Skip to content

chore(deps-dev): bump the development group with 4 updates#419

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/development-230887a82e
Closed

chore(deps-dev): bump the development group with 4 updates#419
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/development-230887a82e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the development group with 4 updates: oxfmt, oxlint, oxlint-tsgolint and vite.

Updates oxfmt from 0.56.0 to 0.57.0

Commits

Updates oxlint from 1.71.0 to 1.72.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

  • 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
  • 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
  • bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
  • 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
  • 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
  • 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
  • ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

  • 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
  • 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
  • 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
  • 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
  • a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
  • ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
  • 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
  • ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
  • e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
  • 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
  • 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
  • fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
  • ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
  • dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
  • 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
  • cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

  • 25d577e language_server: Start tools in parallel (#15500) (Sysix)
  • 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
  • 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
  • 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
  • 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
  • 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

  • 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
  • 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
  • a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
  • 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
  • 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
  • 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.72.0] - 2026-06-29

🚀 Features

  • 1c8f50c linter: Add schema for eslint/no-restricted-import (#23642) (Sysix)

🐛 Bug Fixes

  • 742be36 refactor/node/handle-callback-err: Reject invalid regex config (#23740) (camc314)
Commits

Updates oxlint-tsgolint from 0.23.0 to 0.24.0

Release notes

Sourced from oxlint-tsgolint's releases.

v0.24.0

What's Changed

... (truncated)

Commits
  • 5a37e89 fix(dot-notation): determine the relevant accessor (#1028)
  • 67a281f perf(consistent-return): defer per-function type resolution (#1031)
  • a5e2ff0 perf(no-unnecessary-qualifier): skip symbol resolution outside namespaces. (#...
  • a8fc668 perf(no-confusing-void-expression): check ancestor position before type query...
  • 03158cc perf(no-unnecessary-type-conversion): hoist constant builtin-name slices (#1040)
  • d9e645c perf(prefer-optional-chain): lazily allocate chain-processor caches (#1041)
  • 63f578a refactor(no-unnecessary-condition): remove dead containsUnguardedElementAcces...
  • f174876 chore(deps): update gomod (#1035)
  • 47de9cf chore(deps): update github actions (#1036)
  • e209b5b chore(deps): update actions/cache action to v6 (#1037)
  • Additional commits viewable in compare view

Updates vite from 8.1.0 to 8.1.1

Release notes

Sourced from vite's releases.

v8.1.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.1 (2026-06-30)

Features

  • update dynamic import warning to link to Vite docs (#22823) (62bd7af)

Bug Fixes

  • bundled-dev: avoid stack overflow on import.meta.hot.invalidate() (#22797) (709eb8e)
  • bundled-dev: serve assets emitted during HMR/lazy compile (#22745) (5876b2c)
  • bundledDev: skip plugin transform hooks for rolldown-lazy stub modules (#22778) (8f925e2)
  • css: preserve dollar signs in external @import urls with lightningcss (#22718) (9fa7ab4)
  • css: resolve tsconfig paths in CSS and Sass @​import (#22775) (ef0b891)
  • deps: update all non-major dependencies (#22734) (e635f49)
  • deps: update all non-major dependencies (#22804) (8837400)
  • deps: update rolldown-related dependencies (#22591) (2ce6677)
  • escape ids with multiple null bytes (#22687) (833fc30)
  • hide console window when running 'net use' on Windows (#22698) (92b63f2)
  • ignore bundled config temp dir (#22800) (043a810)
  • invert esbuild.jsxSideEffects when converting to oxc.jsx.pure (#22809) (33895ba)
  • optimize-deps: ignore ERR_CLOSED_SERVER in scanner (#22784) (085a0ab)
  • optimizer: scanner should resolve input from root (#22769) (9722b07)
  • resolve pnpm .modules.yaml from workspace root instead of cwd (#22757) (2531ac7)
  • return sourcemap field from some plugins that were lacking (#22782) (7e18bf8)
  • server: handle malformed URI in indexHtmlMiddleware (#22781) (84f5ccc)

Miscellaneous Chores

Code Refactoring

  • css: remove lightningcss null byte bug workaround (#22822) (2dafd3b)
  • use pre-defined environments variable to avoid duplicate Object.values calls (#22790) (1113acf)

