-
-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(auth): update all non-major dependencies #1384
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
WalkthroughThe changes primarily involve updating dependencies across multiple package configurations. The Changes
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configuration File (
|
#1241 Bundle Size — 3.49MiB (+0.05%).f082505(current) vs 406907e dev#1234(baseline) Warning Bundle contains 5 duplicate packages – View duplicate packages Bundle metrics
|
Current #1241 |
Baseline #1234 |
|
---|---|---|
Initial JS | 3.06MiB (+0.06% ) |
3.05MiB |
Initial CSS | 9.54KiB |
9.54KiB |
Cache Invalidation | 55.58% |
32.94% |
Chunks | 67 |
67 |
Assets | 80 |
80 |
Modules | 2013 |
2013 |
Duplicate Modules | 361 |
361 |
Duplicate Code | 10.03% (-0.1% ) |
10.04% |
Packages | 159 |
159 |
Duplicate Packages | 5 |
5 |
Bundle size by type 2 changes
2 regressions
Current #1241 |
Baseline #1234 |
|
---|---|---|
JS | 3.37MiB (+0.06% ) |
3.37MiB |
Fonts | 94.54KiB |
94.54KiB |
CSS | 9.54KiB |
9.54KiB |
Other | 8.69KiB (+0.13% ) |
8.68KiB |
IMG | 8.57KiB |
8.57KiB |
Bundle analysis report Branch renovate/all-minor-patch Project dashboard
Generated by RelativeCI Documentation Report issue
📦 Next.js Bundle Analysis for @weareinreach/appThis analysis was generated by the Next.js Bundle Analysis action. 🤖 This PR introduced no changes to the JavaScript bundle! 🙌 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (1)
pnpm-lock.yaml
is excluded by!**/pnpm-lock.yaml
Files selected for processing (1)
- packages/auth/package.json (1 hunks)
Files skipped from review due to trivial changes (1)
- packages/auth/package.json
760d2c6
to
9796dd9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (1)
pnpm-lock.yaml
is excluded by!**/pnpm-lock.yaml
Files selected for processing (5)
- apps/app/package.json (1 hunks)
- packages/analytics/package.json (1 hunks)
- packages/auth/package.json (1 hunks)
- packages/env/package.json (1 hunks)
- packages/ui/package.json (1 hunks)
Files skipped from review due to trivial changes (4)
- apps/app/package.json
- packages/auth/package.json
- packages/env/package.json
- packages/ui/package.json
Additional comments not posted (2)
packages/analytics/package.json (2)
32-32
: Ensure alignment of peer dependencies with project requirements.The
nextjs-google-analytics
package inpeerDependencies
has been updated to version2.3.7
. Verify that this aligns with the requirements of any consuming projects.Verification successful
Peer dependency alignment confirmed.
The
nextjs-google-analytics
package is consistently set to version2.3.7
in both the analytics package and the consuming app, indicating alignment with project requirements. No immediate issues are evident from the JSON files.Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify alignment of `nextjs-google-analytics` peer dependency with project requirements. # Test: Check for any potential issues in consuming projects. # Expect: Consuming projects are compatible with version `2.3.7`. rg --type json 'nextjs-google-analytics' -A 5Length of output: 811
26-26
: Verify compatibility with the updatednextjs-google-analytics
package.The
nextjs-google-analytics
package has been updated to version2.3.7
. Ensure that this version is compatible with your existing codebase and does not introduce any breaking changes.
9796dd9
to
a244643
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (1)
pnpm-lock.yaml
is excluded by!**/pnpm-lock.yaml
Files selected for processing (5)
- apps/app/package.json (1 hunks)
- packages/analytics/package.json (1 hunks)
- packages/auth/package.json (1 hunks)
- packages/env/package.json (1 hunks)
- packages/ui/package.json (2 hunks)
Files skipped from review due to trivial changes (3)
- apps/app/package.json
- packages/analytics/package.json
- packages/auth/package.json
Files skipped from review as they are similar to previous changes (2)
- packages/env/package.json
- packages/ui/package.json
a244643
to
bae6a34
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (1)
pnpm-lock.yaml
is excluded by!**/pnpm-lock.yaml
Files selected for processing (7)
- apps/app/package.json (1 hunks)
- packages/analytics/package.json (1 hunks)
- packages/api/package.json (1 hunks)
- packages/auth/package.json (1 hunks)
- packages/db/package.json (1 hunks)
- packages/env/package.json (1 hunks)
- packages/ui/package.json (3 hunks)
Files skipped from review due to trivial changes (6)
- apps/app/package.json
- packages/analytics/package.json
- packages/api/package.json
- packages/auth/package.json
- packages/db/package.json
- packages/env/package.json
Files skipped from review as they are similar to previous changes (1)
- packages/ui/package.json
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
bae6a34
to
f082505
Compare
Quality Gate passedIssues Measures |
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (1)
pnpm-lock.yaml
is excluded by!**/pnpm-lock.yaml
Files selected for processing (7)
- apps/app/package.json (1 hunks)
- packages/analytics/package.json (1 hunks)
- packages/api/package.json (1 hunks)
- packages/auth/package.json (1 hunks)
- packages/db/package.json (1 hunks)
- packages/env/package.json (1 hunks)
- packages/ui/package.json (3 hunks)
Files skipped from review due to trivial changes (5)
- apps/app/package.json
- packages/analytics/package.json
- packages/api/package.json
- packages/auth/package.json
- packages/env/package.json
Files skipped from review as they are similar to previous changes (2)
- packages/db/package.json
- packages/ui/package.json
This PR contains the following updates:
3.629.0
->3.631.0
11.7.0
->11.7.1
11.7.0
->11.7.1
1.11.5
->1.11.7
1.11.5
->1.11.7
2.3.3
->2.3.7
2.3.3
->2.3.7
2.3.3
->2.3.7
4.5.4
->4.5.5
Release Notes
aws/aws-sdk-js-v3 (@aws-sdk/client-cognito-identity-provider)
v3.631.0
Compare Source
Note: Version bump only for package @aws-sdk/client-cognito-identity-provider
chromaui/chromatic-cli (chromatic)
v11.7.1
Compare Source
🐛 Bug Fix
Authors: 1
catamphetamine/libphonenumber-js (libphonenumber-js)
v1.11.7
Compare Source
v1.11.6
Compare Source
MauricioRobayo/nextjs-google-analytics (nextjs-google-analytics)
v2.3.7
Compare Source
Bug Fixes
pmndrs/zustand (zustand)
v4.5.5
Compare Source
This improves the
persist
middleware behavior for an edge case.What's Changed
New Contributors
Full Changelog: pmndrs/zustand@v4.5.4...v4.5.5
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.
Summary by CodeRabbit
New Features
Bug Fixes
Chores