can be avoided6eca2a7fix: Avoid calling Array.prototype.push.apply() with large source array0543cd5fix(lexer): Avoid recursive calls that may exhaust the call stackccdf7432.8.4f625789fix: Disable alias resolution with maxAliasCount:0 (#677)e1a1a77fix: Handle invalid unicode escapesa163ea0style: Satify Prettierb2a5a6cfix: Apply minFractionDigits only to decimal strings (#676)93c951bchore: Bump JSR version to v2.8.3 (#673)Updates
path-to-regexpfrom 0.1.12 to 0.1.13Release notes
Sourced from path-to-regexp's releases.
Changelog
Sourced from path-to-regexp's changelog.
Commits
9fd0c870.1.13 (#425)7ccf02cfix: CVE-2026-4867Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for path-to-regexp since your current version.
Updates
postcssfrom 8.5.3 to 8.5.15Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
eae46dbRelease 8.5.15 version79508ffUpdate CI actionsb128e21Speed up declaration parsing by avoiding creating new array on each token9825dcaFix code format55789c8Update dependencies84fbbe9Install older pnpm action for old Node.js9f860bdRevert pnpm action for old Node.js0877198Update CI actionsb2d1a33Fix linter warnings0700dacMerge pull request #2088 from rootvector2/add-oss-fuzz-harnessUpdates
follow-redirectsfrom 1.15.11 to 1.16.0Commits
0c23a22Release version 1.16.0 of the npm package.844c4d3Add sensitiveHeaders option.5e8b8d0ci: add Node.js 24.x to the CI matrix7953e22ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v686dc1f8Sanitizing input.Updates
ip-addressfrom 9.0.5 to 10.2.0Commits
80fccaa10.2.0abaeb4dType Address4.addressMinusSuffix as non-nilable (closes #143)2878c29Preserve subnet prefix through Address6.to4() (closes #123) (#203)586666eReject trailing junk in Address6.fromURL (closes #158) (#202)80bc76eValidate static factories instead of silently overflowing (#201)98927beClarify isValid() accepts CIDRs with host bits set (#81)a0eb073Fix getScope() and broaden getType() classification (closes #122) (#200)ec52105Add networkForm() for CIDR network-address strings (#199)a9443a7Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes #62) (#198)f01d742Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...Updates
lodashfrom 4.17.23 to 4.18.1Release notes
Sourced from lodash's releases.