👷 Update all non-major dependencies (minor/patch)#162
Conversation
|
There was a problem hiding this comment.
PR Review — Score: 3.0 / 5
Routine Renovate dependency bumps for dev tooling and the runtime dd-trace dependency. Root and playground lockfiles are in sync, but four e2e integration apps have package.json version bumps without matching yarn.lock updates — Renovate's artifact step failed for those apps. I would not merge as-is; regenerate the integration lockfiles (or rebase/retry the Renovate branch) so installs are deterministic before approval.
Why 3.0: The core SDK lockfile updates look correct and the version bumps are all minor/patch. The integration-app lockfile drift is a concrete merge risk that Renovate already flagged.
Why not 5: Four integration yarn.lock files are stale relative to their package.json changes, leaving package/lock mismatch on the bundler apps this repo exercises in CI.
Findings
- [Blocking] Stale integration lockfiles —
vite/webpackbumps in four e2e apps lack correspondingyarn.lockupdates after Renovate artifact failure.
CI was still running (dd-gitlab/* pending) when this review was posted.
Sent by Cursor Automation: electron-sdk reviews
| "electron": "41.1.0", | ||
| "typescript": "5.9.3", | ||
| "vite": "8.0.16" | ||
| "vite": "8.1.0" |
There was a problem hiding this comment.
Blocking — lockfile not updated. Renovate bumped vite here to 8.1.0, but e2e/integration/apps/forge-vite/yarn.lock still resolves vite@npm:8.0.16. The same mismatch exists for:
electron-builder-vite(8.1.0vs lock8.0.16)electron-vite-esm(7.3.6vs lock7.3.5)forge-webpack(5.108.1vs lock5.107.2)
Renovate's PR comment reports artifact update failures for all four apps (missing integration-sdk.tgz in its sandbox). Locally, run yarn install in each app (or trigger a Renovate rebase) so lockfiles match before merge.
| }, | ||
| "dependencies": { | ||
| "dd-trace": "5.109.0" | ||
| "dd-trace": "5.110.0" |
There was a problem hiding this comment.
Only runtime dependency change in this PR. Root yarn.lock is updated and pulls in @datadog/pprof@5.15.1 and import-in-the-middle@3.2.0 (was 3.0.1). No SDK source changes, but worth a quick sanity check that trace initialization and bundler plugin scenarios still pass once CI completes — import-in-the-middle hooks module loading used by dd-trace instrumentation.
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b6831ff0ab
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "electron-builder": "26.15.3", | ||
| "typescript": "5.9.3", | ||
| "vite": "8.0.16" | ||
| "vite": "8.1.0" |
There was a problem hiding this comment.
Regenerate integration app lockfiles
This manifest update, along with the matching Vite/Webpack bumps in electron-vite-esm, forge-vite, and forge-webpack, leaves the standalone app lockfiles pinned to the previous top-level specs (vite 8.0.16/7.3.5 and webpack 5.107.2). When scripts/install-integration-apps.ts installs these apps it updates and then restores each yarn.lock, so the committed locks no longer capture the dependency graph actually tested and immutable/local installs from the repo are out of sync. Please update the four app yarn.lock files with the manifest changes.
Useful? React with 👍 / 👎.
003c7d4 to
81b3929
Compare
81b3929 to
39c652a
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 39c652a046
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| }, | ||
| "dependencies": { | ||
| "dd-trace": "5.109.0" | ||
| "dd-trace": "5.111.0" |
There was a problem hiding this comment.
Regenerate integration locks for the tracer bump
With this root dependency bumped to 5.111.0, the integration app locks are now stale: every e2e/integration/apps/*/yarn.lock still resolves the packed SDK tarball to dd-trace 5.109.0 (for example e2e/integration/apps/electron-builder-vite/yarn.lock:47), and scripts/install-integration-apps.ts updates then restores those lockfiles after packaging. Separate from the existing Vite/Webpack lock drift, the fresh evidence is that all app locks still contain the old SDK tarball dependency, so the committed dependency graph no longer matches what test:integration:init installs for this tracer update.
Useful? React with 👍 / 👎.
| }, | ||
| "dependencies": { | ||
| "dd-trace": "5.109.0" | ||
| "dd-trace": "5.111.0" |
There was a problem hiding this comment.
Regenerate the e2e fixture lockfile
The minimal E2E app also consumes the root package through portal:../.., but e2e/app/yarn.lock still records that portal dependency as requiring dd-trace 5.109.0. The e2e GitLab job runs yarn test:e2e:init, whose cd e2e/app && yarn install has no --no-immutable; Yarn documents that --immutable defaults to true on CI and aborts if the lockfile would change (https://yarnpkg.com/cli/install). In CI this lockfile mismatch blocks setup before the e2e tests can run, so please update e2e/app/yarn.lock with the tracer bump.
Useful? React with 👍 / 👎.


This PR contains the following updates:
1.61.0→1.61.15.109.0→5.111.010.5.0→10.6.01.61.0→1.61.13.8.4→3.9.48.62.0→8.62.18.0.16→8.1.37.3.5→7.3.65.107.2→5.108.3Release Notes
microsoft/playwright (@playwright/test)
v1.61.1Compare Source
DataDog/dd-trace-js (dd-trace)
v5.111.0: 5.111.0Compare Source
Features
Fixes
Performance
Documentation
Internal (CI, Testing, Benchmarking)
v5.110.0: 5.110.0Compare Source
Features
Fixes
Performance
Documentation
Internal (CI, Testing, Benchmarking)
eslint/eslint (eslint)
v10.6.0Compare Source
Features
b1f9106feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)f291007feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)Bug Fixes
6b05784fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)bb9eb2afix: account for shadowedBooleaninno-extra-boolean-cast(#21013) (den$)8fd8741fix: don't report shadowed undefined inradixrule (#21011) (Pixel)5784980fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)9cd1e6dfix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)d4eb2dcfix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)2360464fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)63d52d2fix: restore max-classes-per-file report range (#21002) (Pixel)7feaff0fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)399a2ecfix: don't report inner non-callbacks inmax-nested-callbacks(#20995) (Milos Djermanovic)Documentation
a83683ddocs: Update README (GitHub Actions Bot)f5449f9docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)bea49f7docs: Update README (GitHub Actions Bot)e5f70f9docs: update code-path diagrams (#20984) (Tanuj Kanti)8890c2ddocs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)3eb3d9bdocs: Update README (GitHub Actions Bot)c5bb59cdocs: Update README (GitHub Actions Bot)eb3c97cdocs: fix grammar in prefer-const rule description (#20983) (lumir)Chores
6a42034ci: run ecosystem tests on main branch (#20891) (sethamus)3dbacdbci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])c3abfcachore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)a832320ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)27166e7chore: update ecosystem plugins (#21005) (ESLint Bot)865d76eci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])27a88c9chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)970cea6chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)b482120chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])6993fb3chore: update ecosystem plugins (#20985) (ESLint Bot)prettier/prettier (prettier)
v3.9.4Compare Source
v3.9.3Compare Source
v3.9.2Compare Source
v3.9.1Compare Source
v3.9.0Compare Source
diff
🔗 Release Notes
v3.8.5Compare Source
typescript-eslint/typescript-eslint (typescript-eslint)
v8.62.1Compare Source
This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
vitejs/vite (vite)
v8.1.3Compare Source
Bug Fixes
es-module-lexerto 2.3.0 (#22838) (7103c3a)v8.1.2Compare Source
Bug Fixes
v8.1.1Compare Source
Features
Bug Fixes
import.meta.hot.invalidate()(#22797) (709eb8e)@importurls with lightningcss (#22718) (9fa7ab4)esbuild.jsxSideEffectswhen converting tooxc.jsx.pure(#22809) (33895ba)ERR_CLOSED_SERVERin scanner (#22784) (085a0ab)inputfromroot(#22769) (9722b07)Miscellaneous Chores
Code Refactoring
Object.valuescalls (#22790) (1113acf)Tests
v8.1.0Compare Source
Features
server.fs.denylist with common files (#22707) (61ba8fd)~for Rolldown (#22693) (9928722)Bug Fixes
Code Refactoring
rolldownOptionsproperty for chunkImportMap (#22692) (8e8816c)webpack/webpack (webpack)
v5.108.3Compare Source
Patch Changes
Speed up CSS parsing and reduce CSS AST node memory. (by @alexander-akait in #21285)
Fix HMR codegen crash for harmony accept with unresolved imports. (by @xiaoxiaojx in #21302)
Match harmony accept dependencies by module reference so HMR codegen handles imports without a module or chunk id. (by @alexander-akait in #21303)
v5.108.2Compare Source
Patch Changes
Fix lazy barrel deferral of ungrouped side-effect imports. (by @hai-x in #21291)
Respect the
node:prefix for node.js core modules used as externals. (by @alexander-akait in #21286)v5.108.1Compare Source
Patch Changes
Fix invalid property access for escaped namespace imports with multi-character mangled export names. (by @xiaoxiaojx in #21280)
Add frames to ProfilingPlugin TracingStartedInBrowser event so the trace loads in Chrome DevTools. (by @alexander-akait in #21269)
v5.108.0Compare Source
Minor Changes
Treat top-level await and
import.metaas ES module markers, matching Node.js syntax detection so no explicit module type is needed. (by @alexander-akait in #21218)Add a
buntarget that emits ESM and externalizesbun:*and node.js built-in modules. (by @alexander-akait in #21248)Support CommonJS reexports via
Object.definePropertyvalue and getter descriptors. (by @alexander-akait in #21129)Support JSON Schema
constwhen generating CLI flags from a schema. (by @alexander-akait in #21087)Support JSON Schema
if/then/elsewhen generating CLI flags from a schema. (by @alexander-akait in #21087)Skip import specifiers,
require()andimport()calls in dead conditional branches gated by inlined imported constants (isDEV ? A : B), evaluated viagetCondition. (by @hai-x in #21136)CSS
localIdentName[hash]now resolves to the local ident hash (matching css-loader); use[modulehash]for the module hash. (by @alexander-akait in #21259)Add CSS parser
asoption and resolveurl()inside HTMLstyleattributes. (by @alexander-akait in #21157)Add dedicated module classes for all built-in module types. (by @alexander-akait in #21164)
Support
.html/.cssfor the default./srcentry under the html/css experiments. (by @alexander-akait in #21039)Add
defineConfighelper for typed configuration files. (by @alexander-akait in #21169)Add a
denotarget (with versions, e.g.deno,deno2,deno1.40) that emits ESM, resolves node.js built-ins via the requirednode:specifier, and keeps Deno's own import protocols (npm:,jsr:,node:,http(s)://) external. (by @alexander-akait in #21247)Use
module-importfor electron externals when the target supports ESM. (by @alexander-akait in #21184)Add
output.environment.logicalAssignmentto emit||=in runtime code when the target supports logical assignment operators. (by @bjohansebas in #21219)Resolve and rewrite asset URLs inside
<iframe srcdoc>in HTML modules. (by @bjohansebas in #21226)Add HMR support for HTML modules with body/title DOM patching on update. (by @alexander-akait in #21011)
Add
css-urlhtml source type extractingurl()references from CSS-valued attributes. (by @alexander-akait in #21250)Add
module.parser.html.sourcesoption to disable or customize URL-attribute extraction for HTML modules, withscript/script-module/stylesheet/stylesheet-inlinetypes for custom attributes (by @alexander-akait in #21022)Add
module.parser.html.templateoption to transform HTML module source before parsing. (by @alexander-akait in #21055)Extract more source URLs in HTML modules (SVG, legacy and obsolete attributes). (by @alexander-akait in #21241)
Inline
export default <const>when the default-exported value is a primitive constant. (by @hai-x in #21189)Support
