Bump @lokalise/connector-api-contracts from 1.8.0 to 1.29.2#250
Bump @lokalise/connector-api-contracts from 1.8.0 to 1.29.2#250dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [@lokalise/connector-api-contracts](https://github.com/lokalise/service-contracts) from 1.8.0 to 1.29.2. - [Commits](https://github.com/lokalise/service-contracts/commits) --- updated-dependencies: - dependency-name: "@lokalise/connector-api-contracts" dependency-version: 1.29.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
📝 WalkthroughSummary by CodeRabbit
WalkthroughThe pull request updates the "@lokalise/connector-api-contracts" dependency in package.json from version ^1.8.0 to ^1.29.2. This is a direct version bump of a public dependency with a single line modification in the package.json file. Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@package.json`:
- Line 30: Root package.json pins "@lokalise/api-contracts" at ^5.4.0 while
"@lokalise/connector-api-contracts" was bumped to ^1.29.2 and brings a
transitive "@lokalise/api-contracts@^6.0.0"; update the root dependency
"@lokalise/api-contracts" to "^6.0.0" (or confirm the mixed-version strategy) so
npm doesn't nest a duplicate under "@lokalise/connector-api-contracts" and to
align versions for "@lokalise/connector-api-contracts" and
"@lokalise/api-contracts".
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: lokalise/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: af5d9efd-152b-4fe9-ba31-5782730a120b
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
package.json
| "@lokalise/api-contracts": "^5.4.0", | ||
| "@lokalise/backend-http-client": "^7.2.0", | ||
| "@lokalise/connector-api-contracts": "^1.8.0", | ||
| "@lokalise/connector-api-contracts": "^1.29.2", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
pkg='@lokalise/connector-api-contracts'
echo '== npm metadata comparison =='
for v in 1.8.0 1.29.2; do
echo
echo "-- ${pkg}@${v} --"
npm view "${pkg}@${v}" \
version \
_npmUser \
maintainers \
repository \
peerDependencies \
dependencies \
engines \
dist.tarball \
dist.integrity \
--json
done
echo
echo '== local manifest / lockfile references =='
fd '^(package\.json|package-lock\.json|npm-shrinkwrap\.json|pnpm-lock\.yaml|yarn\.lock)$' -x sh -c '
file="$1"
echo
echo "-- ${file} --"
rg -n "@lokalise/connector-api-contracts|@lokalise/api-contracts|@lokalise/fastify-api-contracts|@lokalise/node-core|zod" "$file" || true
' sh {}
echo
echo 'Expected result:'
echo '- 1.29.2 does not introduce peer/dependency requirements that exceed the versions pinned in this repo.'
echo '- The lockfile, if present, resolves `@lokalise/connector-api-contracts` to the same 1.29.2 artifact reported by npm.'Repository: lokalise/ce-connector-template-node
Length of output: 7265
Update root @lokalise/api-contracts to align with @lokalise/connector-api-contracts@1.29.2 dependency.
The bump to @lokalise/connector-api-contracts@1.29.2 introduces a transitive dependency on @lokalise/api-contracts@^6.0.0, but your root package.json still pins @lokalise/api-contracts@^5.4.0. This causes npm to nest the newer version under node_modules/@lokalise/connector-api-contracts/, creating a duplicate in the dependency tree. Peer dependencies (zod, @lokalise/zod-extras, @lokalise/api-common) and lockfile resolution are compatible. The npm publisher change is a security improvement (OIDC trusted publishing). Update the root @lokalise/api-contracts to ^6.0.0 or verify the mixed-version approach is intentional.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@package.json` at line 30, Root package.json pins "@lokalise/api-contracts" at
^5.4.0 while "@lokalise/connector-api-contracts" was bumped to ^1.29.2 and
brings a transitive "@lokalise/api-contracts@^6.0.0"; update the root dependency
"@lokalise/api-contracts" to "^6.0.0" (or confirm the mixed-version strategy) so
npm doesn't nest a duplicate under "@lokalise/connector-api-contracts" and to
align versions for "@lokalise/connector-api-contracts" and
"@lokalise/api-contracts".
Bumps @lokalise/connector-api-contracts from 1.8.0 to 1.29.2.
Commits
Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for
@lokalise/connector-api-contractssince your current version.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)