Skip to content

chore(deps): batch 7 safe dependabot bumps#45

Merged
hoangsnowy merged 1 commit into
mainfrom
chore/deps-batch-2
Jun 4, 2026
Merged

chore(deps): batch 7 safe dependabot bumps#45
hoangsnowy merged 1 commit into
mainfrom
chore/deps-batch-2

Conversation

@hoangsnowy
Copy link
Copy Markdown
Owner

@hoangsnowy hoangsnowy commented Jun 4, 2026

What

Batches the safe minor/patch updates from the open Dependabot PRs into one branch, regenerating package-lock.json in a single pass. This avoids the lockfile conflicts that sequential per-PR cherry-picks would cause. Same approach as #34.

Dependabot auto-closes the superseded PRs once this merges.

Bumped (7 safe)

Dependabot PR Package Change
#44 @vitest/coverage-v8 4.1.7 → 4.1.8
— (lockstep) vitest 4.1.7 → 4.1.8
#43 release-it 20.0.1 → 20.2.0
#42 @commitlint/config-conventional 21.0.1 → 21.0.2
#41 @commitlint/cli 21.0.1 → 21.0.2
#40 lint-staged 17.0.5 → 17.0.7
#39 lucide-react 1.16.0 → 1.17.0
#37 react-router-dom 7.15.1 → 7.16.0

Held back — incompatible majors (NOT in this PR)

Dependabot PR Package Reason
#12 electron 41 → 42 MSVC lacks __builtin_frame_address (node 22 cppgc/heap.h); no better-sqlite3 Electron-42 prebuild. Pinned to 41 per CLAUDE.md.
#38 vite 7 → 8, @vitejs/plugin-react 5 → 6 electron-vite is pinned to Vite 7 — needs compat verification before bumping. (vitest portion of this group landed here.)
#35 eslint 9 → 10 Major; flat-config / plugin peer migration risk.

#38 will stay open after merge (vite 8 + plugin-react 6 still behind). #12 and #35 likewise remain for separate evaluation.

Verification

Full local gate green (mirrors the CI matrix):

  • lint --max-warnings 0
  • typecheck (node + web) ✅
  • test — 95 passed ✅
  • build
  • test:e2e — 6 passed ✅

🤖 Generated with Claude Code

@hoangsnowy @claude
chore(deps): batch 7 safe dependabot bumps
79dc7f5 
Land minor/patch updates from open Dependabot PRs (#37, #39, #40, #41,
#42, #43, #44); regenerate the lockfile in one pass to avoid the per-PR
lockfile conflicts a sequential cherry-pick would cause.

Bumps:
- @commitlint/cli + config-conventional 21.0.1 -> 21.0.2
- lint-staged 17.0.5 -> 17.0.7
- lucide-react 1.16.0 -> 1.17.0
- react-router-dom 7.15.1 -> 7.16.0
- @vitest/coverage-v8 + vitest 4.1.7 -> 4.1.8

Hold back incompatible majors for separate evaluation:
- electron 42 (MSVC/better-sqlite3 ABI break, pinned to 41)
- vite 8 + @vitejs/plugin-react 6 (electron-vite on Vite 7)
- eslint 10 (flat-config migration risk)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@hoangsnowy hoangsnowy merged commit af20263 into main Jun 4, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hoangsnowy