optimization.inlineExportsfor better tree-shaking. (by @hai-x in #20973)Re-encode inline hash digests (
[contenthash]/[chunkhash]/[fullhash]/[modulehash]) from the full content hash, so they carry full entropy and work underoptimization.realContentHashand in dynamically-loaded chunk filenames; also preserve leading zero bytes in base-N digests. (by @alexander-akait in #21267)Allow tree-shaking unused calls to
/*#__NO_SIDE_EFFECTS__*/-annotated (pure) exports across module boundaries. (by @hai-x in #20907)Defer building unused re-export targets of side-effect-free barrel modules. (by @hai-x in #21165)
Keep export mangling enabled for modules whose namespace object is used as a whole value, by materializing a decoupled namespace object that keeps the original export names. (by @alexander-akait in #21234)
Add
output.environment.letoption (paired with target'sletcapability) and emitlet/constinstead ofvarin generated runtime code wherever it is safe. Bindings that may be wrapped in runtime-conditionifblocks (harmony imports, ConcatenatedModule external imports) continue to usevarto preserve function scoping. (by @alexander-akait in #21010)Add
output.htmlto emit an HTML file per entrypoint, injecting its JS/CSS chunks (includingdependOnshared chunks). (by @alexander-akait in #21215)Add
module.parser.javascript.pureFunctionsto mark top-level names as side-effect-free for tree shaking. (by @hai-x in #21063)Add
universaltocompiler.platform, true for universal targets ("universal"or["web", "node"]). (by @bjohansebas in #21252)Add
output.strictModuleResolutionto gate the runtimeMODULE_NOT_FOUNDguard. (by @hai-x in #21067)Support an inline digest in hash path placeholders, e.g.
[contenthash:base64:8]. (by @alexander-akait in #21259)Support
[uniqueName]and its[uniquename]alias in template paths. (by @alexander-akait in #21155)Support CSS in Node for universal targets, collecting styles for SSR. (by @alexander-akait in #21208)
Improve commonjs, node-commonjs and global externals for universal targets. (by @alexander-akait in #21187)
Add a
universaltarget preset (browser + web worker + Node.js + Electron + NW.js) that always outputs ECMAScript modules. (by @alexander-akait in #21214)Support
new Worker(new URL(...))in universal (node + web) targets by resolving the Worker constructor fromworker_threadswhen no globalWorkerexists. (by @alexander-akait in #21195)Add
output.workerChunkFilenameandentry.workerfor worker chunk filenames. (by @alexander-akait in #21128)Patch Changes
Skip re-parsing the inlined entry module when no renaming is needed. (by @alexander-akait in #21167)
Extend the avoidEntryIife no-parse fast path to multi-entry chunks. (by @alexander-akait in #21173)
Reuse the binary deserialize dispatch table to speed up cache restore. (by @alexander-akait in #21175)
Type
buildInfoandbuildMetaper module type with shared common properties. (by @alexander-akait in #21172)Avoid copying module runtime requirements when ownership is not transferred. (by @alexander-akait in #21140)
Keep all CommonJS exports when an exported function accesses them via
this. (by @alexander-akait in #21179)Align CLI color-support detection across Node, Deno and Bun. (by @alexander-akait in #21257)
Include the schema origin path in conflicting-schema CLI argument errors. (by @alexander-akait in #21087)
Reject
__proto__,constructorandprototypepath segments incli.processArgumentsto prevent prototype pollution. (by @alexander-akait in #21057)Speed up
Compilation.deleteAssetandCompilation.renameAssetvia a lazy reverse index from asset file name to containing chunks. (by @alexander-akait in #21035)Fix merging of inner modules' top-level declarations in concatenated modules. (by @alexander-akait in #21170)
Reduce allocations in export hashing and concatenation name lookups. (by @alexander-akait in [#21167](https://redirect.github.com/web
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.