Tests

  • enable "manual chunk path" test and remove "worker.format error" test (#22824) (c088511)
Commits
  • 4ae9e14 release: v8.1.1
  • 8f925e2 fix(bundledDev): skip plugin transform hooks for rolldown-lazy stub modules (...
  • c088511 test: enable "manual chunk path" test and remove "worker.format error" test (...
  • 62bd7af feat: update dynamic import warning to link to Vite docs (#22823)
  • 2dafd3b refactor(css): remove lightningcss null byte bug workaround (#22822)
  • 833fc30 fix: escape ids with multiple null bytes (#22687)
  • 9fa7ab4 fix(css): preserve dollar signs in external @import urls with lightningcss ...
  • 1113acf refactor: use pre-defined environments variable to avoid duplicate `Object.va...
  • 709eb8e fix(bundled-dev): avoid stack overflow on import.meta.hot.invalidate() (#22...
  • 043a810 fix: ignore bundled config temp dir (#22800)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the development group with 4 updates: [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt), [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint), [oxlint-tsgolint](https://github.com/oxc-project/tsgolint) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `oxfmt` from 0.56.0 to 0.57.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxfmt_v0.57.0/npm/oxfmt)

Updates `oxlint` from 1.71.0 to 1.72.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.72.0/npm/oxlint)

Updates `oxlint-tsgolint` from 0.23.0 to 0.24.0
- [Release notes](https://github.com/oxc-project/tsgolint/releases)
- [Commits](oxc-project/tsgolint@v0.23.0...v0.24.0)

Updates `vite` from 8.1.0 to 8.1.1
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.1/packages/vite)

---
updated-dependencies:
- dependency-name: oxfmt
  dependency-version: 0.57.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development
- dependency-name: oxlint
  dependency-version: 1.72.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development
- dependency-name: oxlint-tsgolint
  dependency-version: 0.24.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development
- dependency-name: vite
  dependency-version: 8.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 2, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 2, 2026 13:25
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 2, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedoxfmt@​0.56.0 ⏵ 0.57.0691008995 -1100
Updatedoxlint@​1.71.0 ⏵ 1.72.091 -810092 +195 -1100
Updatedoxlint-tsgolint@​0.23.0 ⏵ 0.24.01001009794 +4100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm oxfmt is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/oxfmt@0.57.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/oxfmt@0.57.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm oxfmt is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/oxfmt@0.57.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/oxfmt@0.57.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@clawsweeper

clawsweeper Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Codex review: needs maintainer review before merge. Reviewed July 2, 2026, 9:29 AM ET / 13:29 UTC.

Summary
The PR bumps development dependencies oxfmt, oxlint, oxlint-tsgolint, and the locked vite version through package.json and pnpm-lock.yaml.

Reproducibility: not applicable. this is a dependency maintenance PR, not a runtime bug report with a reproduction path.

Review metrics: 4 noteworthy metrics.

  • Files changed: 2 files affected. The change is limited to package metadata and the pnpm lockfile, so review should focus on dependency resolution, validation, and supply-chain signal.
  • Dependency updates: 4 resolved updates. The PR updates three declared dev-tool packages and one locked Vite resolution that can affect local and CI validation behavior.
  • Current validation signal: 1 failed Lint job. The PR changes lint tooling, so the failed lint check needs inspection before merge once logs are available.
  • Socket alerts: 2 high-severity warnings. Both warnings identify the new oxfmt@0.57.0 package as likely obfuscated, which needs maintainer triage before merge.

Merge readiness
Overall: 🦐 gold shrimp
Proof: 🌊 off-meta tidepool
Patch quality: 🦐 gold shrimp
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Resolve or explicitly accept the Socket warning for oxfmt@0.57.0.
  • Inspect the Lint job when logs are available and address any failure caused by the updated lint toolchain.

Risk before merge

  • [P1] Socket reports high-severity obfuscated-code warnings for oxfmt@0.57.0; passing CI would not by itself prove maintainers accept that new dev-tool supply-chain risk.
  • [P1] The PR changes lint/format/Vite tooling and GitHub currently shows the Lint job failing; logs were not available yet because the workflow was still in progress.

Maintainer options:

  1. Triage the oxfmt package before merge (recommended)
    Review the Socket alert and upstream oxfmt@0.57.0 package artifact, then explicitly accept or reject that dependency version before landing.
  2. Wait for a cleaner dependency update
    Pause or close this bump if maintainers do not want to accept the warned oxfmt release or if the lint failure is caused by the new toolchain.
  3. Accept the dev-tool risk explicitly
    Maintainers may intentionally merge after documenting that the warned package is acceptable for this repository's dev-only tooling surface.

Next step before merge

  • [P2] Maintainer review is needed because the remaining blockers are supply-chain risk acceptance and unresolved validation status, not a narrow code repair.

Security
Needs attention: Socket flagged the new oxfmt@0.57.0 package as likely obfuscated, so maintainers should triage that supply-chain signal before merge.

Review details

Best possible solution:

Keep the dependency bump open until maintainers triage or explicitly accept the Socket warning and the CI lint result is clean or understood.

Do we have a high-confidence way to reproduce the issue?

Not applicable: this is a dependency maintenance PR, not a runtime bug report with a reproduction path.

Is this the best way to solve the issue?

Unclear: the version bump is the normal maintenance mechanism, but the best merge path depends on maintainer acceptance of the Socket warning and resolution of the failed lint validation.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 1d882575e34e.

Label changes

Label changes:

  • add P2: This is a normal dependency maintenance PR with limited product blast radius, but it has concrete supply-chain and validation blockers.
  • add merge-risk: 🚨 security-boundary: The PR introduces a new dev-tool package version that Socket flags as likely obfuscated.
  • add merge-risk: 🚨 automation: The PR changes formatter/linter/Vite tooling and the visible PR status includes a failed Lint job.
  • add rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🌊 off-meta tidepool and patch quality is 🦐 gold shrimp.
  • add status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Not applicable: This is a Dependabot dependency-update PR, so the external contributor real-behavior proof gate does not apply.

Label justifications:

  • P2: This is a normal dependency maintenance PR with limited product blast radius, but it has concrete supply-chain and validation blockers.
  • merge-risk: 🚨 security-boundary: The PR introduces a new dev-tool package version that Socket flags as likely obfuscated.
  • merge-risk: 🚨 automation: The PR changes formatter/linter/Vite tooling and the visible PR status includes a failed Lint job.
  • rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🌊 off-meta tidepool and patch quality is 🦐 gold shrimp.
  • status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Not applicable: This is a Dependabot dependency-update PR, so the external contributor real-behavior proof gate does not apply.
Evidence reviewed

Security concerns:

  • [medium] Triage the warned oxfmt package — package.json:105
    Socket posted high-severity warnings that oxfmt@0.57.0 is 90.0% likely obfuscated. Because this PR updates the repository's dev formatter package to that version, maintainers should review the package artifact or explicitly accept the alert before merging.
    Confidence: 0.86

What I checked:

  • Repository policy read: AGENTS.md was present and read in full; its package manager, Slophammer, and validation guidance is relevant because this PR changes package metadata and the lockfile. (AGENTS.md:1, 1d882575e34e)
  • Current main still has old versions: Current main still declares oxfmt as ^0.56.0, oxlint as ^1.70.0, and oxlint-tsgolint as ^0.23.0, so the dependency bump is not already implemented on main. (package.json:105, 1d882575e34e)
  • Current lockfile still has old resolutions: Current main resolves oxfmt to 0.56.0, oxlint to 1.71.0(oxlint-tsgolint@0.23.0), oxlint-tsgolint to 0.23.0, and vite to 8.1.0. (pnpm-lock.yaml:78, 1d882575e34e)
  • PR diff scope: GitHub PR metadata shows exactly two changed files, package.json and pnpm-lock.yaml, with the PR head at ab4bc8ab4af280e2077b58a2866b38c88808cfbc. (package.json:105, ab4bc8ab4af2)
  • Socket warning: Socket Security posted two high-severity warning alerts saying npm oxfmt@0.57.0 is 90.0% likely obfuscated and recommends review or explicit risk acceptance before proceeding. (package.json:105, ab4bc8ab4af2)
  • Validation status: GitHub PR metadata shows Lint failed while Format, Typecheck, Build, Conformance Smoke, and Slophammer had succeeded; Test and Mutation were still in progress at inspection time. (ab4bc8ab4af2)

Likely related people:

  • vincentkoc: GitHub PR metadata and git history show recent merged dependency/toolchain work on the same package and lockfile surface. (role: recent area contributor; confidence: high; commits: 48d6952b07f1, e8e39dc485e5; files: package.json, pnpm-lock.yaml)
  • dependabot[bot]: Current-main package and lockfile history shows recent automated dependency-bump commits touching the same dev dependency block. (role: recent dependency updater; confidence: medium; commits: 1d882575e34e, c2689c025f36, 7d47fbcf526d; files: package.json, pnpm-lock.yaml)
  • Peter Steinberger: Blame for much of the adjacent dependency block traces to the v0.11.0 release preparation commit, making this weak but relevant provenance for package metadata routing. (role: baseline release contributor; confidence: low; commits: 9149b26f4971; files: package.json, pnpm-lock.yaml)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. merge-risk: 🚨 automation 🚨 Merging this PR could break CI, automerge, proof capture, label sync, or automation. labels Jul 2, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 3, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/development-230887a82e branch July 3, 2026 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code merge-risk: 🚨 automation 🚨 Merging this PR could break CI, automerge, proof capture, label sync, or automation. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. P2 Normal priority bug or improvement with limited blast radius. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants