Skip to content

fix(deps): update npm minor/patch (app)#489

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm-minor-patch-app
Open

fix(deps): update npm minor/patch (app)#489
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm-minor-patch-app

Conversation

@renovate

@renovate renovate Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@aws-sdk/client-ecr (source) 3.1079.03.1086.0 age confidence
@slack/web-api (source) 7.18.07.19.0 age confidence
@smithy/node-http-handler (source) 4.9.34.9.5 age confidence
@types/node (source) 25.9.425.9.5 age confidence
@vitest/coverage-v8 (source) 4.1.94.1.10 age confidence
cron-parser 5.6.15.6.2 age confidence
fast-check (source) 4.8.04.9.0 age confidence
fast-xml-parser 5.9.35.10.0 age confidence
helmet (source) 8.2.08.3.0 age confidence
knip (source) 6.24.06.26.0 age confidence
mqtt 5.15.15.15.2 age confidence
node-cron (source) 4.5.04.6.0 age confidence
postcss (source) 8.5.168.5.19 age confidence
protobufjs 7.6.47.6.5 age confidence
re2js 2.8.52.8.6 age confidence
undici (source) 8.6.08.7.0 age confidence
vite (source) 8.1.38.1.4 age confidence
vitest (source) 4.1.94.1.10 age confidence

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/client-ecr)

v3.1086.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1085.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1084.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1083.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1082.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1081.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

v3.1080.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ecr

slackapi/node-slack-sdk (@​slack/web-api)

v7.19.0

Compare Source

Minor Changes
  • a795b86: feat: expand app manifest types — add agent_view and assistant_view features, recent agent events (app_context_changed, assistant_thread_started, assistant_thread_context_changed), optional OAuth scopes (bot_optional/user_optional), and event metadata_subscriptions
smithy-lang/smithy-typescript (@​smithy/node-http-handler)

v4.9.5

Compare Source

Patch Changes

v4.9.4

Compare Source

Patch Changes
vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.10

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
harrisiirak/cron-parser (cron-parser)

v5.6.2

Compare Source

What's Changed

  • fix: enforce iteration loop limit so unsatisfiable expressions throw instead of returning a bogus date by @​spokodev in #​415
  • fix: do not drop a matching day of month when the day of week uses an nth (#) occurrence by @​spokodev in #​414

Full Changelog: harrisiirak/cron-parser@v5.6.1...v5.6.2

dubzzz/fast-check (fast-check)

v4.9.0

Compare Source

Shrinkable entityGraph and few performance chips
[Code][Diff]

Features

  • (PR#7008) Towards shrinkable entityGraph thanks to chainUntil

Fixes

  • (PR#7010) Bug: Fix latent state-sharing bug in entityGraph
  • (PR#7063) Bug: Equiprobable alternatives in stringMatching
  • (PR#6973) CI: Drop caches on push for build package flow
  • (PR#6971) CI: Only mark fast-check's releases as latest
  • (PR#6974) CI: Drop pull_request_target flows
  • (PR#6975) CI: Drop discussion creation on release publish
  • (PR#6976) CI: Drop caches from publication steps
  • (PR#6977) CI: Revert "Drop caches from publication steps"
  • (PR#6978) CI: Make zizmor audit a required status check
  • (PR#6991) CI: Remove Claude Code workflow
  • (PR#6994) CI: Replace pnpm dlx with pnpm exec for pkg-pr-new
  • (PR#6995) CI: Inline zizmor ignores in workflow
  • (PR#6996) CI: Move to devEngines.packageManager
  • (PR#7005) CI: Update PULL_REQUEST_TEMPLATE.md
  • (PR#7011) CI: Drop OTP prompt from npm publish
  • (PR#7013) CI: Switch release jobs to npm stage publish
  • (PR#7027) CI: Run benchmarks against main
  • (PR#7037) CI: Use comparison mode for bench
  • (PR#7069) CI: Run pnpm dedupe to deduplicate lockfile
  • (PR#6959) CI: Announce releases on Bluesky
  • (PR#7105) CI: Switch to actions/attest for attestations
  • (PR#7117) CI: Use pnpm version in changelog script
  • (PR#7120) CI: Allow unclean tree in changelog generation
  • (PR#7125) CI: Stage publish using pnpm in publish jobs
  • (PR#7065) Clean: Delete skills directory
  • (PR#6983) Doc: Tweak PR Template to hint AI agents into revealing themselves
  • (PR#7092) Doc: Add back skills directory
  • (PR#7095) Doc: Add release notes for fast-check 4.8.0
  • (PR#7104) Doc: Add makeeno as doc contributor
  • (PR#7103) Doc: Fix info box in docs
  • (PR#7108) Doc: Add jneidel as doc contributor
  • (PR#7035) Performance: Faster fc.integer on generate
  • (PR#7046) Performance: Faster fc.record on generate
  • (PR#7047) Performance: Faster fc.dictionary on generate
  • (PR#7048) Performance: Faster fc.webPath/fc.webUrl on generate
  • (PR#7050) Performance: Faster fc.stringMatching for \W \D \S .
  • (PR#7054) Performance: Faster fc.stringMatching on generate
  • (PR#7049) Performance: Drop nested tuple on generate for fc.record
  • (PR#7045) Performance: Faster fc.entityGraph on generate
  • (PR#7071) Performance: Early exit on empty tuple in fc.entityGraph
  • (PR#7004) Refactor: Extract code from onTheFlyLinksForEntityGraph
  • (PR#7006) Refactor: Move generate logic to the Arbitrary for entityGraph
  • (PR#7007) Refactor: Introduce ProductionState for onTheFlyLinks...
  • (PR#6990) Script: Skip scripts during pnpm i in changelog generation
  • (PR#7039) Script: More benchmark commands
  • (PR#6972) Security: Pass --ignore-scripts to pnpm i calls
  • (PR#7028) Test: Add benchmarks for key arbitraries
  • (PR#7034) Test: Expand benchmark coverage across arbitrary families
  • (PR#7041) Test: Add runners related benchs
  • (PR#7064) Test: Clarify arbitrary benchmark names
  • (PR#7068) Test: More reliable arbitraries.bench.ts
  • (PR#7088) Typo: Typo in type EntityGraphContraints

