chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates #1771
Conversation
…updates Bumps the npm_and_yarn group with 1 update in the /examples/integrations/nextjs-ssr directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /examples/integrations/word-addin directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server). Updates `next` from 15.3.3 to 15.4.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.3.3...v15.4.10) Updates `webpack-dev-server` from 5.1.0 to 5.2.1 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v5.1.0...v5.2.1) --- updated-dependencies: - dependency-name: next dependency-version: 15.4.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.1 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b177ea2cb7
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "devDependencies": { | ||
| "@vitejs/plugin-vue": "^4.2.3", | ||
| "vite": "^4.4.6" | ||
| "vite": "^7.3.1" |
There was a problem hiding this comment.
This example now pins vite to ^7.3.1 while leaving @vitejs/plugin-vue at ^4.2.3 in the same devDependencies block. In this repo, other Vite 7 examples already pair Vite 7 with @vitejs/plugin-vue ^6.0.2 (see examples/collaboration/production/client/package.json), which strongly suggests the plugin major is expected to match the Vite major. With the current mismatch, running npm install + npm run dev in this example is likely to hit peer-dependency errors or runtime plugin API mismatches because the Vue plugin is multiple majors behind. Consider bumping @vitejs/plugin-vue to the Vite 7-compatible major (or keeping Vite at 4) to keep the example runnable.
Useful? React with 👍 / 👎.
| "@vitejs/plugin-vue": "^4.2.3", | ||
| "vite": "^4.4.6" | ||
| "vite": "^7.3.1" |
There was a problem hiding this comment.
This client example also upgrades vite to ^7.3.1 without updating @vitejs/plugin-vue from ^4.2.3. Elsewhere in the repo, Vite 7 examples use @vitejs/plugin-vue ^6.0.2 (e.g., examples/collaboration/production/client/package.json), indicating the plugin major tracks the Vite major. With the current mismatch, developers running this example (npm install + npm run dev) are likely to see peer-dependency issues or runtime failures from an incompatible plugin API. Updating @vitejs/plugin-vue to the Vite 7-compatible major (or reverting the Vite bump) would keep the example consistent and runnable.
Useful? React with 👍 / 👎.
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
dependabot
bot
deleted the
dependabot/npm_and_yarn/examples/advanced/loading-from-json/npm_and_yarn-caed28b822
branch
Bumps the npm_and_yarn group with 1 update in the /examples/integrations/nextjs-ssr directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/integrations/word-addin directory: webpack-dev-server.
Updates
nextfrom 15.3.3 to 15.4.10Release notes
Sourced from next's releases.
Commits
43cb546v15.4.106129673Backport facebook/react#35351 for 15.4.9 (#87087)d1449e5v15.4.9596f513Update React Version (#42)2ff781eUpdate React Version (#31)d0edaacBackport Next.js changes to v15.4.9 (#24)bd84546lock binaries4966847v15.4.8bf8d31cupdate version scriptbed530fUpdate React Version for Next.js 15.4.8 (#9)Updates
webpack-dev-serverfrom 5.1.0 to 5.2.1Release notes
Sourced from webpack-dev-server's releases.
Changelog
Sourced from webpack-dev-server's changelog.
Commits
0d22a08chore(release): 5.2.16045b1echore(deps): update (#5444)ffd0b86fix: take the first network found instead of the last one, this restores the ...9ea7b08ci: update dependency-review-action (#5442)5c9378bMerge commit from forkd2575adMerge commit from fork8c1abc9fix: prevent overlay for errors caught by React error boundaries (#5431)5a39c70ci: update codecov/codecov-action to v5 (#5406)55220a8chore(deps-dev): bump the dependencies group across 1 directory with 4 update...09f6f8echore(deps): bump the dependencies group across 1 directory with 2 updates (#...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.