Conversation
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
dependabot
Bot
added
the
dependencies
…th 2 updates Bumps the ui-security-updates group with 2 updates in the /apps/ui directory: [flatted](https://github.com/WebReflection/flatted) and [lodash](https://github.com/lodash/lodash). Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `lodash` from 4.17.23 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) --- updated-dependencies: - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: ui-security-updates - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: ui-security-updates ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/apps/ui/ui-security-updates-fb4d1d7b5b
branch
from
7715cbc to
83529c3
Compare
…updates-fb4d1d7b5b
…updates-fb4d1d7b5b
…updates-fb4d1d7b5b
…updates-fb4d1d7b5b
…updates-fb4d1d7b5b
…updates-fb4d1d7b5b
…updates-fb4d1d7b5b
…updates-fb4d1d7b5b
…updates-fb4d1d7b5b
Cataldir
deleted the
dependabot/npm_and_yarn/apps/ui/ui-security-updates-fb4d1d7b5b
branch
Cataldir
added a commit
that referenced
this pull request
Apr 14, 2026
UI dependency updates (consolidates #807 and #821): - @next/bundle-analyzer ^15.1.6 -> ^15.5.15 - @next/eslint-plugin-next ^16.2.0 -> ^16.2.3 - @types/node ^22.10.5 -> ^22.19.17 - @typescript-eslint/eslint-plugin ^8.19.1 -> ^8.58.1 - @typescript-eslint/parser ^8.19.1 -> ^8.58.1 - autoprefixer ^10.4.20 -> ^10.4.27 - eslint-config-next ^15.1.6 -> ^15.5.15 - @playwright/test ^1.53.2 -> ^1.59.1 - postcss ^8.4.49 -> ^8.5.9 - prettier ^3.4.2 -> ^3.8.2 - dpdm ^3.14.0 -> ^3.15.1 - flatted 3.3.3 -> 3.4.2 (security) - lodash 4.17.23 -> 4.18.1 (security) Developer experience: - Add 5 UI debug launch configs (Next.js server+client, Edge attach, Jest current file, Jest all, Playwright E2E headed) - Recovered from stash on issue/778 branch
Cataldir
added a commit
that referenced
this pull request
Apr 14, 2026
UI dependency updates (consolidates #807 and #821): - @next/bundle-analyzer ^15.1.6 -> ^15.5.15 - @next/eslint-plugin-next ^16.2.0 -> ^16.2.3 - @types/node ^22.10.5 -> ^22.19.17 - @typescript-eslint/eslint-plugin ^8.19.1 -> ^8.58.1 - @typescript-eslint/parser ^8.19.1 -> ^8.58.1 - autoprefixer ^10.4.20 -> ^10.4.27 - eslint-config-next ^15.1.6 -> ^15.5.15 - @playwright/test ^1.53.2 -> ^1.59.1 - postcss ^8.4.49 -> ^8.5.9 - prettier ^3.4.2 -> ^3.8.2 - dpdm ^3.14.0 -> ^3.15.1 - flatted 3.3.3 -> 3.4.2 (security) - lodash 4.17.23 -> 4.18.1 (security) Developer experience: - Add 5 UI debug launch configs (Next.js server+client, Edge attach, Jest current file, Jest all, Playwright E2E headed) - Recovered from stash on issue/778 branch
Cataldir
added a commit
that referenced
this pull request
Apr 15, 2026
* chore(deps): bump fastapi 0.135.3, uvicorn 0.44.0, azure-ai-projects 2.0.1, redis 7.4.0 Consolidates Dependabot PRs #816, #817, #818, #823, #824, #825, #846 into a single update to avoid cascading uv.lock conflicts. - fastapi: 0.115.0 -> 0.135.3 - uvicorn: 0.32.0 -> 0.44.0 - azure-ai-projects: 2.0.0b4 -> 2.0.1 - redis: 5.2.0 -> 7.4.0 - All uv.lock files regenerated * chore(deps,dx): bump UI deps and add debug launch configs UI dependency updates (consolidates #807 and #821): - @next/bundle-analyzer ^15.1.6 -> ^15.5.15 - @next/eslint-plugin-next ^16.2.0 -> ^16.2.3 - @types/node ^22.10.5 -> ^22.19.17 - @typescript-eslint/eslint-plugin ^8.19.1 -> ^8.58.1 - @typescript-eslint/parser ^8.19.1 -> ^8.58.1 - autoprefixer ^10.4.20 -> ^10.4.27 - eslint-config-next ^15.1.6 -> ^15.5.15 - @playwright/test ^1.53.2 -> ^1.59.1 - postcss ^8.4.49 -> ^8.5.9 - prettier ^3.4.2 -> ^3.8.2 - dpdm ^3.14.0 -> ^3.15.1 - flatted 3.3.3 -> 3.4.2 (security) - lodash 4.17.23 -> 4.18.1 (security) Developer experience: - Add 5 UI debug launch configs (Next.js server+client, Edge attach, Jest current file, Jest all, Playwright E2E headed) - Recovered from stash on issue/778 branch * fix(ui): correct dev script and update tsconfig for Next.js 16 - Fix 'next' -> 'next dev' in package.json dev script (was causing yarn dev to exit with code 1) - Update moduleResolution to 'bundler' (mandatory for Next.js 16) * fix(deploy): restore provision-by-default posture and auto APIM sync - skipProvision defaults to false; skip-provision is now emergency-only - APIM sync/smoke triggers on actual service changes, not force-only - Remove redundant workflow_dispatch inputs (autoAllowAcrRunnerIp, skipApiSmokeChecks) - deploy-foundry-models gates on infra_changed instead of agents_changed - Fix skipProvision expression for workflow_run (was always true) - Update docs and governance to match new posture
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the ui-security-updates group with 2 updates in the /apps/ui directory: flatted and lodash.
Updates
flattedfrom 3.3.3 to 3.4.2Commits
3bf09093.4.2885ddccfix CWE-13210bdba70added flatted-view to the benchmark2a02dce3.4.1fba4e8fMerge pull request #89 from WebReflection/python-fix5fe8648added "when in Rome" also a test for PHP53517adsome minor improvementb3e2a0cFixing recursion issue in Python tooc4b46dbAdd SECURITY.md for security policy and reportingf86d071Create dependabot.yml for version updatesUpdates
lodashfrom 4.17.23 to 4.18.1Release notes
Sourced from lodash's releases.
Commits
cb0b9b9release(patch): bump main to 4.18.1 (#6177)75535f5chore: prune stale advisory refs (#6170)62e91bcdocs: remove n_ Node.js < 6 REPL note from README (#6165)59be2derelease(minor): bump to 4.18.0 (#6161)af63457fix: broken tests for _.template 879aaa91073a76fix: linting issues879aaa9fix: validate imports keys in _.templatefe8d32efix: block prototype pollution in baseUnset via constructor/prototype traversal18ba0a3refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)b819080ci: add dist sync validation workflow (#6137)