chore(deps): bump downshift from 9.0.13 to 9.3.2#508
chore(deps): bump downshift from 9.0.13 to 9.3.2#508dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [downshift](https://github.com/downshift-js/downshift) from 9.0.13 to 9.3.2. - [Release notes](https://github.com/downshift-js/downshift/releases) - [Changelog](https://github.com/downshift-js/downshift/blob/master/CHANGELOG.md) - [Commits](downshift-js/downshift@v9.0.13...v9.3.2) --- updated-dependencies: - dependency-name: downshift dependency-version: 9.3.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Greptile SummaryThis is a dependabot PR bumping Confidence Score: 5/5Safe to merge; the downshift bump is low-risk and the only finding is a P2 observation about an unannounced chrome-devtools-mcp bump in the lockfile. All findings are P2 or lower. The downshift upgrade is a minor/patch bump with no breaking changes. The chrome-devtools-mcp lockfile change is worth a quick manual check but does not block merging. bun.lock — verify the unannounced chrome-devtools-mcp 0.20.0 → 0.21.0 bump is intentional. Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[PR: bump downshift 9.0.13 → 9.3.2] --> B[apps/agent/package.json\nspecifier: ^9.0.10 → ^9.3.2]
A --> C[bun.lock resolved: 9.0.13 → 9.3.2]
C --> D[downshift deps updated\n@babel/runtime, compute-scroll-into-view\nreact-is pin → range, tslib]
C --> E[⚠️ chrome-devtools-mcp\n0.20.0 → 0.21.0\nnot part of PR scope]
Prompt To Fix All With AIThis is a comment left during a code review.
Path: bun.lock
Line: 2113
Comment:
**Unexpected `chrome-devtools-mcp` bump in lockfile**
The lockfile contains an unannounced bump of `chrome-devtools-mcp` from `0.20.0` to `0.21.0` that is not mentioned in this PR. This dependabot PR is scoped solely to `downshift`, so any collateral resolution change to `chrome-devtools-mcp` should be reviewed intentionally before merging to ensure no unintended behavior is introduced.
How can I resolve this? If you propose a fix, please make it concise.Reviews (1): Last reviewed commit: "chore(deps): bump downshift from 9.0.13 ..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| "chrome-devtools-frontend": ["chrome-devtools-frontend@1.0.1577886", "", {}, "sha512-B9hY3o/0RuVCDWNYh9YnkEbRrPUMCY+NaOgBxvZRzGvqbGSMNckkVSdO67SwWR8bm4fo/qplXbUj0cSr229V6w=="], | ||
|
|
||
| "chrome-devtools-mcp": ["chrome-devtools-mcp@0.20.0", "", { "bin": { "chrome-devtools-mcp": "build/src/bin/chrome-devtools-mcp.js", "chrome-devtools": "build/src/bin/chrome-devtools.js" } }, "sha512-wBnt8901lAXdac3AB7WdONYTAXGW+YqqIVVg7PztxYVNPs3VVgM2UZnZT/ICYPIofKTuRBOkRdEE/VYm90ZgYA=="], | ||
| "chrome-devtools-mcp": ["chrome-devtools-mcp@0.21.0", "", { "bin": { "chrome-devtools-mcp": "build/src/bin/chrome-devtools-mcp.js", "chrome-devtools": "build/src/bin/chrome-devtools.js" } }, "sha512-d+iqrRmcwpRFV3Q4DRCF2LCoq+WCRU3GhISKQ9v8g+1C2Uh8upj3urkjxNO4QIjhBMIYei/VQ1OQLFceby80Og=="], |
There was a problem hiding this comment.
chrome-devtools-mcp bump in lockfile
The lockfile contains an unannounced bump of chrome-devtools-mcp from 0.20.0 to 0.21.0 that is not mentioned in this PR. This dependabot PR is scoped solely to downshift, so any collateral resolution change to chrome-devtools-mcp should be reviewed intentionally before merging to ensure no unintended behavior is introduced.
Prompt To Fix With AI
This is a comment left during a code review.
Path: bun.lock
Line: 2113
Comment:
**Unexpected `chrome-devtools-mcp` bump in lockfile**
The lockfile contains an unannounced bump of `chrome-devtools-mcp` from `0.20.0` to `0.21.0` that is not mentioned in this PR. This dependabot PR is scoped solely to `downshift`, so any collateral resolution change to `chrome-devtools-mcp` should be reviewed intentionally before merging to ensure no unintended behavior is introduced.
How can I resolve this? If you propose a fix, please make it concise.
Bumps downshift from 9.0.13 to 9.3.2.
Release notes
Sourced from downshift's releases.
Commits
f1862edfix(useElementIds): improve fix for webpack analyzer (#1677)9e79c4efix(useElementIds): prevent Webpack static analysis issue with useId (#1676)52ec230feat: support cjs and esm extensions (#1675)f242a9adev: update dependencies and pipeline node versions (#1667)f3ef96adocs: fix link title (#1673)47949cddocs: update useTagGroup links (#1672)1493624feat: manual release again 9.1.0 (#1671)7e5482dfeat: manual release 9.1.0 (#1670)fea4ac0feat: create useTagGroup hook (#1665)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)