Skip to content

chore(deps)(deps): bump zustand from 4.5.7 to 5.0.13#142

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/zustand-5.0.13
Closed

chore(deps)(deps): bump zustand from 4.5.7 to 5.0.13#142
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/zustand-5.0.13

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited by coderabbitai Bot
Loading

Bumps zustand from 4.5.7 to 5.0.13.

Release notes

Sourced from zustand's releases.

v5.0.13

This release includes an improvement in the devtools middleware.

What's Changed

New Contributors

Full Changelog: pmndrs/zustand@v5.0.12...v5.0.13

v5.0.12

Two small fixes.

What's Changed

New Contributors

Full Changelog: pmndrs/zustand@v5.0.11...v5.0.12

v5.0.11

This release includes small improvements in middleware thanks to contributors.

What's Changed

New Contributors

... (truncated)

Commits
  • 6bc451e 5.0.13
  • 8ec2169 chore(deps): update dev dependencies (#3486)
  • 4e9bcf0 fix(devtools): support Firefox/Safari stack format in findCallerName (#3469)
  • 4b96f4e fix(docs): correct react-dom test utils import path (#3474)
  • c7516c1 fix(tests): change parameters for 'expect' in test (#3483)
  • 1b04af1 docs(persist): fix signature to require persistOptions (#3477)
  • 95d3f33 test(middleware/immer): add runtime tests for immer middleware (#3471)
  • 3201328 Update TypeScript guide links in README.md (#3466)
  • 00f96a3 chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 (#3447)
  • 6330044 test: expand React subscribe test coverage (#3442)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zustand since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

  • Chores
    • Atualização da dependência zustand para versão 5.0.13, trazendo melhorias de estabilidade e desempenho na camada de gerenciamento de estado da aplicação.

Review Change Stack

@dependabot
chore(deps)(deps): bump zustand from 4.5.7 to 5.0.13
1d103c7 
Bumps [zustand](https://github.com/pmndrs/zustand) from 4.5.7 to 5.0.13.
- [Release notes](https://github.com/pmndrs/zustand/releases)
- [Commits](pmndrs/zustand@4.5.7...v5.0.13)

---
updated-dependencies:
- dependency-name: zustand
  dependency-version: 5.0.13
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 11, 2026

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from adm01-debug as a code owner May 11, 2026 13:09
@vercel
Copy link
Copy Markdown

vercel Bot commented May 11, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
promo-gifts Ready Ready Preview, Comment May 11, 2026 1:10pm

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 11, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b9304fca-a92d-4e11-80fc-b9a90ed7d032

📥 Commits

Reviewing files that changed from the base of the PR and between dfd0384 and 1d103c7.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json, !**/package-lock.json
📒 Files selected for processing (1)
  • package.json

Walkthrough

Zustand foi atualizado de v4.5.0 para v5.0.13 em package.json.

Changes

Atualização de Dependência

Layer / File(s) Summary
Zustand Upgrade
package.json		 Zustand atualizado de ^4.5.0 para ^5.0.13. Trata-se de um bump de versão maior (v4→v5).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutos

Observações críticas:

  • Mudança de versão major exige validação: verificar breaking changes na v5 do Zustand
  • Risco: imports, hooks ou APIs descontinuadas podem quebrar
  • Prioridade: testar todos os stores que usam zustand para regressões de estado

Suggested reviewers

  • adm01-debug
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning A descrição fornecida é gerada pelo Dependabot com detalhes técnicos, mas não segue o template obrigatório do repositório (seções como Descrição, Tipo de Mudança, Checklist estão ausentes). Preencha o template obrigatório com seções: Descrição resumida, Tipo de Mudança (marcar 'Refatoração' ou similar), Checklist (confirmar testes, linting, etc) e Notas para revisor.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed O título descreve corretamente a mudança principal: atualização da dependência zustand de 4.5.7 para 5.0.13.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/zustand-5.0.13

Comment @coderabbitai help to get the list of available commands and usage tips.

@adm01-debug adm01-debug mentioned this pull request May 12, 2026
Open
@adm01-debug
Copy link
Copy Markdown
Owner

adm01-debug commented May 12, 2026

❌ Fechando esta PR — major bump requer refactor manual

Pacote: zustand 4.5.7 → 5.0.13
Razão: Não testado em CI, mas requer auditoria de selectors
Esforço estimado: 1-2h

Este upgrade tem breaking changes que não podem ser mergeados via dependabot automático. O componente base + callsites precisam ser refatorados em uma PR humana dedicada.

Tracking issue: #155 — onde o time pode discutir priorização e atribuir.

@dependabot ignore this minor version (pra dependabot não recriar a PR automaticamente)

Decisão tomada na Tarefa 7 do redeploy Promo_Gifts. Doc: docs/redeploy/REDEPLOY-T7-DEPENDABOT.md (a ser criado)

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 12, 2026

OK, I won't notify you about version 5.0.x again, unless you re-open this PR.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/zustand-5.0.13 branch May 12, 2026 17:49
@adm01-debug adm01-debug mentioned this pull request May 12, 2026
Merged
adm01-debug added a commit that referenced this pull request May 12, 2026
@adm01-debug @claude
docs(redeploy-t7): summary of dependabot PR triage (#157)
2dbb22f 
Tarefa 7 do redeploy. Triagei 7 PRs dependabot abertas há semanas.

Resultado:
- 4 mergeadas: #138, #139, #144, #145 (devtools + CI actions, baixo risco)
- 3 fechadas: #140, #141, #142 (runtime majors com breaking changes)
- 1 issue criada: #155 (tracking dos 3 majors pendentes)

Critério: triagem por RISCO REAL (devtools vs runtime), não por minor/major.

Decisões persistidas em docs/redeploy/REDEPLOY-T7-DEPENDABOT.md:
- Lista completa das 7 PRs com decisão e razão
- Critérios de triagem reutilizáveis
- Achados sobre falsos-positivos (CDN 522 do esm.sh)
- Recomendação de dependabot.yml para reduzir ruído futuro
- Status atualizado do plano de redeploy

Closes part of #155 (T7 do plano)

Co-authored-by: Joaquim (via Claude Code redeploy T2) <joaquim@atomicabr.com.br>
Co-authored-by: Claude <noreply@anthropic.com>
@adm01-debug adm01-debug mentioned this pull request May 12, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adm01-debug adm01-debug Awaiting requested review from adm01-debug adm01-debug is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adm01-debug