chore: bump the npm_and_yarn group across 2 directories with 4 updates#250
chore: bump the npm_and_yarn group across 2 directories with 4 updates#250dependabot[bot] wants to merge 1 commit intodevelopfrom
Conversation
dependabot
bot
added
dependencies
Deploying boxdbud with
|
| Latest commit: |
168c47c
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://54619331.boxdbud.pages.dev |
| Branch Preview URL: | https://dependabot-npm-and-yarn-npm-s6hp.boxdbud.pages.dev |
dependabot
bot
added
dependencies
|
@dependabot rebase |
Bumps the npm_and_yarn group with 4 updates in the / directory: [minimatch](https://github.com/isaacs/minimatch), [flatted](https://github.com/WebReflection/flatted), [undici](https://github.com/nodejs/undici) and [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 1 update in the /workers/tmdb-cron directory: [undici](https://github.com/nodejs/undici). Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `undici` from 7.22.0 to 7.24.7 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.22.0...v7.24.7) Updates `rollup` from 4.58.0 to 4.60.1 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.58.0...v4.60.1) Updates `undici` from 7.18.2 to 7.24.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.22.0...v7.24.7) Updates `undici` from 7.18.2 to 7.24.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.22.0...v7.24.7) Updates `undici` from 7.18.2 to 7.24.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.22.0...v7.24.7) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.24.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.60.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.24.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.24.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.24.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/npm_and_yarn-b6e405db17
branch
from
eef5fbc to
168c47c
Compare
|
There was a problem hiding this comment.
Pull request overview
Updates npm dependencies/lockfiles across the root project and the workers/tmdb-cron subproject, primarily to refresh Cloudflare tooling (wrangler) and associated transitive packages used for local dev/build and worker deployment.
Changes:
- Bump
wranglerdevDependency to^4.80.0in both the root project andworkers/tmdb-cron. - Refresh lockfiles, updating transitive packages including
undici,minimatch,flatted, androllup(plus Cloudflare-related deps likeminiflare/workerd). - Align
workers/tmdb-cronlockfile with the updated wrangler toolchain.
Reviewed changes
Copilot reviewed 2 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
package.json |
Bumps root wrangler devDependency to ^4.80.0. |
package-lock.json |
Updates resolved versions for transitive deps (e.g., undici/minimatch/flatted/rollup) and wrangler toolchain. |
workers/tmdb-cron/package.json |
Bumps worker wrangler devDependency to ^4.80.0. |
workers/tmdb-cron/package-lock.json |
Updates resolved wrangler toolchain and transitive deps for the worker project. |
Files not reviewed (1)
- workers/tmdb-cron/package-lock.json: Language not supported
| "vite": "^7.3.1", | ||
| "vitest": "^4.0.16", | ||
| "wrangler": "^4.63.0" | ||
| "wrangler": "^4.80.0" |
There was a problem hiding this comment.
The PR description lists bumps for minimatch/flatted/undici/rollup, but this change also bumps the direct devDependency wrangler (root package.json) to ^4.80.0. Please update the PR description to reflect this additional direct dependency update, since it can affect local dev and CI behavior.
There was a problem hiding this comment.
Updated the PR description to reflect both wrangler bumps:
- Root:
^4.63.0→^4.80.0 workers/tmdb-cron:^4.0.0→^4.80.0
| "vite": "^7.3.1", | ||
| "vitest": "^4.0.16", | ||
| "wrangler": "^4.63.0" | ||
| "wrangler": "^4.80.0" |
There was a problem hiding this comment.
Bumping to wrangler@^4.80.0 pulls in a stricter Node engine requirement (wrangler now requires Node >=20.3.0, and the resolved undici dependency requires >=20.18.1 per package-lock). Since the repo currently does not declare an engines.node in package.json, developers following older Node versions may hit runtime/install issues. Consider adding an explicit Node engine constraint (and aligning any documented Node version) to prevent mismatches.
| "@cloudflare/workers-types": "^4.20250101.0", | ||
| "typescript": "^5.9.3", | ||
| "wrangler": "^4.0.0" | ||
| "wrangler": "^4.80.0" |
There was a problem hiding this comment.
This PR bumps the worker's direct wrangler devDependency to ^4.80.0, but the PR description only mentions an undici update for /workers/tmdb-cron. Please update the PR description to reflect the wrangler bump as well (it changes the worker tooling/runtime expectations).
Bumps the npm_and_yarn group with 4 updates in the / directory: minimatch, flatted, undici and rollup.
Bumps the npm_and_yarn group with 1 update in the /workers/tmdb-cron directory: undici.
