Skip to content

feat: update deps#128

Merged
9romise merged 3 commits into
mainfrom
deps
May 20, 2026
Merged

feat: update deps#128
9romise merged 3 commits into
mainfrom
deps

Conversation

@9romise
Copy link
Copy Markdown
Member

@9romise 9romise commented May 19, 2026

No description provided.

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 19, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedfast-npm-meta@​1.5.11001007091100
Added@​typescript/​native-preview@​7.0.0-dev.20260421.210010072100100
Addedvitest@​4.1.6961007999100
Addedreactive-vscode@​1.0.28010010094100
Added@​types/​node@​25.9.01001008196100
Addedvite@​8.0.13991008298100
Addedtsdown@​0.22.0981008896100
Addedeslint@​10.4.08910010096100
Addedsemver@​7.8.010010010090100
Addedyaml@​2.9.09910010091100
Addedmsw@​2.14.69310010095100

View full report

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 19, 2026
edited
Loading

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c6654c42-c15a-4676-9123-07487b78a33e

📥 Commits

Reviewing files that changed from the base of the PR and between becae0a and a7bfe02.

📒 Files selected for processing (4)
  • CONTRIBUTING.md
  • extensions/vscode/src/commands/open-file-in-npmx.ts
  • extensions/vscode/src/providers/decorators.ts
  • extensions/vscode/src/utils/request.ts
✅ Files skipped from review due to trivial changes (4)
  • extensions/vscode/src/commands/open-file-in-npmx.ts
  • extensions/vscode/src/providers/decorators.ts
  • extensions/vscode/src/utils/request.ts
  • CONTRIBUTING.md
📝 Walkthrough

Walkthrough

This pull request bumps package.json packageManager to pnpm@11.1.3, updates pnpm-workspace.yaml (rekeys patchedDependencies to module-replacements@3.0.0-beta.7, refreshes versions in catalogs.dev and catalogs.inline, and updates test tooling versions and an allowBuilds override for msw), and applies small import-order reorders in three VS Code extension files plus a one-line import-order example change in CONTRIBUTING.md.

Suggested reviewers

  • gameroman
🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The pull request has no description provided by the author, making it impossible to assess whether the intent and rationale for the changes are communicated. Add a pull request description explaining the purpose of the dependency updates, any breaking changes, and testing performed.
✅ Passed checks (2 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch deps

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed May 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
pnpm-workspace.yaml (1)

8-8: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Patch scope can silently stop applying when module-replacements updates.

Line 8 pins the patch to module-replacements@3.0.0-beta.7, but line 41 allows ^3.0.0-beta.7. If a newer prerelease is released (e.g., 3.0.0-beta.8), the caret range would permit resolution to that version, but the patch key would not match, causing the patch to fail silently.

Suggested change 
   test:
     jest-mock-vscode: ^4.12.0
-    module-replacements: ^3.0.0-beta.7
+    module-replacements: 3.0.0-beta.7
     msw: ^2.14.6
     vite-tsconfig-paths: ^6.1.1
     vitest: ^4.1.6
🧹 Nitpick comments (1)
pnpm-workspace.yaml (1)

15-15: ⚡ Quick win

Pin @typescript/native-preview to an explicit prerelease version instead of the beta dist-tag.

Using the beta dist-tag causes floating resolution—the next pnpm install could resolve to a newer beta release if maintainers push updates, potentially introducing unplanned breakage. Pin to an explicit version (currently 7.0.0-dev.20260421.2) for stable, reproducible builds.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ca87a704-9a82-4a60-93eb-815366a54c3d

📥 Commits

Reviewing files that changed from the base of the PR and between 9ad4390 and becae0a.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (1)
  • pnpm-workspace.yaml

@9romise 9romise added this pull request to the merge queue May 20, 2026
Merged via the queue into main with commit 20d6900 May 20, 2026
14 checks passed
@9romise 9romise deleted the deps branch May 20, 2026 01:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@9romise