NaturalIntelligence/fast-xml-parser (fast-xml-parser)

v5.10.0

Compare Source

What's Changed

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.3...v5.10.0

helmetjs/helmet (helmet)

v8.3.0

Compare Source

Changed
  • Content-Security-Policy: improved performance by ~7% when there are no dynamic directives
  • Content-Security-Policy: improved error handling for invalid directive names
Fixed
  • Content-Security-Policy: useDefaults: false with no directives is no longer valid, both at runtime and the type level
  • Content-Security-Policy: dynamically-computed directive values would throw, not call next, when invalid
  • Content-Security-Policy: dynamically-computed directive value entries would throw, not call next, when function threw
webpro-nl/knip (knip)

v6.26.0: Release 6.26.0

Compare Source

  • ci: add path filters (#​1871) (4249935) - thanks @​trueberryless!
  • Add CodeRabbit as gold sponsor (1da09fd)
  • Fix up docs a bit more (39125a7)
  • Don't report ambient declaration files as unused (aed361c)
  • Register oclif command files as entries (3b4d58c)
  • Add electron-vite plugin (d92107e)
  • Add esbuild plugin (ef3b601)
  • Ignore more globally available binaries (8292981)
  • Resolve #-imports to source when node condition is unbuilt (resolve #​1873) (f2713ed)
  • Ignore gh as a globally available binary (a6f0772)
  • Resolve Vitest benchmark files as entries (5742913)
  • Extract shared Vue auto-import machinery into plugins/_vue (7301075)
  • Scope compiler extensions per workspace (5e6f82b)
  • Resolve auto-imported components in the Vue SFC compiler (009aad8)
  • Add plugins for the Vue auto-import ecosystem (f638c83)
  • Enable Vue SFC compiler on unplugin-vue and @​vitejs/plugin-vue (9396ab1)
  • Recognize vite-plugin-vue-meta-layouts (same layouts convention) (3ceee89)
  • Add vite-plugin-pages and unplugin-icons plugins (9bc1754)
  • Add vite-plugin-pwa and @​intlify/unplugin-vue-i18n plugins (45dea0a)
  • Dog, food. (e1249ad)
  • Update query snapshot (a45941d)
  • Don't misread Nitro route types as Vue component auto-imports (43aecd5)
  • Read oxlint jsPlugins from vite-plus vite.config and .oxlintrc.json (589ffda)
  • Add vite-plus plugin for run.tasks and staged scripts (f041c19)
  • Support @​vite-pwa/nuxt PWA config in nuxt.config (8fa7b11)
  • Add @​vite-pwa/assets-generator plugin (4254f7d)
  • Add @​nuxtjs/i18n plugin (dfb9acb)
  • Read plugin entries from vite.config options and index.html (d533da8)
  • Fix false positives in VitePress, next-mdx and unplugin-vue-i18n plugins (b99702a)
  • Respect optional peers in pnpm and Yarn packageExtensions (aab080b)
  • Detect babel plugins in the Storybook config (5dea975)
  • Add shared AST helpers for imported calls and first property values (c84bb7a)
  • Inline trivial resolveFromAST wrappers and normalize orval and sst (620079d)
  • Extract inline resolveFromAST implementations to dedicated files (b5231c1)
  • Normalize resolveFromAST files to a uniform contract (fc1ba0f)
  • chore: migrate to Astro 7 and Sätteri (#​1875) (f256a5b) - thanks @​trueberryless!
  • Show contributor count on docs homepage (6b8454a)
  • Exclude gitignored package entry points (606e5d0)
  • Add Tauri plugin (199180d)
  • Add Laravel plugin (1974533)
  • Add Quasar plugin (a220729)

v6.25.0: Release 6.25.0

Compare Source

mqttjs/MQTT.js (mqtt)

v5.15.2

Compare Source

Bug Fixes
node-cron/node-cron (node-cron)

v4.6.0

Compare Source

Added
Fixed
  • background task state transition on stop/destroy without fork (#​584) (9dbc6de)
  • clear jitter timeout on runner stop (#​583) (28b8146)
  • CommonJS type resolution (#​608) (ee9d294)
  • correct falied->failed typo in daemon task error log (#​594) (66c6961)
  • correct shutdown listener typing that broke the build (#​595) (7aac3ad)
  • correlate execute() by id, isolate event hooks, and stop counting manual runs toward maxExecutions (#​607) (0f039a9)
  • daemon serialized task state with wrong field name (#​587) (688d465)
  • expand inverted ranges with wrap-around instead of silently swapping (#​602) (a10ae53)
  • harden cron.shutdown() teardown (#​598) (a0b0d1f)
  • kill orphan child process on background task stop/destroy timeout (#​582) (8179e10)
  • make concurrent background start() await the daemon and time out coordinator lookups (#​605) (446f03a)
  • make lifecycle calls on a destroyed task safe no-ops (#​600) (7fa9795)
  • prevent double destroy on registry remove (#​585) (8ae9f06)
  • release-please: match existing v-prefixed tags (#​575) (e43c152)
  • runner promise bugs that could hang scheduling or crash process (#​581) (0ae62be)
  • unref the IPC channel so background tasks let the process exit (#​599) (534e593)
  • validate the cron expression when scheduling a task (#​603) (196e6cd)
  • validate() consistency and multi-asterisk expansion (#​606) (8cf41c4)
  • weekday 7-to-0 conversion corrupting ranges (#​580) (c8a3943)
Changed
  • replace chai and sinon with native vitest assertions (#​590) (d29d07a)
postcss/postcss (postcss)

v8.5.19

Compare Source

  • Fixed cleaning before for new nodes inserted to Root (by @​MahinAnowar).

v8.5.18

Compare Source

  • Restricted loading previous source maps file to the opts.from folder for security reasons (use unsafeMap: true to disable the check).

v8.5.17

Compare Source

  • Fixed Maximum call stack size exceeded error.
  • Fixed Prototype hijacking for postcss.fromJSON().
  • Fixed Input#origin() for unmapped end position (by @​chatman-media).
protobufjs/protobuf.js (protobufjs)

v7.6.5: protobufjs: v7.6.5

Compare Source

Bug Fixes
le0pard/re2js (re2js)

v2.8.6

Compare Source

What's Changed

Full Changelog: le0pard/re2js@2.8.5...2.8.6

nodejs/undici (undici)

v8.7.0

Compare Source

What's Changed
New Contributors

Full Changelog: nodejs/undici@v8.6.0...v8.7.0

vitejs/vite (vite)

v8.1.4

Compare Source

Features
Bug Fixes
Documentation
Miscellaneous Chores
Code Refactoring
Tests
Build System

Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "before 6am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot requested a review from scttbnsn as a code owner July 6, 2026 07:17
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
drydock-website Ready Ready Preview, Comment Jul 17, 2026 2:11am
drydockdemo-website Ready Ready Preview, Comment Jul 17, 2026 2:11am

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This PR updates version numbers in app/package.json across runtime dependencies, overrides, and devDependencies. It bumps packages including @aws-sdk/client-ecr, axios, cron-parser, dockerode, fast-xml-parser, joi, node-cron, nodemailer, re2js, semver, undici, and uuid, updates enforced override versions such as body-parser, fast-uri, picomatch, postcss, qs, vite, @babel/core, and protobufjs, and bumps tooling packages including @types/node, @types/nodemailer, @vitest/coverage-v8, knip, and vitest.