Updates
minimatchfrom 3.1.2 to 3.1.5Commits
7bba9783.1.5bd25942docs: add warning about ReDoS1a9c27cfix partial matching of globstar patterns1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actionsUpdates
flattedfrom 3.3.3 to 3.4.2Commits
3bf09093.4.2885ddccfix CWE-13210bdba70added flatted-view to the benchmark2a02dce3.4.1fba4e8fMerge pull request #89 from WebReflection/python-fix5fe8648added "when in Rome" also a test for PHP53517adsome minor improvementb3e2a0cFixing recursion issue in Python tooc4b46dbAdd SECURITY.md for security policy and reportingf86d071Create dependabot.yml for version updatesUpdates
undicifrom 7.22.0 to 7.24.7Release notes
Sourced from undici's releases.
... (truncated)
Commits
84f23e2Bumped v7.24.7 (#4947)a770b10ignore AGENTS.md (#4942)6acd19bfix: correctly handle multi-value rawHeaders in fetch (#4938)1da1c74test: skip IPv6 tests when IPv6 is not available (#4939)04cb773fix(types): Fix clone method type declaration to be an instance method rather...5145a7cfix(types): align Response with DOM fetch types (#4867)ec23620test: skip flaky macOS Node 20 cookie fetch cases5559235doc: remove unused parameterredirectionLimitReached(#4933)a4e4b84docs: update broken links in file "Dispatcher.md" (#4924)38eab36Bumped v7.24.6 (#4931)Updates
rollupfrom 4.58.0 to 4.60.1Release notes
Sourced from rollup's releases.
... (truncated)
Changelog
Sourced from rollup's changelog.
... (truncated)
Commits
ae871d74.60.151f8f60fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274)...ca55406chore(deps): pin dependency typescript to v5 (#6320)fe50d86chore(deps): pin dependencies (#6317)42785ffchore(deps): update minor/patch updates (#6319)65e82a9chore(deps): update msys2/setup-msys2 digest to cafece8 (#6318)c336205chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (#6321)b25d25efix(deps): update swc monorepo (major) (#6322)119abdbchore(deps): lock file maintenance (#6324)5598a66chore(deps): lock file maintenance (#6323)Updates
undicifrom 7.18.2 to 7.24.4Release notes
Sourced from undici's releases.
... (truncated)
Commits
84f23e2Bumped v7.24.7 (#4947)a770b10ignore AGENTS.md (#4942)6acd19bfix: correctly handle multi-value rawHeaders in fetch (#4938)1da1c74test: skip IPv6 tests when IPv6 is not available (#4939)04cb773fix(types): Fix clone method type declaration to be an instance method rather...5145a7cfix(types): align Response with DOM fetch types (#4867)ec23620test: skip flaky macOS Node 20 cookie fetch cases5559235doc: remove unused parameterredirectionLimitReached(#4933)a4e4b84docs: update broken links in file "Dispatcher.md" (#4924)38eab36Bumped v7.24.6 (#4931)Updates
undicifrom 7.18.2 to 7.24.4Release notes
Sourced from undici's releases.
... (truncated)
Commits
84f23e2Bumped v7.24.7 (#4947)a770b10ignore AGENTS.md (#4942)6acd19bfix: correctly handle multi-value rawHeaders in fetch (#4938)1da1c74test: skip IPv6 tests when IPv6 is not available (#4939)04cb773fix(types): Fix clone method type declaration to be an instance method rather...5145a7cfix(types): align Response with DOM fetch types (#4867)ec23620test: skip flaky macOS Node 20 cookie fetch cases5559235doc: remove unused parameterredirectionLimitReached(#4933)a4e4b84docs: update broken links in file "Dispatcher.md" (#4924)38eab36Bumped v7.24.6 (#4931)Updates
undicifrom 7.18.2 to 7.24.4Release notes
Sourced from undici's releases.
... (truncated)
Commits
84f23e2Bumped v7.24.7 (#4947)a770b10ignore AGENTS.md (#4942)6acd19bfix: correctly handle multi-value rawHeaders in fetch (#4938)1da1c74test: skip IPv6 tests when IPv6 is not available (#4939)04cb773fix(types): Fix clone method type declaration to be an instance method rather...5145a7cfix(types): align Response with DOM fetch types (#4867)ec23620test: skip flaky macOS Node 20 cookie fetch cases5559235doc: remove unused parameterredirectionLimitReached(#4933)a4e4b84docs: update broken links in file "Dispatcher.md" (#4924)38eab36Bumped v7.24.6 (#4931)