build(deps-dev): bump concurrently from 9.2.1 to 10.0.3#87
Closed
dependabot[bot] wants to merge 1 commit into
Closed
build(deps-dev): bump concurrently from 9.2.1 to 10.0.3#87dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
a7d4b32 to
93b8a51
Compare
93b8a51 to
6933c12
Compare
Bumps [concurrently](https://github.com/open-cli-tools/concurrently) from 9.2.1 to 10.0.3. - [Release notes](https://github.com/open-cli-tools/concurrently/releases) - [Commits](open-cli-tools/concurrently@v9.2.1...v10.0.3) --- updated-dependencies: - dependency-name: concurrently dependency-version: 10.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
6933c12 to
e4e10c5
Compare
18 tasks
BODMAT
added a commit
that referenced
this pull request
Jul 1, 2026
…pm overrides (#110) * build(deps): bump dependency groups, concurrently, and actions/checkout v7 Batch the open Dependabot PRs into one commit (#101, #105, #94, #87), holding prettier at 3.8.4 — 3.9 is days old and its parser upgrades reformat the repo. - prod group: google-auth-library, ioredis, mongoose, openai, stripe, @tanstack/react-query(+devtools), axios, framer-motion, i18next - dev group: doctoc, globals, lint-staged, turbo, typescript-eslint, nock, @vitejs/plugin-react, postcss, vite - concurrently 9 -> 10 (dev-only; ESM-only, needs Node >= 22) - actions/checkout v6 -> v7 across all workflows: blocks pwn-request by default; our workflows run on pull_request (not pull_request_target), so no behavior impact Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(docker): patch npm-bundled undici to 6.27.0 to clear CVEs npm bundles undici 6.26.0 even at npm@latest, which Trivy flags in the api/web/bot images. Our own dependency tree already resolves undici to 7.28.0 (safe), so this only affects npm's bundled copy inside the image. Mirror the existing brace-expansion patch: install undici@^6.27.0 and copy it over npm's bundled module. Stays on the v6 line to avoid breaking npm. Fixes CVE-2026-12151 (HIGH), CVE-2026-9679 (MEDIUM), CVE-2026-6733 (LOW), CVE-2026-11525 (LOW). Co-authored-by: Makar Dzhehur <100146104+dzhhem@users.noreply.github.com> * fix(deps): drop dead package.json pnpm.overrides, align postcss floor The pnpm.overrides block in package.json was a stale subset already superseded by pnpm-workspace.yaml, which pnpm v10 treats as the sole source — package.json's copy was silently ignored (emitting a warning on every install). Removing it changes no resolution: the workspace file already enforces those pins plus esbuild/form-data/@types/express/etc. Bump the workspace postcss override from ^8.5.10 to ^8.5.15 so dropping the package.json postcss@<8.5.15 pin does not lower the security floor. --------- Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Makar Dzhehur <100146104+dzhhem@users.noreply.github.com>
Contributor
Author
|
Looks like concurrently is up-to-date now, so this is no longer needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps concurrently from 9.2.1 to 10.0.3.
Release notes
Sourced from concurrently's releases.
... (truncated)
Commits
435f61b10.0.35ea69c6ci: use node 24 in the release workflow18e128110.0.2e70686f10.0.1a95bcebRename flow-controller{.d -> }.tsced4245ci: configure trusted publisher flowcf2eaa210.0.01b9bae4deps: upgrade yargs to v18 (#593)b05ee75Bump min Node.js version to v22ae60bc4Scope quote normalization to CLI input (#585)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for concurrently since your current version.