🚥 Pre-merge checks | ✅ 2
✅ Passed checks (2 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/npm-minor-patch-app

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/package.json`:
- Line 53: Remove the obsolete `@types/node-cron` dependency from
app/package.json, since node-cron v4.5.0 already includes its own TypeScript
types and the separate v3 typings can conflict with the API used by the
node-cron package. Update the package manifest to rely on the built-in types
only and keep the dependency list aligned with the node-cron version in use.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 2eec83b5-1659-4662-a1fa-7ef0397ccb86

📥 Commits

Reviewing files that changed from the base of the PR and between 1badc49 and aee7637.

⛔ Files ignored due to path filters (1)
  • app/package-lock.json is excluded by !**/package-lock.json, !**/package-lock.json
📒 Files selected for processing (1)
  • app/package.json

Comment thread app/package.json Outdated
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from aee7637 to 071974e Compare July 6, 2026 15:30
scttbnsn added a commit that referenced this pull request Jul 6, 2026
scttbnsn added a commit that referenced this pull request Jul 6, 2026
The #489 npm minor/patch port (071974e) bumped app/package.json's
picomatch override from 4.0.4 to 4.0.5. The lockfile-security test
hardcoded an exact-match assertion against the old pin; 4.0.5 is still
>= the patched floor the companion test enforces, so only the exact
pin needed updating.
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from 071974e to c01c53c Compare July 7, 2026 02:12
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from c01c53c to ff7a248 Compare July 7, 2026 16:40
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from ff7a248 to eef6581 Compare July 8, 2026 18:55
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from eef6581 to 28b5661 Compare July 9, 2026 09:55
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from ef786df to a150232 Compare July 11, 2026 09:15
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from a150232 to 600e054 Compare July 11, 2026 15:44
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from 600e054 to 1d778d4 Compare July 11, 2026 19:07
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from 1d778d4 to 3cdb160 Compare July 11, 2026 23:30
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from 3cdb160 to 2bf9ba5 Compare July 12, 2026 02:09
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from 2bf9ba5 to 78dec8d Compare July 12, 2026 04:56
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from 78dec8d to 0ef0625 Compare July 12, 2026 13:03
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from 0ef0625 to a4fe617 Compare July 12, 2026 20:05
@renovate
renovate Bot force-pushed the renovate/npm-minor-patch-app branch from a4fe617 to 66164cc Compare July 13, 2026 13:05
@vercel

vercel Bot commented Jul 14, 2026

Copy link
Copy Markdown

Deployment failed with the following error:

Resource is limited - try again in 24 hours (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/codeswhat?upgradeToPro=build-rate-limit

@vercel

vercel Bot commented Jul 16, 2026

Copy link
Copy Markdown

Deployment failed with the following error:

Failed to create deployment for team_A8tovHIXay3cbUMOtLBijJSk in project prj_hJQksO3bCyPYXgqhNCpiBQecb89W: FetchError: request to https://76.76.21.112/v13/now/deployments?ownerId=team_A8tovHIXay3cbUMOtLBijJSk&projectId=prj_hJQksO3bCyPYXgqhNCpiBQecb89W&skipAutoDetectionConfirmation=1&teamId=team_A8tovHIXay3cbUMOtLBijJSk&traceCarrier=%7B%22ot-baggage-webhookAt%22%3A%221784167005193%22%2C%22ot-baggage-senderUsername%22%3A%22gh.renovate%5Bbot%5D%22%2C%22ot-baggage-gitPipelineId%22%3A%220ba6aace-9ff1-4d95-bd3c-3d6c1b02f44f%22%2C%22x-datadog-trace-id%22%3A%228839684615873083692%22%2C%22x-datadog-parent-id%22%3A%223048986911625867285%22%2C%22x-datadog-sampling-priority%22%3A%222%22%2C%22x-datadog-tags%22%3A%22_dd.p.tid%3D6a583a5d00000000%2C_dd.p.ksr%3D1%2C_dd.p.dm%3D-3%22%2C%22traceparent%22%3A%2200-6a583a5d000000007aacde52cf99b92c-2a502d7120467015-01%22%2C%22tracestate%22%3A%22dd%3Dt.ksr%3A1%3Bt.tid%3A6a583a5d00000000%3Bt.dm%3A-3%3Bs%3A2%3Bp%3A2a502d7120467015%22%7D failed, reason: socket hang up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants