fix: update dependabot dependencies#21238
Conversation
deffrian
changed the title
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
|
❌ Failed to cherry-pick to |
Ref: A-459 1. barretenberg/docs had a broken resolution `"@docusaurus/mdx-loader/image-size": "1.2.1"` (added in PR #17462) that never worked. Changed to `"@docusaurus/**/image-size": "1.2.1"` which is the correct yarn v1 syntax. 2. barretenberg/docs/yarn.lock required `yarn --ignore-scripts` to save lockfile changes. The regular `yarn` fails on netlify's postinstall script (`@netlify/dev-utils` export error on Node.js v24), which prevents the lockfile from being written. This also caused yarn v1 to clean up stale/duplicate entries in the lockfile, resulting in many unrelated changes (~53KB reduction). 3. boxes/yarn.lock still has [email protected] via [email protected] (requests ^6.1.11). 6.2.1 is the latest tar v6. [email protected] uses tar v7 but is not stable yet. 4. docs/yarn.lock and barretenberg/docs/yarn.lock have [email protected] via [email protected] (from @docusaurus/core). All v4 releases pin ws@^7.3.1. v5 uses ws@^8, but @docusaurus/core pins ^4.10.2. 5. barretenberg/acir_tests/sol-test has a stale package-lock.json with [email protected]. The project is a yarn workspace of acir_tests, so the actual resolution comes from barretenberg/acir_tests/yarn.lock ([email protected]). 6. [email protected] (latest) pins fastify to exactly 5.7.4. No newer netlify-cli version is available yet, so fastify cannot be updated until netlify-cli releases a version with fastify 5.8.2+. | yarn.lock path | Package | Old Version | New Version | |----------------|---------|-------------|-------------| | barretenberg/ts/yarn.lock | minimatch | 9.0.5 | 9.0.9 | | barretenberg/ts/yarn.lock | minimatch | 5.1.6 | 5.1.9 | | barretenberg/cpp/src/barretenberg/nodejs_module/yarn.lock | minimatch | 10.1.2 | 10.2.4 | | l1-contracts/yarn.lock | minimatch | 5.1.6 | 5.1.9 | | boxes/yarn.lock | minimatch | 9.0.3 | 9.0.9 | | boxes/yarn.lock | @typescript-eslint/parser | 6.21.0 | 8.56.1 | | boxes/yarn.lock | @typescript-eslint/eslint-plugin | 6.21.0 | 8.56.1 | | barretenberg/ts/yarn.lock | minimatch | 3.1.2 | 3.1.5 | | yarn-project/yarn.lock | node-gyp | 10.1.0 | 12.2.0 | | yarn-project/yarn.lock | tar | 6.2.1 | 7.5.10 | | barretenberg/ts/yarn.lock | node-gyp | 11.2.0 | 12.2.0 | | barretenberg/ts/yarn.lock | tar | 7.4.3 | 7.5.10 | | playground/yarn.lock | node-gyp | 11.2.0 | 12.2.0 | | playground/yarn.lock | tar | 7.4.3 | 7.5.10 | | barretenberg/acir_tests/yarn.lock | node-gyp | 11.1.0 | 12.2.0 | | barretenberg/acir_tests/yarn.lock | tar | 7.4.3 | 7.5.10 | | barretenberg/cpp/src/barretenberg/nodejs_module/yarn.lock | tar | 7.5.7 | 7.5.10 | | docs/yarn.lock | node-gyp | 11.0.0 | 12.2.0 | | docs/yarn.lock | tar | 7.5.1 | 7.5.10 | | boxes/yarn.lock | node-gyp | 11.2.0 | 12.2.0 | | boxes/yarn.lock | tar (node-gyp) | 7.4.3 | 7.5.10 | | barretenberg/docs/yarn.lock | netlify-cli | 17.38.1 | 23.7.3 | | barretenberg/docs/yarn.lock | tar | 6.2.1, 7.4.3 | 7.5.10 | | yarn-project/yarn.lock | glob | 10.3.12 | 10.5.0 | | barretenberg/ts/yarn.lock | glob | 10.4.5 | 10.5.0 | | barretenberg/acir_tests/yarn.lock | glob | 10.4.5 | 10.5.0 | | boxes/yarn.lock | glob | 10.4.5 | 10.5.0 | | docs/yarn.lock | glob | 10.4.5 | 10.5.0 | | barretenberg/docs/yarn.lock | glob | 10.4.5 | 10.5.0 | | yarn-project/yarn.lock | @modelcontextprotocol/sdk | 1.11.2 | 1.27.1 | | playground/yarn.lock | @modelcontextprotocol/sdk | 1.11.2 | 1.27.1 | | yarn-project/yarn.lock | jws | 4.0.0 | 4.0.1 | | docs/yarn.lock | jws | 3.2.2 | 3.2.3 | | barretenberg/docs/yarn.lock | jws | 3.2.2 | 3.2.3 | | docs/yarn.lock | svgo | 4.0.0 | 4.0.1 | | docs/yarn.lock | svgo | 3.3.2 | 3.3.3 | | barretenberg/docs/yarn.lock | svgo | 3.3.2 | 3.3.3 | | docs/yarn.lock | netlify-cli | 23.7.3 | 24.0.1 | | docs/yarn.lock | fastify | 4.29.1 | 5.7.4 | | barretenberg/docs/yarn.lock | netlify | 22.2.2 | 24.0.1 | | barretenberg/docs/yarn.lock | netlify-cli | 23.7.3 | 24.0.1 | | barretenberg/docs/yarn.lock | fastify | 4.29.1, 5.7.3 | 5.7.4 | | barretenberg/docs/yarn.lock | axios | 1.12.2 | 1.13.6 | | barretenberg/docs/yarn.lock | image-size | 1.2.0 | 1.2.1 |
BEGIN_COMMIT_OVERRIDE fix: (A-623) increase committee timeout in scenario smoke test (#21193) feat: orchestrator enqueues via serial queue (#21247) feat: rollup mana limit gas validation (#21219) fix: make e2e HA test more deterministic (#21199) chore: fix chonk_browser lint warning (#21265) chore: deploy SPONSORED_FPC in test networks (#21254) fix: (A-635) e2e bot flake on nonce mismatch (#21288) chore: deflake duplicate attestations and proposals slash tests (#21294) fix(sequencer): fix log when not enough txs (#21297) chore: send env var to pods (#21307) fix: Simulate gas in n tps test. Set min txs per block to 1 (#21312) fix: update dependabot dependencies (#21238) test: run nightly bench of block capacity (#20726) fix: update block_capacity test to use new send() result types (#21345) fix(node): fix index misalignment in findLeavesIndexes (#21327) fix(log): do not log validation error if unregistered handler (#21111) fix: limit parallel blocks in prover to max AVM parallel simulations (#21320) fix: use native sha256 to speed up proving job id generation (#21292) chore: remove v4-devnet-1 (#21044) fix(validator): wait for l1 sync before processing block proposals (#21336) fix(txpool): cap priority fee with max fees when computing priority (#21279) chore: Properly compute finalized block (#21156) fix: remove extra argument in KVArchiverDataStore constructor call (#21361) chore: revert l2 slot time 72 -> 36 on scenario network (#21291) fix(archiver): do not error if proposed block matches checkpointed (#21367) fix(claude): rule to not append echo exit (#21368) chore: reduce severity of errors due to HA node not acquiring signature (#21311) fix: make reqresp batch retry test deterministic (#21322) fix: (A-643) add buffer to maxFeePerBlobGas for gas estimation and fix bump loop truncation (#21323) fix(e2e): use L2 priority fee in deploy_method same-block test (#21373) fix: reqresp flake & add logging (#21334) END_COMMIT_OVERRIDE
4 participants
Ref: A-459
barretenberg/docs had a broken resolution
"@docusaurus/mdx-loader/image-size": "1.2.1"(added in PR chore: Upgrade rest of dependabot deps #17462) that never worked. Changed to"@docusaurus/**/image-size": "1.2.1"which is the correct yarn v1 syntax.barretenberg/docs/yarn.lock required
yarn --ignore-scriptsto save lockfile changes. The regularyarnfails on netlify's postinstall script (@netlify/dev-utilsexport error on Node.js v24), which prevents the lockfile from being written. This also caused yarn v1 to clean up stale/duplicate entries in the lockfile, resulting in many unrelated changes (~53KB reduction).boxes/yarn.lock still has [email protected] via [email protected] (requests ^6.1.11). 6.2.1 is the latest tar v6. [email protected] uses tar v7 but is not stable yet.
docs/yarn.lock and barretenberg/docs/yarn.lock have [email protected] via [email protected] (from @docusaurus/core). All v4 releases pin ws@^7.3.1. v5 uses ws@^8, but @docusaurus/core pins ^4.10.2.
barretenberg/acir_tests/sol-test has a stale package-lock.json with [email protected]. The project is a yarn workspace of acir_tests, so the actual resolution comes from barretenberg/acir_tests/yarn.lock ([email protected]).
[email protected] (latest) pins fastify to exactly 5.7.4. No newer netlify-cli version is available yet, so fastify cannot be updated until netlify-cli releases a
version with fastify 5.8.2+.
Dependency Updates