chore(deps-dev): bump the development group with 4 updates#419
chore(deps-dev): bump the development group with 4 updates#419dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the development group with 4 updates: [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt), [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint), [oxlint-tsgolint](https://github.com/oxc-project/tsgolint) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `oxfmt` from 0.56.0 to 0.57.0 - [Release notes](https://github.com/oxc-project/oxc/releases) - [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md) - [Commits](https://github.com/oxc-project/oxc/commits/oxfmt_v0.57.0/npm/oxfmt) Updates `oxlint` from 1.71.0 to 1.72.0 - [Release notes](https://github.com/oxc-project/oxc/releases) - [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md) - [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.72.0/npm/oxlint) Updates `oxlint-tsgolint` from 0.23.0 to 0.24.0 - [Release notes](https://github.com/oxc-project/tsgolint/releases) - [Commits](oxc-project/tsgolint@v0.23.0...v0.24.0) Updates `vite` from 8.1.0 to 8.1.1 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.1.1/packages/vite) --- updated-dependencies: - dependency-name: oxfmt dependency-version: 0.57.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development - dependency-name: oxlint dependency-version: 1.72.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development - dependency-name: oxlint-tsgolint dependency-version: 0.24.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development - dependency-name: vite dependency-version: 8.1.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development ... Signed-off-by: dependabot[bot] <support@github.com>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
|
Codex review: needs maintainer review before merge. Reviewed July 2, 2026, 9:29 AM ET / 13:29 UTC. Summary Reproducibility: not applicable. this is a dependency maintenance PR, not a runtime bug report with a reproduction path. Review metrics: 4 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Keep the dependency bump open until maintainers triage or explicitly accept the Socket warning and the CI lint result is clean or understood. Do we have a high-confidence way to reproduce the issue? Not applicable: this is a dependency maintenance PR, not a runtime bug report with a reproduction path. Is this the best way to solve the issue? Unclear: the version bump is the normal maintenance mechanism, but the best merge path depends on maintainer acceptance of the Socket warning and resolution of the failed lint validation. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 1d882575e34e. Label changesLabel changes:
Label justifications:
Evidence reviewedSecurity concerns:
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |
Bumps the development group with 4 updates: oxfmt, oxlint, oxlint-tsgolint and vite.
Updates
oxfmtfrom 0.56.0 to 0.57.0Commits
5306f24release(apps): oxlint v1.72.0 && oxfmt v0.57.0 (#23935)Updates
oxlintfrom 1.71.0 to 1.72.0Release notes
Sourced from oxlint's releases.
... (truncated)
Changelog
Sourced from oxlint's changelog.
Commits
5306f24release(apps): oxlint v1.72.0 && oxfmt v0.57.0 (#23935)742be36fix(refactor/node/handle-callback-err): reject invalid regex config (#23740)1c8f50cfeat(linter): add schema foreslint/no-restricted-import(#23642)Updates
oxlint-tsgolintfrom 0.23.0 to 0.24.0Release notes
Sourced from oxlint-tsgolint's releases.
... (truncated)
Commits
5a37e89fix(dot-notation): determine the relevant accessor (#1028)67a281fperf(consistent-return): defer per-function type resolution (#1031)a5e2ff0perf(no-unnecessary-qualifier): skip symbol resolution outside namespaces. (#...a8fc668perf(no-confusing-void-expression): check ancestor position before type query...03158ccperf(no-unnecessary-type-conversion): hoist constant builtin-name slices (#1040)d9e645cperf(prefer-optional-chain): lazily allocate chain-processor caches (#1041)63f578arefactor(no-unnecessary-condition): remove dead containsUnguardedElementAcces...f174876chore(deps): update gomod (#1035)47de9cfchore(deps): update github actions (#1036)e209b5bchore(deps): update actions/cache action to v6 (#1037)Updates
vitefrom 8.1.0 to 8.1.1Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
Commits
4ae9e14release: v8.1.18f925e2fix(bundledDev): skip plugin transform hooks for rolldown-lazy stub modules (...c088511test: enable "manual chunk path" test and remove "worker.format error" test (...62bd7affeat: update dynamic import warning to link to Vite docs (#22823)2dafd3brefactor(css): remove lightningcss null byte bug workaround (#22822)833fc30fix: escape ids with multiple null bytes (#22687)9fa7ab4fix(css): preserve dollar signs in external@importurls with lightningcss ...1113acfrefactor: use pre-defined environments variable to avoid duplicate `Object.va...709eb8efix(bundled-dev): avoid stack overflow onimport.meta.hot.invalidate()(#22...043a810fix: ignore bundled config temp dir (#22800)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions