Skip to content

Manually update deps#64

Merged
j9t merged 1 commit into
mainfrom
update-deps-2026-06-24
Jun 24, 2026
Merged

Manually update deps#64
j9t merged 1 commit into
mainfrom
update-deps-2026-06-24

Conversation

@j9t

@j9t j9t commented Jun 24, 2026

Copy link
Copy Markdown
Owner

Summary by CodeRabbit

  • Chores
    • Updated several development tools and test dependencies to newer versions, including Vitest, ESLint, Playwright, Rollup, and Globals.

…o latest versions

Signed-off-by: Jens Oliver Meiert <jens@meiert.com>
@coderabbitai

coderabbitai Bot commented Jun 24, 2026

Copy link
Copy Markdown

Review Change Stack

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4425e30f-f9ea-4e6e-bc3b-db0b6cea8bd8

📥 Commits

Reviewing files that changed from the base of the PR and between 9776567 and 6d26c01.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json

Walkthrough

Seven devDependencies entries in package.json are updated to newer versions: @vitest/browser-playwright, @vitest/coverage-istanbul, and vitest go from 4.1.8 to 4.1.9; eslint from 10.4.1 to 10.5.0; globals from 17.6.0 to 17.7.0; playwright from 1.60.0 to 1.61.1; and rollup from 4.61.1 to 4.62.2.

Changes

Dev dependency version bumps

Layer / File(s) Summary
devDependencies version bumps
package.json
Bumps @vitest/browser-playwright, @vitest/coverage-istanbul, eslint, globals, playwright, rollup, and vitest to newer patch/minor versions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main change: a manual update of project dependencies.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch update-deps-2026-06-24

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedvitest@​4.1.8 ⏵ 4.1.998 +110079 +198 +1100
Updatedplaywright@​1.60.0 ⏵ 1.61.11001001009980
Updated@​vitest/​coverage-istanbul@​4.1.8 ⏵ 4.1.9991008298100
Updatedglobals@​17.6.0 ⏵ 17.7.0100 +110086 +194100
Updated@​vitest/​browser-playwright@​4.1.8 ⏵ 4.1.91001008698100
Updatedeslint@​10.4.1 ⏵ 10.5.09810010095100
Updatedrollup@​4.61.1 ⏵ 4.62.29710010099100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@vitest/browser-playwright@4.1.9npm/vitest@4.1.9npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@j9t j9t merged commit 1aa4a7b into main Jun 24, 2026
5 of 6 checks passed
@j9t j9t deleted the update-deps-2026-06-24 branch June 24, 2026 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant